Products

Forensics & Cyber Security Tools

Products Overview

Sold worldwide, with customers in 21 countries, WindowsSCOPE tools and accessories are a must have for Incident Response and Law Enforcement use cases. They enable live cyber forensics, reverse engineering, and crime investigations as well as   other cyber-defense/analysis activities pre attack, for both user and kernel space. All information is deconstructed from raw memory. For example, they allow interactive visualization of all key applications and kernel, and extraction of critical data  in memory even after applications were closed. WindowsSCOPE Cyber Forensics accessories include in addition a hardware-assisted near-zero memory footprint memory-acquisition device, as well as, forensic device providing access to locked computers.

Several tutorial movies that will show you WindowsSCOPE in action are available from the Movies/Tutorials page.

WindowsSCOPE Cyber Forensics

A GUI-based memory forensic capture and analysis toolkit. Allows for the import of standard WinDD memory dumps which are then automatically reverse engineered and presented in an easy-to-view format for forensic analysis in a central location. It includes advanced search capabilities to find visited URLs, credit cards, logins, names, etc. and provides the most sophisticated memory forensics analysis for security breaches. Applications include digital forensics, crime investigation, cyber defense & attack detection, and other reverse engineering activities.

Buy

WindowsSCOPE Forensic Archiving Appliance

A high performance forensic appliance capable of performing network-wide live memory forensics, forensic archiving and incident response. Through the use of the WindowsSCOPE Cyber Forensics – Appliance, with TBs of storage, the solution is able to periodically collect live memory (snapshots/dumps) network-wide from each node, fully reverse engineer and archive them, and perform sophisticated analyses tracking changes in time and across nodes.

Get a Quote

CaptureGUARD Gateway - Access to Locked Computers

This is an ExpressCard platform that enables access to locked Windows computers allowing live forensic acquisition/analysis in these otherwise inaccessible systems. Watch this video demonstration of CaptureGUARD Gateway bypassing Windows login passwords.

Operates on systems running Windows XP, Windows Vista, and Windows 7 that contain an ExpressCard-34 hotplug slot. For other operating systems or system configurations contact support@windowsscope.com

Buy

WindowsSCOPE Phantom Probe USB Dongle

A USB 3.0 dongle containing the WindowsSCOPE Phantom Probe that complements WindowsSCOPE Cyber Forensics products. This dongle runs the WindowsSCOPE Phantom Probe Agent capable of capturing a WindowsSCOPE snapshot from any supported Windows computer when plugged in.

Buy

CaptureGUARD Physical Memory Acquisition Hardware – PCIe Add-on

This is a PCI Express add-on device capable of imaging the physical memory of the computer it’s connected to. Creates dump files in the standard WinDD format that can be used with WindowsSCOPE Cyber Forensics or with other WinDD compatible dump analysis tools. Connects directly to the physical memory to read contents. Requires a small CaptureGUARD driver to be installed on the system for the device to be recognized and to store memory contents to file.

Buy

CaptureGUARD Physical Memory Acquisition Hardware – ExpressCard

This is an ExpressCard device capable of imaging the physical memory of the computer it’s connected to. Creates dump files in the standard WinDD format that can be used with WindowsSCOPE Cyber Forensics or with other WinDD compatible dump analysis tools. Connects directly to the physical memory to read contents. Requires a small CaptureGUARD driver to be installed on the system for the device to be recognized and to store memory contents to file.

Buy