Transcript
I
mur-'" *1('flK
ifil4f<'l4 ~ 311 4 ifi( m~T'Ii(~) 12, U"TT 1Itm~ 'QUfoII PI.
~(~)(1I0)
I~;,"" (.1,,)
of \nCOf1lO TIUI. (hl'l )
Information to be supplied as a part of Quotationffender The interested parties are requested to provide the following information alongwith quotations/tenders: I.
2. 3. 4. 5.
Name & address of the tenderer. Nature of business. Income Tax assessment particulars, PAN. Service Tax Registration / TIN Registration. Purchase orders awarded by other Gov!. Organizations earlier.
Forensic Imaging Device This high-speed solution captures and authenticates at speeds over 30 GB/min. It can Image & verify from 4 source drives to 5 destination drive simultaneously. This sophisticated but easy to use solution features built-in support to capture from SATA/IDE hard drives and flash media; optional support for both SCSI and SAS hard drives, built-in USB and fire wire connectivity, and provides the highest level of authentication with SHA1, MD5 and SHA-256 hash computed concurrently.
• • • • • • • • • • •
• •
• • • •
Should have extremely Fast Imaging speeds of 23GB/min, speed with SAS/SATA-3 6GB/s should be 30GB/min. Should support multiple Image Formats, native or mirror copy, dd image, e01, ex01 (e01 and ex01 with compression) and file-based copy. "Should have multiple Imaging Ports: Write-protected source ports include: 2 SAS/SATA 1 USB 3.0 (should be converted to SATA using an optional USB to SATA adapter) 1 Fire wire 1 SCSI ( using the SCSI Module Option)" Destination Ports should include 2SAS/SATA , 2 USB 3.0 (can be converted to SATA using an optional USB to SATA adapter), 1 Firewire and 1 SCSI (using the SCSI Module Option) Should have a Gigabit Ethernet port for network connectivity. The unit should include a USB 3.0 device port for drive preview and two USB 2.0 host ports Should be able to Perform up to five tasks concurrently. Should have capability of Parallel Imaging, Simultaneously perform multiple imaging tasks from the same source drive to multiple destinations using different imaging formats Should have Web Browser/Remote Operation to allows to connect with device from a web browser Should have broad Interface Support, Built-in support for SAS/SATA/USB/Firewire storage devices. Supports 1.8″/2.5″/3.5″ IDE and 1.8″ IDE ZIF and microSATA. Adapters for eSATA, mSATA and flash drive Should support M.2 SSD hard drive that use the PCIe interface as well as the SATA interface, PCIe Express cards and mini-PCIe express cards. Should have PCIe Express Cards & Mini-PCIe Express Cards to support PCIe-based storage expansion cards for PCs and laptops Should Image to External Storage Device such as a NAS, using the Gigabit Ethernet port, USB 3.0 or via the SAS/SATA connection. Should have optional SCSI Module , 1 write-protected SCSI source port and 1 SCSI destination port
• • • • • • • • • • • • • • • • • •
Should be able to image from a desktop or laptop computer without removing the hard drive from the computer Should Image from a MAC system booted in “target disk mode” using the write-blocked FireWire port on Should have error granularity setting:, Drive error handling and configurable error granularity feature Should have 7″ Touch Screen with an easy-to-use interface that provides easy navigation through all operations Should detect and capture Host Protected Areas (HPA) and Device Configuration Overlay (DCO) hidden areas on the source (suspect) drive Should have forensic, Filter-Based File Copy, users can filter and then image by the file extension (such as .PDF,.xls, .JPEG, .mov etc.). Should Image to or from a Network Location using CIFS protocol and/or image from a network location using iSCSI Should have ability to preview the drive contents directly Should have network Push Feature to Push evidence files from destination drives to a network location in a very secure way Should Concurrent Image and Verify: Should have feature to save configuration settings and set password-protected user profiles. Should generate Audit Trail Reporting/Log Files in XML, HTML or PDF format Should Secure sensitive evidence data with whole drive AES 256 bit encryption Should allow to manipulate the DCO and HPA area of the destination drive so that the destination drive’s total native capacity matches the source drive Should Allow users to set specific tasks to be performed sequentially Should have feature to set a specific “time-out” for hard drives connected Should capture from one large capacity drive to two smaller capacity drives Should have USB Host Ports and HDMI Port for connecting keyboard, Mouse and with projector
Forensic Tool Kit Specifications: Should be able to create images, process a wide range of data types from forensic images to email archives, analyze the registry Should have KFF hash library with 45 million hashes. Advanced, automated analysis without the scripting. Wizard-driven processing ensures no data is missed. o Cancel/Pause/Resume functionality o Real-time processing status o CPU resource throttling o Email notification upon processing completion Pre- and post-processing refinement Advanced data carving engine allows you to specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness. Single node enterprise o Should be able to install a persistent agent on a single computer to enable the remote analysis and incident response capabilities o Should be able to preview, acquire and analyze hard drive data, peripheral device data, and volatile/memory data on Windows®, Apple® OS, UNIX® and Linux® machines. o Should have capability to uninstall the agent at any time, and push it out to a different computer for multi-machine analysis. o Should be easy, wizard-driven agent deployment. o Should have secure remote device mounting capability using the Pico agent. Advance Volatile/Memory Analysis o Should support 32-bit and 64-bit Windows® OS o Should have comprehensive analysis of volatile data o Should be able to do static RAM analysis from an image or against a live system Should enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context. Should dump a process and associated DLLs for further analysis in thirdparty tools. Should be able to do memory string search to allow examiner to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
Should be able to provide VAD tree analysis and exposes registry artifacts in memory and parse and display handle information from memory. MAC features o Should be able to process B-Trees attributes for metadata o Should support PLIST support o Should have SQLite database support o Should have apple DMG and DD_DMG disk image support o Should have JSON file support Should support regular expression in index searching to allow examiner to search for advanced combinations of characters within indexed data. Broad file system, file type and email support o Should have support for 700+ image, archive and file types o Should have support for Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833 o Should be able to analyze DMG (compressed and uncompressed), Ext4, exFAT, VxFS (Veritas File System), Microsoft VHD (Microsoft Virtual Hard Disk), Blackberry IPD backup files, Android YAFFS / YAFFS 2 and many more. o Should be able to create and process Advanced Forensic Format (AFF) images. Should automatically decrypt (with proper credentials) Credant, SafeBoot, Utimaco, SafeGuard Enterprise and Easy, EFS, PGP, GuardianEdge, Pointsec and S/MIME. Should be able to identify encrypted PDFs. Should have support for Explicit Image Detection (EID) for auto-identification of potentially pornographic images. Should be able to generate detailed reports in native format, HTML, PDF, XML, RTF, and more - with links back to the original evidence. Should be able to define Registry Supplemental Reports (RSR) during pre-processing or additional analysis. Should have capability to see which files could not be processed or indexed with the Processing Exception/Case Info report. Should be able to create a CSV of processed files that can be imported into Excel or a database application. Should be able to export MSGs for all supported email types. Should be able to identify PDF files through the PDF file system. Should highlight index search hit for PDF files in the natural view. Should have support for a new OCR engine. Should allow the user to send registry files to Registry Viewer from FTK even if the files have not yet been identified. Should be able to provide automated graphical timeline construction and analysis of social relationships. Should be able to take screenshots of visualization analysis to include in case reports.
Should have support of below mentioned mobile device types: Chinese MediaTek (MTK) Android ™ (including full user data extraction from rooted devices) Windows ® Blackberry ® LG, Nokia Series 30/40, Samsung, Motorola, ZTE, Sony Ericsson and more. Should have the capability to make physical image of All Samsung Galaxy Series II Android devices Should be able to bypass password protection and conduct full partition imaging of All Samsung Galaxy Series II Android devices. Should be able to do physical and logical acquisition of iPhone ® (both CDMA and GSM), iPad ® and iPod Touch No jail breaking should be required Should be able t acquire physical and logical data simultaneously, without the need for iTunes. Should be capable of On-the-Fly Decryption of Operating System and Logical Data. Should be able to Import folders and files containing an iTunes Backup. Should use a mounted image, point to the iTunes folder. Should have support for both encrypted and non-encrypted backups. Should have timeline Viewer to illustrate SMS, EMAIL, MMS and Call Logs for any selected timeframe. Should have a Social Analyzer to illustrate SMS, EMAIL, MMS and Call Logs for selected contacts – comparing each with all selected. Should come with internet/chat analysis enhancement Should be able to reconstruct web pages. Should be able to parse and bookmark individual records from within the Google Chrome artifact tables. Should come with 30+ additional Internet artifact carvers, identifying files from programs such as Facebook, Dropbox, Skype 3 and more. Should come with Microsoft Photo DNA. Should come with password recovery tool Kit (PRTK) Should have automatic language identification feature.
Mobile Phone Forensic Acquisition Logical and physical extractions advanced parsing and analysis, Google Earth integration, file sorting, and comprehensive reporting gives examiners more for their money. With analysis features such as logical and physical acquisitions, file system acquisitions, password bypassing, advanced data parsers, file viewers, Google Earth integration, a back end database for handling the large amounts of data contained in smart phones, and much more, investigators will be able to perform a completed examination and report on all data acquired. This kit comes with all required cable set and toolbox.
•
Logical Data Extraction User data such as call logs, SMS (text messages), contacts, pictures, etc. can easily be acquired.
•
Physical Data Extraction Full physical acquisitions including file system and deleted data can be performed on many devices including most CDMA phones. Android phones, and some GPS devices.
•
User Password Extraction User password recovery of mobile devices and make or break a case. Should extracts user passwords from hundreds of devices including iPhones (physical extractions), Androids (screen locks), and more.
•
Integrated Google Earth GPS data points can be extracted from GPS devices as well as cell phones. should allows to view these GPS coordinates easily by integrating with Google Earth.
•
Advanced Data Parsers Should have advanced data parsers to display user data and to recover deleted data from both logical files and physical extractions
Other Specifications •
• •
Should be able automatically highlight extract and correlate intelligence items such as PAN Card, telephone, Company Name, IP Address, Currency Symbol, URL, Country Name, credit card, bank account and social security numbers and email addresses. Should be able to do evidence pre-filter on the basis of folder selection and MIME,type to quickly examine only useful Information In case. Should come with four workers for fast indexing the higher volume size.
•
• • • •
• • • • • • • • • • •
• • • • • • •
Should have precise skin tone analysis to analyse data sets of any size to locate inappropriate Images with advanced image colour analysis features such as black and white, grey scale, tinted monochrome and full colour detection. Should be able to Ingest and recover deleted data from E01, L01, DD Images directly created from FAT-12, FAT-16, FAT-32 and NTFS file system volumes. Should have capability to interactively search and filter data using the complete search syntax with multiple criteria simultaneously. Should be able to drill down into full metadata with custom metadata addition facility. Should be able to create material for external presentation by printing graphics to a local printer, exporting graphics to PNG, JPG, PDF or SVG formats and exporting tabular data to PDF or Microsoft Excel. Should have facility to identify and filter the Items on the basis of language. Should have Event Map graphical representation to track communication quickly in smart way to understand when, who and whom. Should be able to provide Network view to understand the number of communication threads. Should be able to de-duplicate on custodian basis or over all case. Should be able to show similar and duplicate copies of Items. Should be able to ingest and analyse ;XRY and UFED physical images In case. Should have capability to search Items through MD5 hash and multiple keywords list. Should have manual and bulk reduction feature. Should be able to automatically decrypt PGP and S/MIME encrypted email with the ability to programmatically apply keys and passwords during ingestion. Should be able to create half tera byte case in one go. Should be able to apply useful syntax to extract valuable data I.e. Itemdate[* TO-7Y] to find items older than 7 years before today, dateproperties:" mapl*":(20010101 TO 20020202] and date properties;"mapl*":{20010101 TO *}. Should be able to combine multiple cases for finding correlation among the suspects. Should be able to summarize document In five sentences and create topic modeling on the basis of 7 most frequent words. Should be able to extract thumbnails from a movie file supported by ffmpeg. Should be able to analyze the case with next generation enhanced visual analytics interface to display the data In dynamic charts i.e. column, pie, bar and line charts. Should provide workflow automation to run multiple activities i.e. cutting, exporting, reporting and tagging in single click of mouse. Should be able to build reports including item date trending, MIME types* Item kind by date, tagged Items, pivot report, locations report and search hit report. Should be able to travel back and forth between recently viewed visualizations as well as activities and workflows Investigator have run.
•
Should be able to send email updates on desired email address as each workflow activity completes.
