typical users

IT forensics trainers

Existing forensic tools tend to favour user-friendly interfaces to facilitate an investigator’s daily tasks and these are often used when training IT forensics topics; particularly file system properties and artefacts. This can distract learners from the fundamental principles of IT forensics and key points are often overlooked by the automated processes behind these user interfaces.

Tyrhex provides a simple and clear sector based view with instant decoding of values on demand. Offset values are displayed in hexadecimal and decimal, and are are highlighted along with current row and colomn. Information about value size, endianness relevance, artefacts and available slack data are possible and can be used to promote to an intuitive knowledge of the concepts behind the data.

Bookmarks can be used to confirm student hypotheses and can be prepared before training. Colour-coding of bookmarks can also be used to support explanations too.

When discussing byte level concepts, Tyrhex is an essential training aid for digital forensics trainers.

IT student

When following a IT forensics training, Tyrhex allows the student to visualise the values he is working on. Moreover, the hexshow moves into the bytes, with use of features like locking bookmarks and selecting units, helps to realise what is explained into the manuals.

Understanding of concepts and structures is enhanced by the sector view provide by Tyrhex. Errors becomes new experiences and re-doing an exercices leads to acquiring expertise. 

Tyrhex will quickly become the IT forensics student an everyday tool.

IT expert

IT forensic experts often need to cross check forensic software reports. In some circumstances information provided by such tools are not enough and deepter analysis is expected, staight on file system structures, using every byte as piece of valuable information.

By implementing search features combined with state of art algorithms to analyse file systems properties and artefacts, Tyrhex support the IT forensics expert work. Having a clear overview on what is stored on the disk will enhance quality of findings and clarity of explanations.

Last, but not least, the manual volume creation allows to recover files, including all file sytem metadata, by tweaking damaged file systems. Tyrhex is the easiest software supporting this expertise.

The chained jump feature speed up reverse engineering research and history allows to document findings.

lawyers, judges and prosecutors

In order to have a better understanding on the IT evidence kind and admissibility, enhancing awareness and keeping an impartial judgement, a magnifier on byte levels will be a nice supporting tool.

By showing the byte level and the straight content, Tyrhex helps lawyers, judges and prosecutors work. There is a need of knowledges about some IT facts and standards anyway, but having a clear view on what’s the evidence demystify IT experts reports and lead to quality of justice decisions.

Instead the usual approach on « what » is recovered, Tyrhex helps to understand « why » the evidence is important into handled case.

tyrhex © Yves Vandermeer  2015-2017   #tyrhex