Major features are:

• 32bit application – modern, efficient and user-friendly.
• High-performance – maximises the benefit of modern machines.
• Extremely fast file and word search times – gigabytes of data can be searched in seconds.
• Extensive range of file viewers.
• Full range of utilities for fast low-level interrogation.
• Seamless handling of different file systems – see GenX.

What does GenTree do?
GenTree is a very powerful computer investigation tool for the serious computer investigator. It has an Explorer-type interface, which allows full access to all the processed data produced by GenX and GenText. The file system data is organised into separate directory views for easy navigation and management. Within each view the original directory structure from the original disk is retained.

Map on Demand
If an image is to be investigated as a matter of urgency, GenTree can be pointed at an image file and the image mapped (processed) as the directory tree is navigated. This means that:

• No previous processing is required
• Database is automatically built whilst navigating directory tree
• Viewing of different file systems is seamlessly handled (dependent upon GenX modules enabled).
• The user can swiftly view all files within each volume within the image

File Viewers
A variety of viewers is essential when performing an investigation. GenTree has a very wide range of viewers, to allow files to be examined in various ways and at all levels:

• Original viewer (like original application)
• Raw viewer (every byte within the file plus sector and cluster boundaries)
• Raw viewer – filtered (like Raw but only textual data returned)
• Typed viewer (typed text only)
• Sector view (each sector for the file)
• Thumbnail view (ideal for graphic files)
• Slideshow (again, ideal for graphic files)
• Launch (to launch an associated application) ***

Word Search Engine
The GenTree search engine is second to none. It takes only seconds to search gigabytes of data – and obtaining fast results can often be crucial during the course of an investigation. Complex queries can be easily built and the many filters and features ensure that searches can be tailored to specific requirements. Time-consuming brute force searching is not required.

Filters include:

• File name
• File type or category
• File date and time stamps
• File system areas
• Boolean operators
• Substrings
• Wordstems
• Soundex ("sounds like")
• Case sensitivity
• Accent sensitivity

Features include:

• Word dictionaries
• Saving of search queries
• Comprehensive and clear search results
• Saving of search results
• Reloading of search results
• File tagging

Word Search Results
 

Flexibility and Control
A vast number of other options are available which are invaluable during the course of a computer investigation:

• Logical sector searching (sector-by-sector string search).
• Data trawl (retrieves files from deleted partitions, high-level formatted drives, free space, unused areas of the disk).
• Cluster mapping (shows volume cluster usage and file positioning).
• Timeline analysis (for analysing file movements across a time span).
• Printing and exporting options.
• Numerous copying options – including CD output options ***
• Hashing options (for grouping files/directories for inclusion/exclusion).
• Flat and hierarchical directory views.
• Tag list management.

Investigation Services
Computer investigations must be carried out by professionals who are experienced both with the Law and IT. Our highly experienced in-house Investigation Services Team are all government trained specialists and are available to assist with all levels and types of computer investigation, including high-level sophisticated fraud, email/Internet abuse, intellectual property theft, downloading of inappropriate material etc.