i2 Analyst’s Notebook
Strengths: Quick and easy-to-use analytical tool that adds power to the forensic analysis process.
Weaknesses: None that we found.
Verdict: If one is doing a lot of deep digital forensic analysis, this is a must-have. Analyst’s Notebook is SC Lab Approved.
SummaryAnalyst's Notebook is a bit of a different beast for a digital forensic review, but make no mistake: This is a powerful addition to any digital forensic tool box. While the product does not perform forensic testing per se, it does provide a significant tool for analyzing forensic data of many kinds. In fact, this is the type of tool whose benefits are limited only by one's imagination.
The solution is a link analyzer. That means it has as its overarching purpose identifying non-obvious relationships between linked entities. Those entities can be people, places, things or metadata. In fact, entities subject to useful analysis by Analyst's Notebook can be anything that could have a relationship of any kind.
The development of a graphical chart that accurately represents these types of relationships is a solid tool both for analysis and presentation to a lay audience, such as a jury. The process can begin by recording data pairs in related categories - source and destination addresses, for example - in a spreadsheet. The link analyzer then accepts that as input and develops a graphical representation of all of the data pairs. There are other ways to input data as well.
The tool is remarkably flexible, and chart layouts can be any of several styles. Further, relationships can be predetermined, or users can create more complex ones.
Documentation is first rate, the product is a snap to use - with an excellent and intuitive user interface - and support is solid. At just under $5,500, it may seem pricey at first, but if one needs to go through hundreds of thousands of data pairs, a top-notch program such as this is really needed.