This report describes the features and testing of the Internet Evidence Finder (IEF) Version 5.6.0, which is produced by Magnet Forensics. It is a forensics-grade software application designed for investigators to easily discover Internet artifacts.
IEF can search a hard drive, live RAM captures, or files for Internet-related evidence. IEF can recover evidence within social networking artifacts, instant messaging chat histories, popular Web mail applications, Web-browsing history, and peer-to-peer file-sharing applications. IEF was tested on several different systems and drives. Regardless of the target, IEF was always successful in finding artifacts. IEF consistently found information that was not expected to be found. It provided clear evidence of how the computer under examination had been used over a long period of time. It also discovered evidence that an investigator may not have initially anticipated findings. IEF demonstrated its ability as a tool that can improve the efficiency of investigations that involve digital evidence on computers. Magnet Forensics is constantly updating IEF, so it is expected that this tool will only continue to improve over time. The tool was performed on a 160 GB drive image of an actual case under investigation. This drive was failing and experienced many read errors. Once imaged, IEF was configured to perform a sector-level search. The case involved online chat. Extensive figures and exhibits