Tyrhex Mac版(数据取证工具)

Tyrhex Mac版是一款Mac平台的文件数据取证工具，这是一款非常专业的取证软件。软件的开发者是这方面的培训师，发现市面上没有一款好用的工具，于是自己动手写了这个工具。工具会检索文件的元数据并且检验编码，自动提取特定的编码进行展示。开发者具有非常丰富的从业经验，该软件适合专业人士使用。可以到苹果商店免费的下载体验。

Tyrhex基于文件系统取证从业经验。它可以帮助用户了解主要概念这一练习，比较其他法律程序产生的结果，调查损坏的设备和解释结果法庭场景.

功能介绍

核心创新概念：

分离出特定的字节串能力，锁定你想使用作为参考的偏移量，选择一个特定的单元和确定价值和可能使用此值移动到新的位置的值。

历史的书签，重要的数据区可以访问后在特定阶段的分析。

能力寻找损坏的文件系统的文物，通过快速搜索功能，创建虚拟卷的估计性能。体积也可以浏览，因为正在维修。

颜色自动生成编码结合用户定义的书签支持发现和逆向工程技术的解释

一个详细的报告系统，可以用于比较的结果对其他取证工具的输出设置。

强大的Objective-C类用于分析文件系统和文件系统的文物。这类不依赖于外部的算法，这是有用的，检查其他工具产生的结果。

官方介绍

In my extensive experience training IT forensics investigators about file systems and file systems artefacts, I have never found a tool that allows you to easily “explore” evidence, while still maintaining a byte-level view. To my knowledge, this tool does not exist. Therefore I had to develop it!

Tyrhex is based on the experience of file systems forensics practitioners. It can help users understand the main concepts of this practise, compare the results produced by other forensic software, investigate damaged devices and explain results in courtroom scenarios.

Core inovative concepts :

Ability to isolate certain byte strings, lock the offset you wish to use as reference, choose a particular unit and identify the value and possibly use this value to move by the value to a new position.

Historical bookmarking so that important data areas can be accessed later when referring to a particular stage of the analysis.

Ability to search for artefacts in damaged file systems and, by using the quick search features, create a virtual volume with estimated properties. The volume can alos be browsed as it is being repaired.

Automatic generation of colour coded combined with user defined bookmarks to support the explanation of findings and reverse engineering techniques

Provision of a detailled reporting system that can be used when comparing the results to the outputs of other forensic tools.

Strong objective-C classes used to analyse file systems and file system artefacts. These classes are not dependent of external algorithms, which is useful when crosschecking the results produced by other tools.

Used in a classroom, Tyrhex, provides visual support all logical structures that are embedded in file systems.