Categories
Windows

Internet Evidence Finder versions

Declutter the HDD space by removing obsolete files
Versions Review Comments Questions & Answers (1)
6.7
Oct 16, 2015
Review
6.6
Jun 3, 2015
6.5
Nov 24, 2014
Review
6.4
Jun 25, 2014
6.3
Mar 7, 2014
6.2
Nov 1, 2013
6.1
Oct 29, 2021
x86
6.0
Apr 12, 2013
5.7
Dec 10, 2012
5.4
May 9, 2012
Editorial review
rating
5.0
Feb 8, 2012
Review
4.3
Nov 10, 2011
4.2
Jun 16, 2011
Review
x86 3.8 MB
4.1
Apr 23, 2011
4.0
Jan 13, 2011
3.6
Oct 22, 2010
Review
x86 3.8 MB
3.5
Apr 17, 2010
3.0
Nov 17, 2009
2.0
Sep 7, 2009
1.2
May 11, 2009

What's new

v5.4 [May 9, 2012]
Native image mounting (.E01/'dd' images)
Live RAM Captures - 32/64bit OS support (Triage Edition)
Drive Imaging (Triage Edition)
Automated Encryption Check (Triage Edition)
Updated UI and improved speed (up to 20% faster)
Multiple drives/volumes can be selected
All recovered data saved to SQLite database
Brand new Report Viewer with Search, Filter, Bookmarking capabilities - view recovered data as it is found
New customizable, simpler "preset" searches
New "Search Alert" feature
Removing duplicates now optional
All sector offsets now map to a physical offset (vs logical)
IEF Triage is shipped on a 16GB thumb drive to accomodate RAM captures

v4.2 [Jun 16, 2011]
New features in IEF v4 include:
- New, simplified Graphical User Interface
- 11 new searches for grand total of 30 artifacts IEF can search for (see below)
- The file system is now also searched instead of just a sector level search
- Can search Unallocated Clusters only, optionally including file slack space
- On NTFS drives, the MFT (Master File Table) is searched for resident deleted files
- All recovered data outputs to a report case folder now and viewed with the IEF Report Viewer, full report can be created or data exported to multiple formats
- Yahoo!® Messenger existing log files are now parsed without requiring usernames
- Yahoo!® Messenger chat log validation has been improved, with support for date ranges and message text filterin
- The compressed data in Hiberfil.sys files is decompressed on-the-fly during searches making it easy to recover artifacts within these files
- 5 total search functions (Quick, Full, Unallocated Only, Full – Sector level, and Files/Folders)
- Major re-write of most old searches and program code to improve speed and stability
- Facebook® live chat search completely rewritten to find even more chat, including damaged fragments
- Facebook® unicode text is now converted
- Updated MSN®/Windows Live Messenger® search re-written to find more chat, faster
- New Portable Edition that can run on live systems
- Portable and Standard versions can both access locked files such as the Pagefile.sys file on a live system
- Volume Shadow Copies can be mounted and searched (Quick Search or Full – Sector Level Search) in the Portable Edition

Read more

Alternative downloads

Registry Trash Keys Finder
Registry Trash Keys Finder
Free
rating

Registry Trash Keys Finder (TrashReg) is an advanced Registry cleaning tool.

Garbage Finder
Garbage Finder
rating

Garbage Finder keeps your disk clean and deletes unused files.

Free Picture Finder
Free Picture Finder
rating

Image finder and image downloader.

Duplicate Finder for Windows Mail
Duplicate Finder for Windows
rating

Find message copies in Windows Mail.

Evidence-Blaster 2009
Evidence-Blaster 2009
rating

Evidence Blaster software is a very effective system cleaning software.

Popular stories

See all
Windows 10 to 11 upgrade: how to clean drive afterwards

Windows 10 to 11 upgrade: how to clean drive afterwards

ChatGPT’s search now available to all registered users

ChatGPT’s search now available to all registered users

How and why to run Check Disk on Windows

How and why to run Check Disk on Windows

Beyond Black Friday: consistently low prices at these stores

Beyond Black Friday: consistently low prices at these stores