What is FEX-LAB?
FEX-LAB is a server-client based system to automate your forensic tasks. In simple terms, FEX-LAB can create cases and process them with distributed agents that can run FEX-Command Line.
But how?
FEX-LAB has 3 main components: Server, Client, Agent
Server manages, well all. Client is the user, a user can launch a web browser or FEX-LAB Desktop program to control the server. Agent executes commands and tasks that are sent by the server. FEX-LAB agents use FEX Commandline software to process files, forensic images just like its big brother FEX Desktop. The difference being, FEX Commandline uses a template to achieve this.
The Template
When we start processing a case, we start doing certain stuff. We recover deleted files, calculate hashes, parse registry, search for certain files, etc. FEX Commandline uses a special XML file (TXML) to do all of these. Simply, we add the tasks we need to the TXML file and the tasks are executed.
Using the FEX-LAB interface, a user can choose the evidence file(s) and create a job by selecting a TXML file. Let’s say you have 2000 E01 files waiting to be processed. You have your TXML file. All you need to do is to select your E01 files and FEX-LAB will take care of the rest. It will distribute the jobs to agents, launch agents if need be and show you the progress.
You can see FEX-LAB at work.
Posts
subscribe via RSS