Database Parsing

Database Parsing in Quin-C

Databases are everywhere. Every meaningful investigation involves a database in one way or another. Database are used to hold just about everything ranging from simple user preferences to detailed financial information. Their importance to forensics investigations cannot be underestimated. Generally if it is important enough to need to store in a database it is valuable information in one way or another. Often forensics applications extract the data directly from the database and presents it in a way that make things simple for the investor. When that happens all is good and the investigator doesn’t need to even know a DB was involved. But when that doesn’t happen, which is often given the number of applications that utilize DBs, the investigator needs another method for interacting with the DB and this in an area in which Quin-C shines. Quin-C introduced DB forensics as an offering about twelve months ago but that initial offering was limited in scope and capability. Those limitations, have been stripped away in the 20190218 release of Quin-C. This release of Quin-C supports advanced Database analysis that in our opinion rivals or exceeds the capabilities of competitive products.

Read More

tleehealey | Tuesday 16 April 2019 - 2:44 pm | | Default | No comments

QView Roadmap & Strategy

QView has finally grown sufficiently large in scope and capability that it is worthy of a blog. My goal here is to drill into QView, explain what it is, where it is going, and hopefully convey at least a small part of the excitement we have in its potential.

Read More

tleehealey | Friday 22 March 2019 - 05:34 am | | Default | No comments
Used tags: , , ,

Summation Parity

20190219 Release

For way too long people have been asking is Quin-C a viable replacement for Summation. Since the inception of that question my answer has always been the same: “What does it matter? They can be run together so Quin-C is additive not a replacement.” Although that is what I said, what I thought was very different. 18 months ago, I thought the answer was no and I was hoping they wouldn’t see the fear in my eyes, 9 months ago I thought the answer was maybe but I was afraid to say it, and now I know the answer is yes. To be clear I still say the same thing because they are complimentary and can be used together and there are plenty of reasons to do that, but after the 20190219 release of Quin-C the feature set in Quin-C so aggressively exceeds what is offered in Summation that I don’t even think it is a reasonable question anymore.  The products work differently so there are still some things in summation that are not in Quin-C and likely will never be but I no longer believe there is a compelling reason for a Quin-C users to ever open up Summation, while I see many reasons for a Summation user to venture into Quin-C with high frequency.  The point of this blog is to highlight why I say that and why I believe Summation users should seriously consider move to Quin-C. With the goal of being organized in my analysis and because Quin-C so exceeds Summation in so many ways I am going to break down my argument into the logical areas of data ingestion, ECA, data review, and finally production.

Read More

tleehealey | Wednesday 27 February 2019 - 01:16 am | | Default | No comments
Used tags: ,