Sumuri
The name “SUMURI” is an old Tagalog word which can be interpreted as “to investigate” or “analyze”.
The heart of SUMURI consists of simple core values that should exist in any company such asours but are hard to find in today’s business models. Core values such as honor, integrity, loyalty, positive attitude, dedication and most important above all – altruism.
RECON ITR is the premier solution for macOS Imaging, Triage, and Reporting that is designed for both novice and advanced users.
RECON ITR is an indispensable and versatile tool for getting answers quickly within minutes.
RECON ITR includes hundreds of plugins that automatically parse thousands of artifacts from macOS, Windows (via Boot Camp), and iOS backups.
RECON ITR processes and finds evidence provides answers quickly without the need for a separate data collection and additional processing required by other more expensive solutions. RECON ITR is an ideal solution for law enforcement consent searches and probation and parole home visits. With the ability to preconfigure templates, only limited training is needed. RECON ITR can also be used for corporate investigations, employee compliance, and protecting intellectual property.
RECON ITR can perform historical analysis of data and generate thousands of reports to document what was found in minutes.
RECON ITR includes RECON IMAGER and a built-in write-blocker to image live systems and Macs connected in Target Disk Mode.
RECON ITR is designed natively on macOS to take full advantage of the power within macOS. Other forensic tools, including those that run on a Mac, were ported from non-native operating systems and experience limitations. Instead of utilizing native macOS libraries, they rely on reverse engineering and third-party applications, which can lead to missed data, improper interpretation of data, and slower processing times.
RECON ITR utilizes native macOS libraries, so support for new macOS file systems and artifacts is quick or instantaneous.
RECON ITR comes with one full year of free updates and support.
PALADIN is a bootable forensic Linux distribution based on Ubuntu and is
developed and provided as a courtesy by SUMURI. The boot process has been
modified to assure that the internal or external media of computers and devices are not modified or mounted.
PALADIN is available as an ISO which can be used to make a bootable DVD or USB.
Once booted, the user will find a host of precompiled open-source forensic tools that can be used to perform various tasks.
The centerpiece of these tools is the PALADIN Toolbox. The PALADIN Toolbox
has combined and simplified multiple forensic tasks into an easy to use GUI
(graphical user interface) that requires minimal training and does not require users to utilize the command line.
The “engine” that runs the PALADIN Toolbox is a combination of applications
that have been used by forensic examiners and investigators for years and have withstood scrutiny in many courts of law.
RECON LAB is a full Forensic Suite that supports numerous file systems such as Windows, macOS, Linux, iOS, Android and more. RECON LAB was created to solve multiple problems inherent in other forensic tools and to expedite processing and analysis without sacrificing the quality of the exam.
RECON LAB was designed, developed and runs on macOS. MacOS was the only logical choice for developing a modern forensic tool to support the most common and largest number of file systems and artifacts without losing data.
The most difficult file system and operating system (OS) for most forensic tools to support is macOS. Mac understands itself and can interpret its own artifacts. This is not true of other file systems, operating systems, and other forensic tools as they do not natively support macOS and its artifacts.
In addition to supporting its own file system and artifacts, macOS supports a multitude of other file systems and the artifacts of Windows, Linux, Unix and many more.
RECON LAB is the only full Forensic Suite designed natively on macOS to take full advantage of the power within macOS. Other forensic tools that run on a Mac were ported from other non-Mac operating systems and experience limitations. Instead of utilizing native macOS libraries they rely on reverse engineering and third-party applications which can lead to missed data, improper interpretation of data and slower processing times.
RECON LAB primarily relies on native macOS libraries so support for new macOS file systems and/or artifacts is quick or instantaneous.
RECON LAB comes with one full year of free updates and support.
CARBON is a forensic virtualization application contained within a bootable forensic Linux distribution based on Ubuntu. CARBON is designed for both novice and advanced users.
CARBON has the ability to virtualize a Windows computer, bypass login credentials allowing access to a user’s desktop for triaging and documentation without the need for imaging or disassembly.
CARBON can also virtualize a variety of forensic image formats and virtual hard disk formats in a forensically sound environment. This is done within a protected environment without making any changes to the image file or the host system.
CARBON contains automated plugins that can parse thousands of artifacts from popular Windows applications. Examiners can triage internal disks, disk images, or attached media that contains a Windows operating system with CARBON and get answers in seconds. Examiners have advanced reporting capabilities, which include the ability to capture screenshots and videos of the original user’s system to make reports easier to understand for non-technical readers.
CARBON includes imaging and built-in write blocking for internal and attached devices with the PALADIN Toolbox.
