ISeekDiscovery - A Parallel Forensic Automaton for IR and EDRM

ISeekDiscovery is not a collection application, it is a processing system which allows you to capture processed and investigated data and original native file data by option.   An example would be the $MFT  or Registry reported output, where ISeekDiscovery only captures the keys with search parameters met within other criteria such as specific time frames.  Because humans do not direct or touch anything in ISeekDiscovery during runtime, or interact with any other application, it is vastly different in cost structures to any other investigation approach.  If you can find any EDRM app that outperforms ISeekDiscovery in both accuracy, completeness and time (elapsed and devoted), we will give you a free license to the ISeeK toolset for a year, including our forensic toolset - ILooKIX.   Alternatively, we will make a contribution of the same value in your name to St. Judes Research Hospital, Memphis TN.

The Challenge :

ISeekDiscovery, since it is an automaton, has no man hours devoted to processing or integration.  If your comparison tool is NOT an automaton, has to be installed, or if drivers have to be run or installed, then you will fail the main test requirements for parallel processing.


The basic challenge is a “do it yourself” test and should provide you with viable feedback, regardless of ISeekDiscovery’s outperformance of your current methods.

To take the basic test, simply follow these instructions using your own data or public test data from Xtremeforensics.

  • First, register for the challenge using the form below by listing your search terms, phrases or characters you intend to identify.

  • Add in any other search criteria, such as date or size or path.  We will email you a directive file.  This will allow you to compare results in your environment in a fully objective manner on your own secret data we will never see.   

  • ALTERNATIVELY - you can download one of our test images which includes pre-set search criteria.  You run it with only your tools on your hardware or we will give you the search criteria and you’ll run the same analysis using your own machines and apps, but with our public data (request it below) .   You can then use the same criteria and compare the output to your own methods. For example, if Nuix completed a job in 30 hands-on hours, compared to ISeekDiscovery of just 1 hour on the same equipment, you would have a clear comparison in terms of accuracy and time to complete the task. ISeekDiscovery will report to you by email the findings it produced.  If you want to see the results, we can also send you a key in order to review the native data within ISeekExplorer.


  • Nothing in the test method is in the least deceptive or intended to favour ISeekDiscovery.  It is 100% objective in any segment of the analysis.  Since ISeekDiscovery runs on anything with 4 GB or higher RAM client or server (regardless of Windows version), you will have to reduce your available RAM to the global average of 6 GB.   If your tool cannot run in 6 GB you don’t have a client automaton that will run on ANY endpoint.

  • If your tool matches ISeekDiscovery's accuracy then the time to complete the task would be the only variable you will have to judge.

Select an option
Please select any of the following that apply:

The conditions of making your search criteria are minimal and you can include any of the following options to increase the rigor of the scenario:

  • Use any foreign language or charset encoding

  • Use HEX, REGEX or string parameters, use wildcards, use whole words, use keyboard or non-keyboard methods, use archives, use compression states on filestreams.

  • Use encrypted containers to hide your own search results where finding the encrypted object is considered a success .

  • If the criteria are required for ISeekDiscovery, your test using other tools must show the same criteria and findings in that test output in order to pass.

  • See the Information Page here for further details on the test

Thanks for submitting!