Running entirely in memory, ISEEK is the embodiment of a patented process. It is an automated tool that can be deployed to run concurrently across any number of computer systems where it operates invisibly in accordance with an encrypted set of instructions. The results of ISEEK's processing are encrypted and sent to a location specified in the set of instructions which can be a local drive, a network share or cloud storage.​

Stand-alone utilities enable the creation of the encrypted set of instructions and the ability to review and process the contents of encrypted results containers.

Once ISEEK has been used to pinpoint the required data and reduce the volume for further review it enables multiple encrypted results containers to have their contents extracted in a number of different formats (with optional XML metadata) for ingesting by a review tool. These formats include generic load files and a Relativity-specific load file. An API is also provided to enable the encrypted results containers to be directly accessed.

  • Runs without the need for indexing

  • Searches across all drives and network shares

  • No installation required

  • No dongles involved

  • Defensible and verifiable data collection

  • Fast search engine featuring parallel processing

  • Searches live/locked documents including email, compressed files and all document types

  • Produces 256 AES encrypted, password-protected output stores

  • Export responsive content to review tools

  • Automatic file inclusions and exclusions

  • Captures metadata on all files collected

  • The requirement for De-Nisting is removed

  • Covert operation


The work of creating indexes in order to find specific data is time consuming, disruptive and labor intensive. XtremeForensics now provides the solution to these issues with ISEEK; a fast, autonomous tool with NO requirement to install software on the endpoints, such as 'dumb agents'. There is also NO requirement for specific software to be running on the endpoints (or that needs to be shut down to unlock files)..


ISEEK can be deployed across any size network or just a single device, even by email.  It doesn't create background indexes, use up freespace or stress corporate network bandwidth while trying to move data or analyze endpoints.  Making images is no longer required to process authenticated data on live machines.   

Expensive human resources can now be turned to better uses since there is no requirement for ‘hands-on' as part of the ISEEK search and recovery process.

ISEEK replaces ‘indexing’ with a patented search method which accurately and reliably locates responsive data on multiple endpoints in parallel. With this new approach ISEEK is not a tool that simply falls into any one category because its role simply depends on the settings applied in the configuration file and the aims of those who deploy it. One day it may be used for an eDiscovery matter, the next day the same organization could use it to help detect a security breach.

At least 90% of analysed data is typically left on the target machine​

  • No volume charges

  • With ISEEK it is now possible to query thousands of machines concurrently anywhere on earth without a human having to travel

  • No network disruption

  • Dramatically reduce the volume of data being fed into the review / hosting processes.   

  • The security risk associated with collecting corporate data is eliminated because the data is secured at all times using AES256 encryption (even in memory).

  • The ISEEK process is ‘language neutral’ because it employs a patented disk level search algorithm. 

  • ISEEK removes the limitations imposed by the indexing approach.  It is especially (and uniquely) effective for non-English symbolic-based languages and complex search/processing parameters.

  • ISEEK provides first-tier review of all data processed in a secure environment with all data encrypted at all times.

ISEEK provides functionality to:


  • Process then collect artifacts such as event logs, Windows log files, pagefile, hiberfil, swapfile.

  • Process then collect USN journals, registry files, scrum databases and db tables as well as deleted files.

  • Generate summary reports and capture all LNK files, text files, shellbag entries and prefetch files (within specific date ranges if required).

  • Search and report Registry 'last write' dates within specific date ranges if required).

  • Collect and/or report on all files containing executable code regardless of file type or extension.

  • Capture system memory images (very effective due to ISEEK’s  low memory footprint).

  • Process and capture Sqlite databases and logs of all types.

  • Process and collect deleted files in all NTFS and FAT filesystems.

  • Identify executable files in unusual locations as well as unknown executable code.

Analysis/audit approaches  previously considered impossible, impractical or too expensive can now be adopted.

Auditors are able to audit entire networks quickly and easily by deploying ISEEK in list-only mode which means only spreadsheets containing metadata are collected (which are small enough to be sent by email).


Sample tasks include:

  • Identify systems/applications that have not been authorized for use.

  • Monitor and report compliance with company IT policies.

  • Audit software licensing. 

  • Inspect systems for PPI or credit card data stored inappropriately.

  • Inspect systems for misuse (e.g. TFN, movie/web email or browser use).

© Copyright 2020 XtremeForensics
  • Grey LinkedIn Icon