SPEKTOR DRIVE is available as a bootable USB stick or Mac expansion card that temporarily turns your PC or Apple Mac into a powerful, fully functional SPEKTOR Forensic Intelligence appliance.

Rapid Data Collection

Our unique ultra fast collection technology means that SPEKTOR collects in minutes. Deployed against LIVE or powered-off systems, SPEKTOR finds target data based on signatures and/or file extentions, recovers deleted files, collects volatile memory and comprehensive file information.

Comprehensive, Safe, Fast and Secure

Collect targeted data or conduct a full forensic image from removable media such as hard disk drives, usb sticks and memory cards. SPEKTOR fully supports collections from Windows, Apple or Linux based machines.

Accepted Forensically & Evidentially

SPEKTOR uses standard & accepted forensic techniques to preserve & protect original data while creating full forensic images or collecting targeted files. SPEKTOR captures details about every file on a system and calculates MD5 and SHA1 hashes for all collected data.

Unlimited Collectors

SPEKTOR uses standard removable USB devices as ‘Collectors’ so you can process as many targets as you like simultaneously.

Couple this with an easy to use 6 step wizard and you’ve got the ultimate digital triage, forensic imaging and automated analysis solution in one box.

Core Features

Review Docs, Images & Multimedia

Most Graphics & Human Readable Files
Fully Playable Media & Full Metadata Recovery

Email Support

Full Local Email Support
Supports Formats Including PST, OST, MBOX, MSG, EML & AppleMail

Web Based Activity

Full Page Reconstruction
All Main Browsers Supported
Chat Client and Social Media Activity

New Technology Support

Full UEFI Secure Boot Support
PC App Support

Secure Forensic Process

Highly Secure
Designed by Forensic Experts
Process Driven Software

Advanced Export and Reporting

Reports in HTML, PDF & DOCX formats
Export Files and Hashsets
Export to Intelligence Systems

Additional Features

Password Lists

Allows the unlocking of password protected files.

Match & Ignore Lists

Identify files of interest and ignore unwanted files

Perpetual Licensing Model

No subscription is required with SPEKTOR, once purchased it continues working for as long as you need it.

Important Number Recognition

Automatically recognise important numbers such as bank cards and IMEIs.

International Language Support

Multi-Language file support and keyword search

Fully Portable

The power of SPEKTOR in your pocket.

Minimum Specifications

SPEKTOR Drive transforms an existing platform into a fully functioning SPEKTOR unit. In order for SPEKTOR Drive to function the platform must meet the following minimum specifications.

Minimum Spec

CPU: 64bit Intel Core 2
Display: 1280x768 resolution
Ports: 3 x USB 2.0
Network: RJ45 Ethernet
Additional Collectors: 250GB

Recommended Spec

CPU: 64bit Intel Core i7
Display: 1920x1080 resolution
Ports: 4 x USB 3.0
Network: RJ45 Ethernet
Additional Collectors: 1TB

More Information

SPEKTOR Drive Brochure

Download the SPEKTOR Drive Brochure for more information.
Download Brochure

Latest SPEKTOR Drive Release Notes

View the latest SPEKTOR Drive Release Notes.
Release Notes

SPEKTOR Testimonials

Read Some Testimonials From Our Customers

Thank you very much for your training and insight into the wider work that you are undertaking at Evidence Talks. The input from Robert on the use of SPEKTOR Drive was excellent and I can very clearly see the use that we will be able to put it towards in our operational work.
AJ, Det. Sgt a UK Police Constabulary
SPEKTOR was recently deployed by CEOP on a high profile operation at 5 key locations where time was of the essence. We chose SPEKTOR because of its comprehensive device support, speed and ease of use. On the day, SPEKTOR enabled our officers to quickly examine multiple computers, memory cards, mobile phones and USB devices resulting in a very successful operation. SPEKTOR was provided on a pro-bono basis by Evidence Talks.
Ruth Allen Head of Specialist Operational Support, CEOP

We have been very impressed and found the kit (SPEKTOR) easy to use and effective - it has saved us a lot of unnecessary paperwork and submissions of media that would have proved fruitless.

Regional Asset Recovery Team Metropolitan Police, London


What is SPEKTOR Drive?
SPEKTOR Drive is a Forensic Triage solution designed for people with little or no technical skills. It can transform a normal laptop or MacBook into a fully functiona SPEKTOR Forensic Intelligence Unit. This allows the quick and easy review of the contents of all PCs, MACs, Servers, and any mobile media such as USB thumb drives, memory cards, mobile phones and satellite navigation systems etc, (we call these the target devices) in a way that is acceptable both as evidence or intelligence.
Do I need to have an understanding of forensic processes and practices to operate SPEKTOR?
No, SPEKTOR has been specifically designed to provide non-forensic operators the ability to triage digital devices, whilst in a forensically sound manner. This is achieved by utilising a combination of integrated hardware, process driven configuration and deployment protocols in conjunction with comprehensive event auditing within a secure Linux Operating System.
What type of devices can SPEKTOR Drive triage?
SPEKTOR Forensic Intelligence is the base product which operates in a Linux environment, providing the ability to triage and forensically image a wide range of digital media, such as computers, USB external storage devices and card based media, e.g. SD, Compact Flash etc.
Am I able to triage and image external media, such as USB thumb drives, loose hard drives, SD cards, CF Cards etc.?
Yes, SPEKTOR is configured with designated read only protected USB and Firewire ports, allowing media to be individually ‘triaged’ or forensically imaged via the SPEKTOR Control Pod to a triage collector disc or store disc for imaging. A multimedia card reader is supplied as standard, which supports a variety of proprietary media formats.
What process is required to set up SPEKTOR search profiles?
The creation of search profiles is wizard-driven, using clear, concise terms and intuitive onscreen graphics. The operator is able to create new, edit, clone and save as many profiles as required to suit individual operational needs.
What changes does SPEKTOR Drive make to the target devices?
Whether performing standard triage or creating forensic images of target systems (SPEKTOR produces images in Encase, FTK, SMART and DD formats) the target systems/devices are always accessed 100% read-only. This has been validated in our own forensic laboratories and by CAST during their recent evaluation of triage tools. Standard triage mode and Forensic imaging uses exactly the same techniques that forensic analysts use when processing a target with a Linux boot CD. Target computers can be booted either from a Linux partition on the SPEKTOR collector or from the SPEKTOR Linux boot CD. We use a specially crafted OpenSuse Linux in both cases and all target access is 100% read only, resulting in absolutely no changes being made to the target media. Live mode is used to acquire data from running windows computers and, like every other live response tool, the process does make some small changes to the target. Such changes are impossible for any tool to avoid. However, we do not make any changes to file system dates and times and restrict the changes we do make to a couple of entries in the Windows Registry that relate to the attachment of the SPEKTOR Collector, a similar entry in the Setupapi.log file and a further entry in the Pre-fetch data showing the collection code being run. Any attempt to remove these entries after collection would not reflect good forensic practice so we don’t do it.
Does SPEKTOR Drive support MacBooks?
Yes, SPEKTOR Drive is able to undertake triage collections on Intel based MacBooks and forensic imaging on all models by using the MacBook expansion card variant.
Can collected data be exported?
Following a triage based collection, data can be reviewed and marked as an item of interest and subsequently selected to be exported to either a USB storage device or optical media. Exported content includes logical files, hash values, a full file listing, html report and full details of the collection configuration.
Will I need to remove the hard disc to conduct triage or imaging?
No, SPEKTOR utilises a special boot disc which allows the target computer to be booted in a forensically sound manner and preventing the often onerous task of disassembling modern notebooks and prevents any change ‘writes’ being made to the target disc being accessed. An ISO image of the boot disc is stored on SPEKTOR, allowing you to burn as many bootable CD’s as required, in order to undertake multiple, consecutive triage collections or full disc imaging.
How does SPEKTOR Drive handle software updates?
To maintain the maximum effectiveness of SPEKTOR, new updates are released on a regular basis, which can be downloaded directly onto SPEKTOR via our secure support portal. We are always looking to improve functionality and welcome feedback from users, which directly contributes to ongoing product development.
Is SPEKTOR Drive able to recover deleted data from the slack/unallocated areas of a disc?
Recoverable deleted data is collected as part of standard triage collections, which is designed to collect and present potentially valuable evidence and actionable intelligence within the shortest possible time frame. SPEKTOR can be deployed to undertake full forensic imaging in a variety of proprietary formats, e.g. EnCase, FTK, SMART and DD, in order to support further extensive traditional forensic analysis.
How does SPEKTOR Drive prevent changes being made to evidence?
To maintain the maximum effectiveness of SPEKTOR, new updates are released on a regular basis, which can be downloaded directly onto SPEKTOR via our secure support portal. We are always looking to improve functionality and welcome feedback from users, which directly contributes to ongoing product development.
Does SPEKTOR log user actions?
Audit and logging is at the heart of SPEKTOR. MD5 and SHA1 hash values are calculated for every file SPEKTOR collects together with comprehensive logs covering the entire triage or imaging process, from the initial registering of the collector to the control pod, through the cleaning of the collector prior to deployment, the deployment process, the automatic data analysis process and even the users navigation of the results and which files they have viewed. The level of log detail exceeds that produced by Accessdata’s FTK forensic tool. It also logs when and how a user exports data from SPEKTOR.
Does SPEKTOR Drive replace the need for forensic analysis?
No, we recommend that forensic analysis be undertaken on systems identified by SPEKTOR as containing potential evidence. SPEKTOR is designed to allow intelligent decisions to be made by the user at the point of contact with suspect device. The use of SPEKTOR does not affect any subsequent forensic analysis.


Please login here



Contact Us

Evidence Talks Ltd
Willen House
Tongwell Street
Fox Milne
Milton Keynes
MK15 0YS
t: +44 (0)1908 597960
f: +44 (0)1908 597958