A simple but confounding problem with native file productions is the challenge of reading files in formats for which the receiving party does not have the native software. This can involve extracting word processing documents from old or obsolete programs like DOS Wordstar or obtaining tables from a database created in Oracle or uncovering layers in a picture created in Photoshop. There are a number of ways in which this information can be reviewed without the necessity of purchasing or finding a copy of the original software.
1. Software that can Read ASCII
Just about any forensics software (for example Encase or FTK) , or ediscovery processing software (for example Law or Nuix) , or hex editor can interpret ascii text and make it readable as text. The content of most email messages and word processing documents can be read as ascii text. The disadvantage of this approach is that the original formatting of the underlying document will be lost, but most of the time the content is where the evidence is located.
2. Viewers
There are a number of file viewing applications, examples are Hijaak and Evince. Hijaak was developed primarily to view various graphic formats. Evince is an open source program developed to read various document formats. One of the most powerful viewers is Outside In technology which is available from Oracle as a developer kit and incorporated by software vendors into their products. Outside In is incorporated into recent versions of Encase. Thus, a forensic analyst reviewing a document in encase can view and carve out if necessary documents in any of the 500 plus formats supported by Outside In.
3. Installs from Original Image
Often people download software and store the original install image somewhere on their hard drive. Many companies keep their corporate install images located on the corporate servers. If an analyst obtains the original install image from the server or the original disk, then the software can be installed on the computer being used for review.
4. Quasi Native Format
Another option is to covert the file into a format that is readable and equivalent as part of the ediscovery processing. This mostly applies to databases and spreadsheets. Thus if data is produced in an Oracle format, it may be possible to convert it into an Access database. Similarly, if data is in spreadsheet format, it may be translatable to a different spreadsheet or convertible into comma delimited format.
5. Open Source and Freeware Alternatives
There are open source and freeware alternatives to the alternative product. Open Office is widely known example. Microsoft Office documents can be read by the Open Office software, which is available for free. Another very useful open source program is Gimp. Gimp is a Photoshop clone. If one needs to review a document created in Adobe Photoshop and needs to unpeel layers in the photo, it isn’t necessary to purchase Photoshop, the photoshop layers can be revealed by opening the document in Gimp.