Defacto
Defacto was developed by INFOBIS and NHTCU.ru. Defacto has been intended for audit software on PCs. It has the following characteristics. Such as: easy interface, big knowledge database and high speed scanning. It can analyse live PCs, dead PCs, network PCs. Defacto can create different reports (a forensic report, a report for boss’ company etc.) in different formats (XLS, HTML, TXT etc.). Defacto does not modify files while analysing a PC as any forensic program. It can run from a USB flash drive on Windows 8.1, 2012 R2, 8, 2012, 7, 2008 R2, Vista, 2008, 2003, XP, 2000, NT 4, Me, 98, and 95. Both 32-bit and 64-bit Windows are supported.
Figure 1. A USB flash drive with Defacto.
Defacto shows audit results in a table. The table consists of different characteristics. They are the name of program, a price, a license status (proprietary software, shareware software, freeware software). The freeware software is marked with green. The proprietary software is marked with red. The shareware software is marked with purple. One of columns consists of prices and total price of all software which was installed on the PC.
Figure 2.Defacto shows the results.
A bookmark of program of the table consists of other additional information. Such as: the date of installation, the path of installation, the path of distribution, a version number, an assembly number, an owner, an organization, a product ID, a product key, a mode of delivery (FPP, OEM etc.) and etc.
For more informational content, Defacto hide the information in the table about system drivers. A user can modify default settings then Defacto will show information in the table about system drivers. Defacto can separate hide information about system drivers, proprietary software, shareware software and freeware software. Then the table will consist of the information only about proprietary software or shareware software.
Defacto uses different methods for detects pirated software. Defacto detects:
1)EXE files modified (Defacto uses hash-sets for it).
2)Emulators of hardware keys.
3)Illegal software keys (For example: Defacto detects Microsoft Windows’s and Microsoft Office’s product keys which people usually use for activate pirated versions Microsoft’s programs and shows this information in the table and a report).
4)Keygen’s keys (For example: Defacto detects Winrar’s keys, which were made the Winrar’s keygen.).
If Defacto detects pirated software, it shows special message. Defacto marks pirated software with a special icon in the table.
Figure 3. Defacto shows the message about pirated software in an analysed PC.
I am so sorry. I have only Defacto the Russian language version, so I made all screenshots in Russian.