❓ FAQ

TraceHunt3r is a professional digital forensics toolkit for Windows, designed for law enforcement agencies, forensic investigators, and IT security experts. It provides rapid first-response capabilities for immediate on-site analysis of PCs, laptops, and servers during searches and investigations.

The tool operates completely offline and leaves no traces on the examined system, making it forensically sound for evidence collection.

TraceHunt3r is designed for:

• Law Enforcement: Police, federal agencies, prosecutors, customs, and tax investigators
• Forensic Investigators: Digital forensics professionals who need quick system overviews
• IT Security Experts: Penetration testers and security analysts for audits and incident response
• Estate Administrators: For identifying digital assets, cryptocurrencies, and encrypted data in inheritance cases

TraceHunt3r runs on Windows 10 and Windows 11 (64-bit). It can analyze any Windows system from Windows 10 onwards. The application is self-contained and requires no installation – simply run it from a USB drive.

No! TraceHunt3r operates 100% offline. It never connects to the internet and all processing happens locally on the device. This ensures complete data privacy and makes it suitable for air-gapped environments.

TraceHunt3r is designed to leave zero traces on the target system. All temporary files, logs, database copies, and cache are stored exclusively in the application's own folder (typically on your USB drive). No registry entries, no system files, no logs are created on the examined PC.

The Audit Trail provides a tamper-proof documentation of all forensic actions. Every action is secured with:

• SHA-256 hash for each individual action
• Hash chain linking each action to the previous one
• Timestamps for precise timing
• Session hash covering the entire investigation

The hash chain can be verified at any time by third parties to prove the integrity of the investigation.

Most features work without administrator rights. However, some advanced features require admin privileges:

• Memory scanning (full process memory dumps)
• LSASS dump for credential extraction
• BitLocker key extraction
• SAM/SYSTEM hash extraction

The Fast Scan works completely without admin rights and provides a quick first assessment.

TraceHunt3r is available in three editions:

• Lite (Free): All scanners available but results limited to 15 items. Export disabled. Perfect for evaluation.
• Pro: Full access to all scanners and unlimited results. Multi-format export. Audit trail with verification.
• Gov: All Pro features plus: Password extraction, Windows Login Cracker, RDP Brute Force, FRITZ!Box Cracker. Only for authorized investigators.

Licenses are hardware-bound and time-limited. Each license is cryptographically signed and tied to your specific hardware UUID. This ensures that licenses cannot be shared or transferred without authorization.

Contact us at office@tracehunt3r.com for pricing and licensing information.

The GOV Edition is exclusively available to authorized investigators with appropriate legal authorization. This includes:

• Law enforcement agencies
• State prosecutors
• Government security agencies
• Court-appointed forensic experts

Proof of authorization is required during the licensing process.

The Wallet Hunter can detect:

• Software Wallets: Bitcoin Core, Electrum, Exodus, MetaMask, Wasabi, Mycelium, and 20+ more
• Hardware Wallets: Ledger, Trezor, KeepKey (via USB registry entries)
• Seed Phrases: BIP39 mnemonic words, WIF private keys, hex keys
• Exchanges: 35+ crypto exchanges in browser history
• Browser Extensions: MetaMask, Phantom, and other wallet extensions

Vera Hunter detects VeraCrypt and TrueCrypt containers using entropy analysis. Since these containers have no file signature and no typical file extension (they're designed to look like random data), Vera Hunter analyzes file entropy to identify high-entropy files – a strong indicator of encryption.

Features include configurable size filters, fast mode for large drives, and header signature checking.

TraceHunt3r Pro and Gov editions support multiple export formats:

• TXT: Plain text for simple documentation
• CSV: Spreadsheet-compatible format for data analysis
• HTML: Formatted reports for presentation
• JSON: Structured data for automation and integration

All exports include case information and audit trail data.