Zandra specializes in Digital Forensics and Incident Response (DFIR) by leveraging advanced techniques to analyze and correlate data from a wide range of sources. Its primary goal is to quickly assist investigators by analyzing forensic artifacts and activity logs from client PCs, mobile devices, firewalls, servers, and other security subsystems.

Zandra uncovers logical connections between events and contextual meaning in communications to provide insights into what occurred.  Zandra is a helper for the investigator or incident responder with the analysis of vast quantities of data at scale and link events together.

There are two options for Zandra AI technology. The full version Zandra AI that is hosted in a private cloud environment. This environment can be located in an specific geo location. The lighter option is the InvestiGator AI. InvestiGator AI is a web-based interface to the back-end Zandra AI, designed to help analyze digital forensics and incident response data while providing a simple interface.  It does not support file uploads for analysis and does not have the long-term memory and case management capabilities of Zandra. 

What is the Legal Impact of AI in an investigation?

QUESTION: How is Zandra AI and InvestiGator AI priced?

The Zandra AI systems are designed to be priced as SaaS models. Zandra AI is also included in the Professional and higher levels of Digital Investigator Memberships.

InvestiGator AI

$99.00/month

Zandra Ai

$199.00/month

The default deployment for Zandra is through the Cloud. An additional custom option for deployment can be done with custom hardware with Zandra AI deployed on the hardware.

QUESTION: How is my case data secured?

The Zandra system employs robust data storage and security mechanisms. Document text is stored on the Zandra server within a vector database, which is itself contained within an encrypted Validian volume, ensuring data at rest encryption. Similarly, the MySQL database, also hosted on the Zandra server and used for relational data, is both encrypted by Validian and stored within an encrypted Validian volume, providing layered protection. For AI response generation, prompts and relevant document text extracted from the vector database are securely transmitted to and stored within Zandra’s private cloud environment at Groq. Crucially, user chat logs are explicitly excluded from any AI model training, guaranteeing user privacy and data confidentiality.

QUESTION: Can I create reports with Zandra AI?

Yes, you can create an output of Zandra AI based on what you prompt for her to generate. For example “output the results of this data into an html timeline.”

QUESTION: Can somone else access my case data with Zandra AI in the cloud?

The cloud version is 100% dedicated to the user, the server instance is per user and no other people access it.  The server files are in a Validian encrypted partition on the server.

QUESTION: How private is my use of Zandra?

Zandra AI prioritizes the privacy of your data through several key measures. When processing language models and generating responses, your chats are explicitly excluded from any training datasets. Furthermore, the prompts and document text you provide for response creation are transmitted to Zandra’s private cloud environment where they are securely stored. Similarly, if you choose cloud processing for embedding preference, your document text is sent to and securely stored within Zandra’s private cloud, and these documents are also not used for training purposes. For users who opt for the LanceDB vector database, your vectors and associated document text are stored privately within your specific instance of Zandra AI. Finally, while anonymous telemetry is enabled, this data collection explicitly excludes IP addresses and any identifying content, settings, chats, or other non-usage based information, ensuring your privacy is maintained.

QUESTION: When seeing the results from a Zandra session, will it point back to the E3 data, so we can easily add to the report?

Zandra AI can point to this data from E3 if the referenced data was uploaded as the source for Zandra. For example, if in the E3 report the examiner selects to include evidence item number as part of the report that data will stay referenced with Zandra to be able to reference back to it.

QUESTION: Does the Zandra AI have any language limitations?

Zandra AI can understand 160 different languages and can accept data in prompts in any of those lanaguages or a mix of those languages. In additional Zandra AI can understand unique data such as emojis when reviewing information. 

QUESTION: How is Zandra AI different than other AI that I see for investigations?

Zandra is designed to follow the rules of evidence, and all your case data is kept private. You work in cases, so you can store and work with case specific data in a logical manner.  Everything is isolated and obfuscated in the Zandra back-end.  The data that trained Zandra was all based on common data types seen in digital forensics and incident response so the unique data types that are used in investigations is understood in context. Other AI are still sharing data with the platforms they run on and have limited training to certain data sets.

Learn about a master’s level university test where Zandra AI provided an alternative viewpoint in digital forensics.

Zandra & InvestiGator Validation Review

QUESTION: How did you validate this?

We created over 500 controlled data sets and created our own controlled forensic scenarios for which we already knew the answers. These data sets involved a large variety of different data types from memory dumps, emails, deleted files, registry keys, mobile app usage, network logs, local system logs, GPS data, etc. After that we tested the technologies ability to cross-correlate and analyze that information against our known answers about that data.

QUESTION:

What did you do to find/examine what the tool doesn’t parse?

We have documented the supported data types for “parsing” within the documentation. However, this technology is not a parsing tool — that is done at a different tool level, and the data is then provided in a format compatible for analysis to this tool. As long as the data sets are kept in the formats accepted, they are understood for analysis.

QUESTION:

What have you done to determine if the evidence found came from this device or was sync’d from another device when the data is from different sources?

We do not separate the data we understand the data that is provided to the technology is generated evidence from different devices or from synced evidence (iCloud, Google Drive, WhatsApp, OneDrive) and we can review those sources and other forensically relevant metadata and correlation logic to avoid speculation.  The data must be exported / data normalized from the forensic tool and present in the dataset that’s been provided to the AI. This means the tool process prior to the AI ingestion separates out the data.

When an AI deals with different data sources it would work with prompts such as:

“Compare $MFT/USN Journal (Windows), FSEvents (macOS), or similar logs with file timestamps to detect mismatches”

“Correlate file paths with sync client databases (SyncDiagnostics.log, registry keys, sync_config.db) to confirm source device vs. synced copy.”

“Cross-correlate Shellbag full paths to JumpList data, etc.”

QUESTION:

What anti-forensics examination have you performed?

This technology is not a forensic tool just an AI analytic tool that understands data from forensic sources.

QUESTION:

Do any other artifacts corroborate what the software found?

The technology efficiently analyzes the data; it’s up to the human to corroborate the underlying data.  

At Paraben Corporation, we don’t just sell cutting-edge digital forensics solutions; we deliver an unparalleled technical support experience that truly sets us apart. Our customers consistently rave about the quality of our assistance, making it clear that when you choose Paraben, you’re gaining a trusted partner, not just a product with your membership.

We pride ourselves on our team’s “investigator’s mindset.” This means we don’t just troubleshoot; we understand the real-world pressures and complexities you face every day. Our experts are dedicated to providing responsive, effective solutions that empower you to leverage the full potential of your E3 Forensic Platform. This commitment is reflected in overwhelmingly positive user feedback, with platforms like E3:Universal boasting impressive satisfaction ratings that speak volumes about our holistic support.

When you invest in the Paraben Membership program, you’re investing in a complete ecosystem of success. From the technology, training, and expert technical assistance, we’re with you every step of the way. We ensure you have the confidence and capability to achieve reliable, accurate results in every investigation. Your success isn’t just our goal; it’s our guarantee.