Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
ILooK was the digital forensic analysis tool used in the investigation of the 9/11 attacks. Although it was originally available only for law enforcement, with the application now being supported by XtremeForensics, ILooKIX v9 has been released for commercial use in two versions, Standard and Advanced.
+
ILooK was the digital forensic analysis tool used in the investigation of the 9/11 attacks. Originally available only for law enforcement, the application is now being supported by XtremeForensics who have released ILooKIX v9 for commercial use in two versions, Standard and Advanced.
  
 
ILooKIX can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660]], [[ISO 9660]], and [[UDF]].
 
ILooKIX can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660]], [[ISO 9660]], and [[UDF]].
  
Over the past few years ILooKIX has undergone a huge amount of development, particularly in relation to Apple file systems, and Version 9 is now  available for use outside of the law enforcement, intelligence and military environments. In addition, to cater for the needs of practitioners working on smaller cases, there is now a 'Standard' version which has the majority of the features included in the 'Advanced' version but it is restricted to a case database size of 10GB (more than enough to process single-system cases).
+
Over the past few years ILooKIX has undergone a huge amount of development, particularly in relation to Apple file systems, and Version 10 is now  available for use outside of the law enforcement, intelligence and military environments. In addition, to cater for the needs of practitioners working on smaller cases, there is now a 'Standard' version which has the majority of the features included in the 'Advanced' version but it is restricted to a case database size of 10GB (more than enough to process single-system cases).
  
 
Key Features - Standard Edition (Perpetual Licence)
 
Key Features - Standard Edition (Perpetual Licence)
Line 9: Line 9:
 
* Data capture, analysis, investigation and dissemination
 
* Data capture, analysis, investigation and dissemination
 
* The most advanced imaging solution available
 
* The most advanced imaging solution available
An easy-to-use interface
+
* An easy-to-use interface
Five built-in, fast and thorough search engines
+
* Five built-in, fast and thorough search engines
Built-in development environment
+
* Built-in development environment
Built-in file viewers for hundreds of file types
+
* Built-in file viewers for hundreds of file types
The leading salvage engine
+
* The leading salvage engine
Extremely fast hash engines and automated data reduction techniques
+
* Extremely fast hash engines and automated data reduction techniques
Built-in e-mail store processing, searching and viewing
+
* Built-in e-mail store processing, searching and viewing
Filesystem, file and e-mail recovery
+
* Filesystem, file and e-mail recovery
Multiple categorization features
+
* Multiple categorization features
Registry viewing and searching
+
* Registry viewing and searching
Virus/Trojan search and identification
+
* Virus/Trojan search and identification
VMware virtual disk production from devices or images
+
* VMware virtual disk production from devices or images
Context dictionary production for password cracking
+
* Context dictionary production for password cracking
IVault data store preparation and production
+
* IVault data store preparation and production
Support for all common archive file formats
+
* Support for all common archive file formats
Deconstruction of evidentially useful file types
+
* Deconstruction of file types useful as evidence
Sorting, grouping and filtering of files and e-mail.
+
* Sorting, grouping and filtering of files and e-mail.
Advanced analysis functions
+
* Advanced analysis functions
Advanced MS Outlook e-mail recovery
+
* Advanced MS Outlook e-mail recovery
Password protected file detection
+
* Password protected file detection
 
 
 
Additional Features - Advanced Edition (Annual Licence)
 
Additional Features - Advanced Edition (Annual Licence)
 
 
Xtreme File Recovery - the only forensics tool that is able to recover deleted files AND metadata from Ext 3 & 4 filesystems (in addition to NTFS, ExFAT, HFS etc.) PLUS recovering deleted files and their metadata from Volume Shadow Copies.
+
* Xtreme File Recovery - the only forensics tool that is able to recover deleted files AND metadata from Ext 3 & 4 filesystems (in addition to NTFS, ExFAT, HFS etc.) PLUS recovering deleted files and their metadata from Volume Shadow Copies.
IXImager Creation - the fastest and most versatile imaging tool available.
+
* IXImager Creation - the fastest and most versatile imaging tool available.
Unlimited Case Size - built around the industry-standard SQL Server database engine the only restriction on case size is the storage capacity of your workstation.
+
* Unlimited Case Size - built around the industry-standard SQL Server database engine the only restriction on case size is the storage capacity of your workstation.
 
 
ILooKIX v9 is unrivalled for its ease of use, intuitive interface, comprehensive processing and stability in the face of ever-growing volumes of data. It is full of features designed to aid the investigator, from the ability to use 'one-click' processing options to the comprehensive property sheets associated with each object.
+
ILooKIX v9 has an intuitive interface, comprehensive processing and stability in the face of ever-growing volumes of data. It is full of features designed to aid the investigator, from the ability to use 'one-click' processing options to the comprehensive property sheets associated with each object.
 
 
 
ILooKIX v9 runs perfectly on a Virtual Machine and each ILooKIX licence permits up to 3 instances on the same host.
 
ILooKIX v9 runs perfectly on a Virtual Machine and each ILooKIX licence permits up to 3 instances on the same host.
  
 
==Search Facilities==
 
* Lists allocated and unallocated files.
 
* Sorts files by type (signature and extension).
 
* Searches for keywords.
 
* Works with compressed zip files.
 
 
==Searching Abilities==
 
* Searches for keywords.
 
* Builds an index.
 
  
 
==Hash Databases==
 
==Hash Databases==

Latest revision as of 09:08, 12 October 2017

ILooK was the digital forensic analysis tool used in the investigation of the 9/11 attacks. Originally available only for law enforcement, the application is now being supported by XtremeForensics who have released ILooKIX v9 for commercial use in two versions, Standard and Advanced.

ILooKIX can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, ISO 9660, ISO 9660, and UDF.

Over the past few years ILooKIX has undergone a huge amount of development, particularly in relation to Apple file systems, and Version 10 is now available for use outside of the law enforcement, intelligence and military environments. In addition, to cater for the needs of practitioners working on smaller cases, there is now a 'Standard' version which has the majority of the features included in the 'Advanced' version but it is restricted to a case database size of 10GB (more than enough to process single-system cases).

Key Features - Standard Edition (Perpetual Licence) ​

  • Data capture, analysis, investigation and dissemination
  • The most advanced imaging solution available
  • An easy-to-use interface
  • Five built-in, fast and thorough search engines
  • Built-in development environment
  • Built-in file viewers for hundreds of file types
  • The leading salvage engine
  • Extremely fast hash engines and automated data reduction techniques
  • Built-in e-mail store processing, searching and viewing
  • Filesystem, file and e-mail recovery
  • Multiple categorization features
  • Registry viewing and searching
  • Virus/Trojan search and identification
  • VMware virtual disk production from devices or images
  • Context dictionary production for password cracking
  • IVault data store preparation and production
  • Support for all common archive file formats
  • Deconstruction of file types useful as evidence
  • Sorting, grouping and filtering of files and e-mail.
  • Advanced analysis functions
  • Advanced MS Outlook e-mail recovery
  • Password protected file detection

​ Additional Features - Advanced Edition (Annual Licence) ​

  • Xtreme File Recovery - the only forensics tool that is able to recover deleted files AND metadata from Ext 3 & 4 filesystems (in addition to NTFS, ExFAT, HFS etc.) PLUS recovering deleted files and their metadata from Volume Shadow Copies.
  • IXImager Creation - the fastest and most versatile imaging tool available.
  • Unlimited Case Size - built around the industry-standard SQL Server database engine the only restriction on case size is the storage capacity of your workstation.

​ ILooKIX v9 has an intuitive interface, comprehensive processing and stability in the face of ever-growing volumes of data. It is full of features designed to aid the investigator, from the ability to use 'one-click' processing options to the comprehensive property sheets associated with each object. ​ ILooKIX v9 runs perfectly on a Virtual Machine and each ILooKIX licence permits up to 3 instances on the same host.


Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links