ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
Line 20: Line 20:
* [ Official website]
* [ Official website]
[[Category:Disk imaging]]
[[Category:Digital Forensics,Disk imaging]]

Revision as of 08:05, 5 October 2017

ILooKIX is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. Originally available only for law enforcement, with the application now being supported by XtremeForensics they have released ILooKIX v9 for commercial use in two versions, Standard and Advanced.

ILooKIX can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, ISO 9660, ISO 9660, and UDF.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links