Difference between revisions of "ASR"

From ForensicsWiki
Jump to: navigation, search
(History)
Line 36: Line 36:
 
=History=
 
=History=
  
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
+
 
+
 
==License Notes==
 
==License Notes==
  
Is it commercial or open source? Are there other licensing options?
+
Commercial, although it runs on Linux.
  
 
= External Links =
 
= External Links =

Revision as of 15:16, 6 March 2006

ASR

Builds a tool for Linux. Coming soon is an "ultra-portable attack box".

website


Features

File Systems Understood

File Search Facilities

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Offers power regex searches.


Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

  • Uses SHA1, MD5 and CRC.

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

Evidence Collection Features

  • "Just about everything you do is logged in SMART. You can selectively export these log events into a simple HTML report."

History

License Notes

Commercial, although it runs on Linux.

External Links

EnCase Homepage - http://www.guidancesoftware.com/lawenforcement/ef_index.asp

External Reviews