ASR

From ForensicsWiki
Revision as of 16:16, 6 March 2006 by Pw (Talk | contribs)

Jump to: navigation, search

ASR

Builds a tool for Linux. Coming soon is an "ultra-portable attack box".

website


Features

File Systems Understood

File Search Facilities

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Offers power regex searches.


Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

  • Uses SHA1, MD5 and CRC.

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

Evidence Collection Features

  • "Just about everything you do is logged in SMART. You can selectively export these log events into a simple HTML report."

History

License Notes

Commercial, although it runs on Linux.

External Links

EnCase Homepage - http://www.guidancesoftware.com/lawenforcement/ef_index.asp

External Reviews