Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
Line 1: Line 1:
This software is only available to law enforcement agencies.
+
{{Leonly}}
 
+
 
{{Infobox_Software |
 
{{Infobox_Software |
 
   name = ILook |
 
   name = ILook |

Revision as of 05:00, 25 May 2008

Afosi-badge.jpg

This product is only available to members of law enforcement agencies.

ILook
Maintainer: IRS-CI
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It is made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include the ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

ILook can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, [[ISO 9660], ISO 9660, and UDF.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links