Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
m
 
(29 intermediate revisions by 11 users not shown)
Line 1: Line 1:
 +
{{Leonly}}
 
{{Infobox_Software |
 
{{Infobox_Software |
 
   name = ILook |
 
   name = ILook |
   maintainer = [[IRS]] |
+
   maintainer = [[Internal Revenue Service|IRS-CI]] |
   os = [[Windows]] |
+
   os = {{Windows}} |
   genre = [[Analysis]] |
+
   genre = {{Analysis}} |
 
   license = [http://www.ilook-forensics.org/iLookv8eula.html EULA] |
 
   license = [http://www.ilook-forensics.org/iLookv8eula.html EULA] |
   website = [http://www.ilook-forensics.org/ ilook-forensics.org] |
+
   website = [http://perlustro.com/ perlustro.com] |
 
}}
 
}}
  
'''ILook''' is an all-in-one [[computer forensics]] suite currently maintained by the [[Internal Revenue Service]] ([[IRS]]). It is available free of charge to law enforcement agencies and certain US government agencies. iLook is not available to the general public.
+
'''ILook''' is an all-in-one [[computer forensics]] suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury [[Internal Revenue Service]] Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It was made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.
  
The suite consists of the [[ILook External Imager]] ([[IXimager]]), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.
+
Elliot Spencer publicly announced on May 9, 2008, via the ILook users Yahoo! group, the end of ILook.  Due to the end of federal funding for continued development, the currently released ILook 8.0.18 is the final version. Spencers company, Perlustro, is developing a new commercial version of ILook, but no further updates of the free version will be forthcoming.  Currently licensed users will still be able to renew their licenses for the foreseeable future, but no new ILook licenses will be issued.
  
== File systems==
+
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include the ILook v8 forensic application and the [[IXimager]] which are both designed to follow forensics best practices. 
iLook V8 currently identifies and supports:
+
* [[FAT12]]
+
* [[FAT16]]
+
* [[FAT32]]
+
* [[FAT32x]]
+
* [[VFAT]]
+
* [[NTFS]]
+
  
* [[HFS]]
+
ILook can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660]], [[ISO 9660]], and [[UDF]].
* [[HFS Plus|HFS+]]
+
* [[Ext2FS]]
+
* [[Ext3FS]]
+
* [[SysV-AFS]]
+
* [[SysV-EAFS]]
+
* [[SysV-HTFS]]
+
* [[NWFS]]
+
* [[CDFS]]
+
* [[UDF]]
+
 
+
Support for additional file systems is ongoing.
+
  
 
==Search Facilities==
 
==Search Facilities==
 
* Lists allocated and unallocated files.
 
* Lists allocated and unallocated files.
* Sorts files by type.
+
* Sorts files by type (signature and extension).
 
* Searches for keywords.
 
* Searches for keywords.
 
* Works with compressed zip files.
 
* Works with compressed zip files.
Line 45: Line 28:
  
 
==Hash Databases==
 
==Hash Databases==
Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
+
 
 +
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[National Software Reference Library|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
  
 
== External links ==
 
== External links ==
* [http://www.ilook-forensics.org/ Official website]
+
* [http://www.perlustro.com/ Official website]
* [http://www.perlustro.com/IV8Changelog.html ILook v8 Changelog]
+
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 +
 +
[[Category:Disk imaging]]

Latest revision as of 14:36, 1 April 2010

Afosi-badge.jpg

This product is only available to members of law enforcement agencies.

ILook
Maintainer: IRS-CI
OS: Windows
Genre: Analysis
License: EULA
Website: perlustro.com

ILook is an all-in-one computer forensics suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It was made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.

Elliot Spencer publicly announced on May 9, 2008, via the ILook users Yahoo! group, the end of ILook. Due to the end of federal funding for continued development, the currently released ILook 8.0.18 is the final version. Spencers company, Perlustro, is developing a new commercial version of ILook, but no further updates of the free version will be forthcoming. Currently licensed users will still be able to renew their licenses for the foreseeable future, but no new ILook licenses will be issued.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include the ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

ILook can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, ISO 9660, ISO 9660, and UDF.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links