Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
Line 5: Line 5:
  
 
Originally developed by (NAME), iLook was taken over by the IRS in (YEAR).
 
Originally developed by (NAME), iLook was taken over by the IRS in (YEAR).
 +
 +
 +
 +
=Features=
 +
 +
==File Systems Understood==
 +
 +
(unknown)
 +
 +
==File Search Facilities==
 +
 +
* Lists allocated and unallocated files.
 +
* Sorts files by type.
 +
* Searches for keywords.
 +
* Works with compressed zip files.
 +
 +
==Historical Reconstruction==
 +
 +
Can it build timelines and search by creation date?
 +
 +
==Searching Abilities==
 +
 +
* Searches for keywords.
 +
* Builds an index.
 +
 +
==Hash Databases==
 +
 +
* Hashes and compares with Hashkeeper using MD5. Also uses NIST NSRL library.
 +
 +
==Evidence Collection Features==
 +
 +
 +
 +
=History=
 +
 +
 
 +
==License Notes==
 +
 
 +
 +
==External Reviews==
  
  

Revision as of 12:08, 21 March 2006

iLook is an all-in-one computer forensics suite currently maintained by the Internal Revenue Service. Available only to US Government employees. The suite consists of the iLook_Imager, an analysis program, and a few utilities.


History

Originally developed by (NAME), iLook was taken over by the IRS in (YEAR).


Features

File Systems Understood

(unknown)

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5. Also uses NIST NSRL library.

Evidence Collection Features

History

License Notes

External Reviews

External Links