Difference between revisions of "ILook"

From Forensics Wiki
Jump to: navigation, search
(File Systems Understood)
m (Lots of links. Minor fixes.)
Line 6: Line 6:
  
 
==File Systems Understood==
 
==File Systems Understood==
iLook V8 currently identifies and supports FAT12, FAT16, FAT32, FAT32x, VFAT, NTFS, (Apple)HFS, HFS+, (Linux)Ext2FS, Ext3FS, (UNIX)SysV-AFS, SysV-EAFS, SysV-HTFS, (Novell)NetWare NWFS, CDFS and UDF. File system support of additional file systems is ongoing.
+
 
 +
iLook V8 currently identifies and supports [[FAT12]], [[FAT16]], [[FAT32]], [[FAT32x]], [[VFAT]], [[NTFS]], [[HFS]], [[HFS Plus|HFS+]], [[Ext2FS]], [[Ext3FS]], [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[CDFS]], and [[UDF]]. File system support of additional file systems is ongoing.
  
 
==File Search Facilities==
 
==File Search Facilities==
Line 26: Line 27:
 
==Hash Databases==
 
==Hash Databases==
 
   
 
   
* Hashes and compares using custom as well as the [[Hashkeeper]] hash database using [[MD5 and FIPS 180-2 compliant algorithms (e.g. SHA1)]]. Also uses [[NIST NSRL library]].
+
* Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
  
 
=History=
 
=History=
 
* Originally developed by (NAME), ILook was taken over by the [[IRS]] in (YEAR).
 
 
    
 
    
 
==License Notes==
 
==License Notes==

Revision as of 13:17, 31 March 2006

ILook is an all-in-one computer forensics suite currently maintained by the Internal Revenue Service (IRS). It is available free of charge to law enforcement agencies and certain US government agencies. iLook is not available to the general public.

The suite consists of the ILook External Imager (IXimager), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.

Contents

Features

File Systems Understood

iLook V8 currently identifies and supports FAT12, FAT16, FAT32, FAT32x, VFAT, NTFS, HFS, HFS+, Ext2FS, Ext3FS, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, CDFS, and UDF. File system support of additional file systems is ongoing.

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features

History

License Notes

External Reviews

External Links