Difference between revisions of "ILook"

From Forensics Wiki
Jump to: navigation, search
m (ILook v8 Changelog.)
Line 7: Line 7:
 
   website = [http://www.ilook-forensics.org/ ilook-forensics.org] |
 
   website = [http://www.ilook-forensics.org/ ilook-forensics.org] |
 
}}
 
}}
 
'''ILook''' is an all-in-one [[computer forensics]] suite currently maintained by the [[Internal Revenue Service]] ([[IRS]]). It is available free of charge to law enforcement agencies and certain US government agencies. iLook is not available to the general public.
 
 
The suite consists of the [[ILook External Imager]] ([[IXimager]]), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.
 
 
=Features=
 
 
==File Systems Understood==
 
 
iLook V8 currently identifies and supports [[FAT12]], [[FAT16]], [[FAT32]], [[FAT32x]], [[VFAT]], [[NTFS]], [[HFS]], [[HFS Plus|HFS+]], [[Ext2FS]], [[Ext3FS]], [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[CDFS]], and [[UDF]]. File system support of additional file systems is ongoing.
 
 
==File Search Facilities==
 
 
* Lists allocated and unallocated files.
 
* Sorts files by type.
 
* Searches for keywords.
 
* Works with compressed zip files.
 
 
==Historical Reconstruction==
 
 
Can it build timelines and search by creation date?
 
 
==Searching Abilities==
 
 
* Searches for keywords.
 
* Builds an index.
 
 
==Hash Databases==
 
 
* Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
 
 
==Evidence Collection Features==
 
 
=History=
 
 
 
==License Notes==
 
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 
 
==External Reviews==
 
 
== External Links ==
 
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.perlustro.com/IV8Changelog.html ILook v8 Changelog]
 

Revision as of 08:44, 16 April 2006

ILook
Maintainer: IRS
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org