Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
(Revert.)
Line 12: Line 12:
 
The suite consists of the [[ILook External Imager]] ([[IXimager]]), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.
 
The suite consists of the [[ILook External Imager]] ([[IXimager]]), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.
  
=Features=
+
== File systems==
 +
iLook V8 currently identifies and supports:
 +
* [[FAT12]]
 +
* [[FAT16]]
 +
* [[FAT32]]
 +
* [[FAT32x]]
 +
* [[VFAT]]
 +
* [[NTFS]]
  
==File Systems Understood==
+
* [[HFS]]
 +
* [[HFS Plus|HFS+]]
 +
* [[Ext2FS]]
 +
* [[Ext3FS]]
 +
* [[SysV-AFS]]
 +
* [[SysV-EAFS]]
 +
* [[SysV-HTFS]]
 +
* [[NWFS]]
 +
* [[CDFS]]
 +
* [[UDF]]
  
iLook V8 currently identifies and supports [[FAT12]], [[FAT16]], [[FAT32]], [[FAT32x]], [[VFAT]], [[NTFS]], [[HFS]], [[HFS Plus|HFS+]], [[Ext2FS]], [[Ext3FS]], [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[CDFS]], and [[UDF]]. File system support of additional file systems is ongoing.
+
Support for additional file systems is ongoing.
 
+
==File Search Facilities==
+
  
 +
==Search Facilities==
 
* Lists allocated and unallocated files.
 
* Lists allocated and unallocated files.
 
* Sorts files by type.
 
* Sorts files by type.
 
* Searches for keywords.
 
* Searches for keywords.
 
* Works with compressed zip files.
 
* Works with compressed zip files.
 
==Historical Reconstruction==
 
 
Can it build timelines and search by creation date?
 
  
 
==Searching Abilities==
 
==Searching Abilities==
 
 
* Searches for keywords.
 
* Searches for keywords.
 
* Builds an index.
 
* Builds an index.
  
 
==Hash Databases==
 
==Hash Databases==
+
Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
* Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
+
 
+
==Evidence Collection Features==
+
 
+
=History=
+
 
+
==License Notes==
+
 
+
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
+
 
+
==External Reviews==
+
 
+
== External Links ==
+
  
 +
== External links ==
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.perlustro.com/IV8Changelog.html ILook v8 Changelog]
 
* [http://www.perlustro.com/IV8Changelog.html ILook v8 Changelog]
 +
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]

Revision as of 23:50, 22 April 2006

ILook
Maintainer: IRS
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite currently maintained by the Internal Revenue Service (IRS). It is available free of charge to law enforcement agencies and certain US government agencies. iLook is not available to the general public.

The suite consists of the ILook External Imager (IXimager), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.

File systems

iLook V8 currently identifies and supports:

Support for additional file systems is ongoing.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom as well as the Hashkeeper hash database using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1). Also uses the NIST NSRL library.

External links