Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
(File systems)
Line 8: Line 8:
 
}}
 
}}
  
'''ILook''' is an all-in-one [[computer forensics]] suite currently maintained by the [[Internal Revenue Service]] ([[IRS]]). It is available free of charge to law enforcement agencies and certain US government agencies. iLook is not available to the general public.
+
'''ILook''' is an all-in-one [[computer forensics]] suite created by Elliot Spencer and currently maintained by the [[Internal Revenue Service]] ([[IRS]]). It is available at no cost to law enforcement agencies and certain US government agencies. iLook is not available to the general public.
  
The suite consists of the [[ILook External Imager]] ([[IXimager]]), an analysis program, and a few utilities. IXimager is a Linux-based custom boot CD that produces forensically authenticatable compressed output. The imager is generated from a licensed copy of iLook. Version 8 is the currently distributed version of iLook.
+
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.
  
 
== File systems==
 
== File systems==
Line 20: Line 20:
 
* [[VFAT]]
 
* [[VFAT]]
 
* [[NTFS]]
 
* [[NTFS]]
 
 
* [[HFS]]
 
* [[HFS]]
 
* [[HFS Plus|HFS+]]
 
* [[HFS Plus|HFS+]]
Line 30: Line 29:
 
* [[NWFS]]
 
* [[NWFS]]
 
* [[CDFS]]
 
* [[CDFS]]
 +
* [[ISO 9660]]
 
* [[UDF]]
 
* [[UDF]]
 
* [[ReiserFS]]
 
* [[ReiserFS]]
Line 37: Line 37:
 
==Search Facilities==
 
==Search Facilities==
 
* Lists allocated and unallocated files.
 
* Lists allocated and unallocated files.
* Sorts files by type.
+
* Sorts files by type (signature and extension).
 
* Searches for keywords.
 
* Searches for keywords.
 
* Works with compressed zip files.
 
* Works with compressed zip files.
Line 46: Line 46:
  
 
==Hash Databases==
 
==Hash Databases==
Hashes and compares using custom as well as the [[Hashkeeper]] [[hash database]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]). Also uses the [[NSRL|NIST NSRL library]].
+
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[NSRL|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
  
 
== External links ==
 
== External links ==
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/ Official website]
* [http://www.perlustro.com/IV8Changelog.html ILook v8 Changelog]
 
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]

Revision as of 08:40, 16 May 2006

ILook
Maintainer: IRS
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite created by Elliot Spencer and currently maintained by the Internal Revenue Service (IRS). It is available at no cost to law enforcement agencies and certain US government agencies. iLook is not available to the general public.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

File systems

iLook V8 currently identifies and supports:

Support for additional file systems is ongoing.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links