ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
m (correct title)
(Started to wikify the text)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
 
   name = ILook |
 
   name = ILook |
   maintainer = [[IRS]] |
+
   maintainer = [[Internal Revenue Service|IRS]] |
 
   os = {{Windows}} |
 
   os = {{Windows}} |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
Line 8: Line 8:
 
}}
 
}}
  
'''ILook''' is an all-in-one [[computer forensics]] suite created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service (IRS-CI) Criminal Investigation Division. It is available at no cost to law enforcement agencies and US government agencies. ILook is not available to the general public.
+
'''ILook''' is an all-in-one [[computer forensics]] suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury [[Internal Revenue Service]] Criminal Investigation Division (IRS-CI). It is available at no cost to law enforcement agencies and US government agencies, but is not available to the general public.
  
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.   
+
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include ILook v8 forensic application and the [[IXimager]] which are both designed to follow forensics best practices.   
  
== File systems==
+
ILook can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660], [[ISO 9660]], and [[UDF]].
iLook V8 currently identifies and supports:
+
* [[FAT12]]
+
* [[FAT16]]
+
* [[FAT32]]
+
* [[FAT32x]]
+
* [[VFAT]]
+
* [[NTFS]]
+
* [[NTFS Compressed]]
+
* [[HFS]]
+
* [[HFS Plus|HFS+]]
+
* [[Ext2FS]]
+
* [[Ext3FS]]
+
* [[ReiserFS 1,2,and 3]]
+
* [[SysV-AFS]]
+
* [[SysV-EAFS]]
+
* [[SysV-HTFS]]
+
* [[NWFS]]
+
* [[NWFS Compressed]]
+
* [[VMWare Drive Mount Disk Drives]]
+
* [[MS VPC Virtual Disks]]
+
* [[CDFS CD Format]]
+
* [[ISO 9660 CD Format]]
+
* [[ISO 9660 File Format]]
+
* [[UDF CD Format]]
+
 
+
 
+
Support for additional file systems is ongoing.
+
  
 
==Search Facilities==
 
==Search Facilities==
Line 52: Line 25:
  
 
==Hash Databases==
 
==Hash Databases==
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[NSRL|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
+
 
 +
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[National Software Reference Library|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
  
 
== External links ==
 
== External links ==
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]

Revision as of 03:25, 27 February 2007

ILook
Maintainer: IRS
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service Criminal Investigation Division (IRS-CI). It is available at no cost to law enforcement agencies and US government agencies, but is not available to the general public.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

ILook can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, [[ISO 9660], ISO 9660, and UDF.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links