Difference between revisions of "ILook"

From Forensics Wiki
Jump to: navigation, search
m (correct title)
(Started to wikify the text)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
 
   name = ILook |
 
   name = ILook |
   maintainer = [[IRS]] |
+
   maintainer = [[Internal Revenue Service|IRS]] |
 
   os = {{Windows}} |
 
   os = {{Windows}} |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
Line 8: Line 8:
 
}}
 
}}
  
'''ILook''' is an all-in-one [[computer forensics]] suite created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service (IRS-CI) Criminal Investigation Division. It is available at no cost to law enforcement agencies and US government agencies. ILook is not available to the general public.
+
'''ILook''' is an all-in-one [[computer forensics]] suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury [[Internal Revenue Service]] Criminal Investigation Division (IRS-CI). It is available at no cost to law enforcement agencies and US government agencies, but is not available to the general public.
  
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.   
+
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include ILook v8 forensic application and the [[IXimager]] which are both designed to follow forensics best practices.   
  
== File systems==
+
ILook can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660], [[ISO 9660]], and [[UDF]].
iLook V8 currently identifies and supports:
+
* [[FAT12]]
+
* [[FAT16]]
+
* [[FAT32]]
+
* [[FAT32x]]
+
* [[VFAT]]
+
* [[NTFS]]
+
* [[NTFS Compressed]]
+
* [[HFS]]
+
* [[HFS Plus|HFS+]]
+
* [[Ext2FS]]
+
* [[Ext3FS]]
+
* [[ReiserFS 1,2,and 3]]
+
* [[SysV-AFS]]
+
* [[SysV-EAFS]]
+
* [[SysV-HTFS]]
+
* [[NWFS]]
+
* [[NWFS Compressed]]
+
* [[VMWare Drive Mount Disk Drives]]
+
* [[MS VPC Virtual Disks]]
+
* [[CDFS CD Format]]
+
* [[ISO 9660 CD Format]]
+
* [[ISO 9660 File Format]]
+
* [[UDF CD Format]]
+
 
+
 
+
Support for additional file systems is ongoing.
+
  
 
==Search Facilities==
 
==Search Facilities==
Line 52: Line 25:
  
 
==Hash Databases==
 
==Hash Databases==
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[NSRL|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
+
 
 +
Hashes and compares using custom hash sets as well as the [[Hashkeeper]] [[hash database]] and [[National Software Reference Library|NIST]] [[hash library]] using [[MD5]] and [[FIPS 180-2]] compliant algorithms (e.g. [[SHA-1]]).  
  
 
== External links ==
 
== External links ==
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/ Official website]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]
 
* [http://www.ilook-forensics.org/iLookv8eula.html EULA]

Revision as of 22:25, 26 February 2007

ILook
Maintainer: IRS
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service Criminal Investigation Division (IRS-CI). It is available at no cost to law enforcement agencies and US government agencies, but is not available to the general public.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

ILook can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, [[ISO 9660], ISO 9660, and UDF.

Contents

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links