Difference between revisions of "ILook"

From ForensicsWiki
Jump to: navigation, search
Line 12: Line 12:
 
'''ILook''' is an all-in-one [[computer forensics]] suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury [[Internal Revenue Service]] Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It is made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.
 
'''ILook''' is an all-in-one [[computer forensics]] suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury [[Internal Revenue Service]] Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It is made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.
  
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include ILook v8 forensic application and the [[IXimager]] which are both designed to follow forensics best practices.   
+
The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media.  ILook Investigator © products include the ILook v8 forensic application and the [[IXimager]] which are both designed to follow forensics best practices.   
  
 
ILook can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660], [[ISO 9660]], and [[UDF]].
 
ILook can support a wide variety of file systems, including [[FAT]] 12/16/32, [[NTFS]], [[NTFS Compressed]], [[HFS]], [[HFS+]], [[Ext2]], [[Ext3]], [[ReiserFS]] 1, 2, and 3, [[SysV-AFS]], [[SysV-EAFS]], [[SysV-HTFS]], [[NWFS]], [[NWFS Compressed]], [[VMWare Drive Mount Disk Drives]], [[Microsoft]] [[Virtual PC]] disks. It can also process CDs in [[CDFS]], [[ISO 9660], [[ISO 9660]], and [[UDF]].

Revision as of 14:21, 17 March 2007

This software is only available to law enforcement agencies.

ILook
Maintainer: IRS-CI
OS: Windows
Genre: Analysis
License: EULA
Website: ilook-forensics.org

ILook is an all-in-one computer forensics suite originally created by Elliot Spencer and currently maintained by the U.S. Department of Treasury Internal Revenue Service Criminal Investigation Division (IRS-CI) Electronic Crimes Program. It is made available at no cost to law enforcement agencies and US government agencies at the discretion of the IRS-CI, but is not available to the general public.

The ILook Investigator © Forensic Software is a comprehensive suite of computer forensics tools used to acquire and analyze digital media. ILook Investigator © products include the ILook v8 forensic application and the IXimager which are both designed to follow forensics best practices.

ILook can support a wide variety of file systems, including FAT 12/16/32, NTFS, NTFS Compressed, HFS, HFS+, Ext2, Ext3, ReiserFS 1, 2, and 3, SysV-AFS, SysV-EAFS, SysV-HTFS, NWFS, NWFS Compressed, VMWare Drive Mount Disk Drives, Microsoft Virtual PC disks. It can also process CDs in CDFS, [[ISO 9660], ISO 9660, and UDF.

Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type (signature and extension).
  • Searches for keywords.
  • Works with compressed zip files.

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Hashes and compares using custom hash sets as well as the Hashkeeper hash database and NIST hash library using MD5 and FIPS 180-2 compliant algorithms (e.g. SHA-1).

External links