ILook Investigator Computer Forensics Software

IRS-CI Electronic Crimes

 

ILook Version 8

Computer Forensic Application

A powerful and robust forensics program built for allowing an investigator to conduct a thorough forensic anaylsis


IXimager

ILook v8

List Serve

FAQ

Supporting Agencies

ILook v8.0.18 dated 10/19/2007

The current version of ILookv8 can be downloaded following the instructions contained in the registration email.

About ILookv8

ILook is a multi threaded, Unicode compliant, fast forensic analysis tool designed to analyze an image taken from a seized computer system or other digital media. ILook will run on the following 32 bit platforms :- Win2K or WinXP and the following 64 bit platforms :- Windows XP / Server 2003. ILook can be used to examine images obtained from other forensic imaging tools that produce a raw bit stream image. It may also be used to examine some commercial imager formats. The hardware recommendation for ILookv8 is a 2 gigahertz Intel Pentium 4 processor with 1 gigabyte of RAM. ILook v8 contains "On-line help" sections which are available once Ilook is installed. IXimager help is included only with ILookv8 since the IXimager formats are proprietary to ILookv8.

 

ILook v8 Features

1.Stand-alone Imager.

2.Identification and support of the following file systems: FAT12, FAT16, FAT32, FAT32x, VFAT, NTFS, HFS, HFS+, Ext2FS, Ext3FS, SysV AFS, SysV EAFS, SysV HTFS, CDFS, Netware NWFS, Reiser FS, ISO9660

3.An Explorer like interface allowing an investigator to view and navigate the file system as it originally appeared on the suspect's computer.

4.Granular extraction facilities which allow all or part of a file system to be extracted from an image.

5.Fast, sophisticated, regular expression search engine.

6.Link points to investigator defined viewer technology.

7.Inbuilt multi-format file viewing.

8.Password and pass phrase dictionary generators.

9.Inbuilt hex viewer.

10.File salvage (carve) facilities.

11.File signature verification routines.

12.Orphaned FAT directory recovery.

13.Hash analysis functions.

14.Data tagging and categorisation features.

15.Reporting facilities.

16.Case and evidence management features and multi-evidential item handling.

17.Internet cache and mailbox deconstruction functions.

18.Direct device investigation features.

19.Additional Imager built into ILook for imaging directly attached devices.

20.File filtering and elimination functions.

21.Search results database stores the results of all searches run against any item in a case.

22.Volume bitmap view gives detailed overview of the physical layout of any selected volume.

23.Sophisticated and powerful scripting for automating processes within ILook.

24.Full access to Microsoft's DotNet architecture, C# and VB.Net compilers linked to ILook's data streams for full user customisation.

25.New script types - ViewFilters and StreamFilters.

26.Protected file detection for common password protected filetypes.

27.Data categorisation virtual folders.

28.Integrated thumbnail viewer.

29.FileTime diary.

30.Data stream analysis.

31.New search and index engine.

Supported Hash Databases

ILookv8 makes use of the Hashkeeper Database designed and maintained by U.S. DOJ National Drug Intelligence Center (NDIC) http://www.usdoj.gov/ndic/about.htm

ILookv8 makes use of the National Institute of Standards and Technogy (NIST), National Software Reference Library (NSRL) http://www.nsrl.nist.gov/downloads.htm. The NSRL formats are new as of March, 2007 (RDS 2.16)

 

 

© Copyright 2006. ilook-forensics.org