ILookPI Options:
- Human/illicit Image Detection Files and Salvage
- Analysis Pack Tools: Event, Cloud, Email-Link, Lead-Link and Virus and Trojan Detection!
- Expert Witness Image Format Support
- Virtual Machine Runtime Environment Support
- IVault – Analysis-Review Platform for ILookPI
- PST-OST Extended Media Email Recovery
- Developer Interface (IDE)
- Miniapp IDE & Miniapp Runtime Access for Plugins
- IXimager v3
- System Requirements for ILookPI
e-Forensics Tools:
ILookPI Features:
- Data capture, analysis, investigation and dissemination
- The most advanced imaging solution available
- An easy-to-use interface
- Five built-in, fast and thorough search engines
- Built-in development environment
- Built-in file viewers for hundreds of file types
- The leading salvage engine
- Extremely fast hash engines and automated data reduction techniques
- Built-in e-mail store processing, searching and viewing
- Filesystem, file and e-mail recovery
- Multiple categorization features
- Registry viewing and searching
- Virus/Trojan search and identification
- VMware virtual disk production from devices or images
- Context dictionary production for password cracking
- IVault data store preparation and production
- Support for all common archive file formats
- Deconstruction of evidentially useful file types
- Sorting, grouping and filtering of files and e-mail.
- Advanced analysis functions
- Advanced MS Outlook e-mail recovery
- Illicit image and movie detection
- Password protected file detection
- File password cracking
What Our Customers Are Saying:
"Thank you for the opportunity to be able to use ILook as an individual member of the [Non USA National Police agency]. ILook has proven that we can have successful convictions in some of our cases in [our country]. We would like to use ILook as a national standard and official forensic tool within [our country]."
- From the Chief of National
Police, Foreign Government
Expert Witness Image Format Support
ILookPI provides an optional capability to analyze image files that are named “E01”. This commonly refers to image files made in the Expert Witness image format, but there is no public standard for files that call themselves .E01. The PI analysis of E01 files cannot be guaranteed in all cases, as the images themselves are generated by a number of different applications and hardware, none of which appear able to identify themselves to the forensic program analyzing them. Perlustro has official format documentation for the Expert Witness format courtesy of ASRData Inc., but ONLY for that specification of E01.
If the tool’s identity cannot be determined, then likewise, any analysis could be suspect, simply due to the disparities in imaging tools already published in independent tests. Who, what, or how this file type was made, are intrinsic to ILookPI’s analysis behavior and treatment. For instance, no authentication report can be generated for this type because insufficient data exists to create one using our standards.
This truly murky water of parentage does not lie at the feet of Perlustro’s image formats, or any of its tools. Every image of any source created by any Perlustro imaging product is an evidentiary container which authenticates itself as well as the specific product that created it. There will be no analysis in PI of any file, regardless of its name, if it simply purports to be a Perlustro product, but isn’t “Genuine Perlustro”.
All Perlustro image formats, ITAR, FUSUS and IX .asb formats, support that proof of concept. And of note, while PI makes VMDK images by default, it cannot directly authenticate even those files except by the original source; and then, only through hashing the data, which is not necessarily sufficient alone for authentication of evidence. However, ILookPI can, at any point, provide proof as to which one of our tools created our images – and much more.
The bounds we have created for this issue are as follows: should any court of State or National Jurisdiction call into question this issue, where PI cannot report the source software/hardware used to create the image files that are under examination; then Perlustro cannot support that image if it was not created by Perlustro, and that includes raw bitstream images. The Perlustro tools were built by law enforcement, for law enforcement, for reasons of evidence preservation and protection for all parties. They were not built just for interoperability or convenience at any cost.
Given the stakes of criminal evidentiary analysis, as opposed to information analysis, we do not find any other recourse to take that is both equitable and compliant with our own standards, those of NIST, and common sense.
NOTE: See http://www.cftt.nist.gov/DA-ATP-pc-01.pdf, in particular tests DA-AM-09, DA-A0-03 , DA-A0-06,07 & 08, DA-A0-22
(Notably, Perlustro builds the only tools that transfer proprietary image formats of any loadable type directly to a GPL documented and Federally approved compressed image format (VMDK), which can then be opened by a plethora of both open and closed source tools for validation purposes or for perpetual retention. This form frees the user from any reliance on, or requirement for, any Perlustro product in the further analysis or access to the data at a later date)