ILookPI Options:
- Human/illicit Image Detection Files and Salvage
- Analysis Pack Tools: Event, Cloud, Email-Link, Lead-Link and Virus and Trojan Detection!
- Expert Witness Image Format Support
- Virtual Machine Runtime Environment Support
- IVault – Analysis-Review Platform for ILookPI
- PST-OST Extended Media Email Recovery
- Developer Interface (IDE)
- Miniapp IDE & Miniapp Runtime Access for Plugins
- IXimager v3
- System Requirements for ILookPI
e-Forensics Tools:
ILookPI Features:
- Data capture, analysis, investigation and dissemination
- The most advanced imaging solution available
- An easy-to-use interface
- Five built-in, fast and thorough search engines
- Built-in development environment
- Built-in file viewers for hundreds of file types
- The leading salvage engine
- Extremely fast hash engines and automated data reduction techniques
- Built-in e-mail store processing, searching and viewing
- Filesystem, file and e-mail recovery
- Multiple categorization features
- Registry viewing and searching
- Virus/Trojan search and identification
- VMware virtual disk production from devices or images
- Context dictionary production for password cracking
- IVault data store preparation and production
- Support for all common archive file formats
- Deconstruction of evidentially useful file types
- Sorting, grouping and filtering of files and e-mail.
- Advanced analysis functions
- Advanced MS Outlook e-mail recovery
- Illicit image and movie detection
- Password protected file detection
- File password cracking
What Our Customers Are Saying:
"He called me with great concern and panic. I advised him to hook the drive up and use the IXImager and try to image the drive before doing anything else with it. IXImager reported a HPA, we (me by phone) chose to disable and proceeded to image the drive with the image sets. He now has an image of the drive he can view and has the ability to copy out the image file sets from his ILook image, etc."
- Federal Computer
Forensic Agent
IVault – Analysis-Review Platform for ILookPI
view larger version
IVault, the ILookPI produced end user review tool is installed somewhat simlar to ILookPI itself, on any end users machine. It only requires the .NET Framework prior to install. It requires a signing key like ILookPI. It provides a fully protected reviewer interface in which to review any data retrieved from the forensics process, a first in this field.
IVault is produced within ILookPI by a very simple process. You simply allocate any object to an existing or new virtual category, then elect the menu option within the PI toolbox to create the IVault. It is created to any path visible to the machine. It is compressed and encrypted and the formation of the IVault is created independently of ILook. The file is encrypted during the creation process. From that point on, the encryption on the container itself (an .IVault file type), protects the file in any location and requires a password for data access. It can never be decrypted in any form except through the IVault interface itself.
The ILookPI investigator/producer can elect to limit the end user reviewer’s access to perform certain Ivault Application functions such as searching the data, file extraction from the IVault container, or copying of the data by the reviewer to another location.
The Ivault application is previewed in the following screen, and allows for the reviewer, in 100% safety, to review, select, and categorize any objects in the IVault file container. The user can even manage the resources in the patent-pending I-Protect Interface which protects the user’s computer, or any computing system, during the use of IVault on the client machine. The structure of all files or objects captured within the IVault container is displayed in a more easily understandable form for novice reviewers unfamiliar with the details of computer forensics. The objects, usually files within the container, can be printed into multiple formats, or they can be exported to disk in both native and “safe” printed formats. Documents of multiple objects are printed to PDF’s by default which protects both the integrity of the metadata of the objects as well as maintaining the original parent->child relationship between multiple objects. This object relationship is provided especially for email export forms. In cases such as email where files were attached to original emails they are attached as PDF attachments in the exported form.
view larger version
In this example, we simply selected all gif files from a test image, exported them to an IVault and then opened them with the IVault Viewer. The files that were in the ILookPI mapped image set are seen here as they exist directly in the IVault view of the IVault container file. After they reach this container status, they are not just preserved and protected within the container by encryption and compression, they are also restrained into the container on the review computer system so that nothing can escape to the outside process and contaminate the review platform even when the contents are searched, analyzed or even printed to PDF form.
The next screen shows an expansion of the filtering available in both IVault as well as in ILookPI. The user can filter on any group of columns or even generate complex filter queries with this single function control. By using the filters for columns and custom select filters for individual searches, even without the use of advanced searching, including indexed searching, an average user can quickly find the information he or she is seeking.
view larger version
The selections visible here include the users ability to select categories for assignment to the objects seen or viewed in the view panel, which also includes a Hex viewer for files which have no included viewer within the application controls.
A short IVault summary - An Integrated, Evidence Container Review Tool
- Easy data review for a non-technical audience.
- Easy to use interface, straightforward and uncomplicated.
- Two, inbuilt, fast and thorough search engines.
- Inbuilt file viewers for hundreds of file types.
- Inbuilt e-mail searching and viewing.
- Multiple categorization features.
- Crumbs feature, recording the data that has been reviewed already.