- Analysis Pack Tools: Event, Cloud, Email-Link, Lead-Link and Virus and Trojan Detection!
- Expert Witness Image Format Support
- Virtual Machine Runtime Environment Support
- IVault – Analysis-Review Platform for ILookIX
- PST-OST Extended Media Email Recovery
- Developer Interface (IDE)
- Miniapp IDE & Miniapp Runtime Access for Plugins
- IXImager v3
- System Requirements for ILooKIX
- Data capture, analysis, investigation and dissemination
- The most advanced imaging solution available
- An easy-to-use interface
- Five built-in, fast and thorough search engines
- Built-in development environment
- Built-in file viewers for hundreds of file types
- The leading salvage engine
- Extremely fast hash engines and automated data reduction techniques
- Built-in e-mail store processing, searching and viewing
- Filesystem, file and e-mail recovery
- Multiple categorization features
- Registry viewing and searching
- Virus/Trojan search and identification
- VMware virtual disk production from devices or images
- Context dictionary production for password cracking
- IVault data store preparation and production
- Support for all common archive file formats
- Deconstruction of evidentially useful file types
- Sorting, grouping and filtering of files and e-mail.
- Advanced analysis functions
- Advanced MS Outlook e-mail recovery
- Password protected file detection
What Our Customers Are Saying:
"He called me with great concern and panic. I advised him to hook the drive up and use the IXImager and try to image the drive before doing anything else with it. IXImager reported a HPA, we (me by phone) chose to disable and proceeded to image the drive with the image sets. He now has an image of the drive he can view and has the ability to copy out the image file sets from his ILook image, etc."
- Federal Computer
Expert Witness Image Format Support
ILookIX provides an optional capability to analyze image files that are named “E01”. This commonly refers to image files made in the Expert Witness image format, but there is no public standard for files that call themselves .E01. The ILookIX analysis of E01 files cannot be guaranteed in all cases, as the images themselves are generated by a number of different applications and hardware, none of which appear able to identify themselves to the forensic program analyzing them. Perlustro has official format documentation for the Expert Witness format courtesy of ASRData Inc., but ONLY for that specification of E01.
If the tool’s identity cannot be determined, then likewise, any analysis could be suspect, simply due to the disparities in imaging tools already published in independent tests. Who, what, or how this file type was made, are intrinsic to ILookIX’s analysis behavior and treatment. For instance, no authentication report can be generated for this type because insufficient data exists to create one using our standards.
This truly murky water of parentage does not lie at the feet of Perlustro’s image formats, or any of its tools. Every image of any source created by any Perlustro imaging product is an evidentiary container which authenticates itself as well as the specific product that created it. There will be no analysis in ILookIX of any file, regardless of its name, if it simply purports to be a Perlustro product, but isn’t “Genuine Perlustro”.
All Perlustro image formats, ITAR, FUSUS and IX .asb formats, support that proof of concept. And of note, while ILookIX makes VMDK images by default, it cannot directly authenticate even those files except by the original source; and then, only through hashing the data, which is not necessarily sufficient alone for authentication of evidence. However, ILookIX can, at any point, provide proof as to which one of our tools created our images – and much more.
The bounds we have created for this issue are as follows: should any court of State or National Jurisdiction call into question this issue, where ILookIX cannot report the source software/hardware used to create the image files that are under examination; then Perlustro cannot support that image if it was not created by Perlustro, and that includes raw bitstream images. The Perlustro tools were built by law enforcement, for law enforcement, for reasons of evidence preservation and protection for all parties. They were not built just for interoperability or convenience at any cost.
Given the stakes of criminal evidentiary analysis, as opposed to information analysis, we do not find any other recourse to take that is both equitable and compliant with our own standards, those of NIST, and common sense.
NOTE: See http://www.cftt.nist.gov/DA-ATP-pc-01.pdf, in particular tests DA-AM-09, DA-A0-03 , DA-A0-06,07 & 08, DA-A0-22
(Notably, Perlustro builds the only tools that transfer proprietary image formats of any loadable type directly to a GPL documented and Federally approved compressed image format (VMDK), which can then be opened by a plethora of both open and closed source tools for validation purposes or for perpetual retention. This form frees the user from any reliance on, or requirement for, any Perlustro product in the further analysis or access to the data at a later date)