±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 1
New Yesterday: 7
Overall: 26816
Visitors: 49

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

ILooKIX - What do you think?

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next 
  

Re: ILooKIX - What do you think?

Post Posted: Fri Nov 23, 2012 5:09 pm

- Patrick4n6
So post your real name and company and we'll know whether your endorsement is worth a damn.


Thanks for your kind words and the warm reception in the forum! Working for LEO in Germany I'll do NOT post my real name here! Accept it or ignore me. I don't have to explain it in any way.

About NIST certification, I might have misunderstood something, so I asked Mr. Jim Baker, CEO Perlustro LP and he answered as followed allowing me to post it here:

Clarification if there is a misunderstanding of what NIST has done

I frankly don’t know whether I could describe NIST as “testing software” or not, for qualification uses in any scenario. I do know what the facts are of published tests that have been produced BY NIST. Such as the IXimager test here : www.nij.gov/pubs-sum/217678.htm All I am concerned with is published “standards or measurements”. That is after all, what they do at NIST.

Now, whether or not that is deemed a “certification” , which seems to vary by country, is not the point of my recent email announcing PERLUSTRO test results using the NIST forensics test platform documents. The point of that was simple, Perlustro has published its OWN tests which are now public as to total results, for Perlustro customers of the NIST tests (standards) which are published. I have no idea if any users of other tools would achieve the same result or not – but THAT is not the point of the NIST test whatsoever. In fact, what any tool finds is probably not the point except for someone who had every tool there is and wanted to compare them all at one time, a point I would guess NIST does not intend on publishing since that is not their primary mission, but I truly don’t know that nor do I care about how other tools fare on the tests. My point is only PERLUSTRO PASSES THE PUBLISHED TESTS of DFR ! Anything else is a user decision we are not involved in. While not speaking for anything but NIST published documents, the reason for the test data and result data seems abundantly clear. Anyone that miscommunicates that idea to themselves, needs to either disabuse themselves of that notion by further research, or find error with NIST, but they cannot find error with Perlustro. We took the tests, all that have been published to date, we have OUR Results, and we have said we will publish them. Period.

This is childishly simple in theory and practice, but since evidently some want to argue it, I’ll recite a smaller summary. NIST in fact did publish test data, and NIST published result data. They did this to provide “confidence” to the community that does forensics work. The results ARE what the results ARE. There is no possibly “other” result achievable from our view, you either find with your tool what NIST says should be found – or you don’t. It would seem to go without saying but I will say it regardless, obviously if ILooKIX didn’t find what NIST said SHOULD be found, we would have had no immediate purpose to publish something that failed to meet the criteria. YOU can read into that whatever you wish. A non customer does NOT have to test Perlustro tools at all, they can test THEIR tools themselves and compare the numbers to the simplistic input Perlustro has now, and will continue, to publish.

The fact Perlustro is the only company to publish the tests in a public webpage (that we can find) speaks to Perlustro’s penchant for the truth, it does not speak to any other tools whatsoever , or to NIST itself, by purpose or intent.

I would suspect many people NOT in the USA would not understand the evidentiary point here so I will make that point hopefully more clear. Even in theory, it would not matter in the USA if you were the greatest forensics lab in the entire country, regardless of how “greatest” is defined, your data and any tests you promulgate have NO EARTHLY way to become “instantly admissible” --------BUT, those of NIST are admissible -------period. Any other source you can find, can certainly be “offered” to be admitted, but there is “no presumption or inditia of reliability” as there is with NIST data. Just as an example, Perlustro is going to publish additional test images for our users only, that provide additional validation testing to the users, but those tests have no ability to be used as an admissible test basis at all. They could be offered, but the admissibility will NOT be decided by the source of them. Construct in your mind if you will the difference between a perceived FACT and a KNOWN admissibility FACTOR. This is first and foremost about admissibility. Secondarily, it is about the facts of any particular case of digital data.

From input I have received in the past week from other countries I can see that NIST admissibility is not necessarily the case in some countries, but I didn’t address the issue outside the USA except to specifically acknowledge there were “other” places the impact was similar. That is what I am told by respected government agency customers and until I see otherwise, I will accept it for its face value.

But, if NIST were in fact not even allowed to be mentioned as a reference in another country, it would not matter at all to Perlustro, since Perlustro is a total USA operated business. It in fact DOES matter to Perlustro that NIST exists for the same reasons it has existed for over 100 years, they are the keeper of measurement standards in the UNITED STATES OF AMERICA. www.nist.gov/public_af...andyou.cfm Parenthetically I should note, since we are communicating ON the internet. Indeed, NIST reaches more places than many would give it credit and the Internet itself – so far anyway – resides fully within the TIME keeping responsibilities of NIST since they in fact do measure TIME in the USA, relative to UTC, in addition to promoting forensics tests J

www.time.gov/about.html Unless Congress changes their direction, people who quibble over semantics just looking for a scapegoat for their own tools perhaps should use the forensics tests at

web.consumerreports.or...er_reports

I leave you with what seems an appropriate quote from A. Lincoln : “I am a firm believer in the people. If given the truth, they can be depended upon to meet any national crisis. The great point is to bring them the real facts. “

Perlustro
 

Siggi
Newbie
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Sat Nov 24, 2012 6:52 am

- Siggi

About NIST certification, I might have misunderstood something, so I asked Mr. Jim Baker, CEO Perlustro LP and he answered as followed allowing me to post it here:

And the point is? Question
The document simply says what tests an ancient version (Version 2.0, Feb-01 2006) of a part of the software (the IXimager) was subject to and how that version (BTW at the time LE only) passed those tests.

Which is very, very good. Very Happy
Here is the list of currently published "Disk Imaging" related documents:
www.cftt.nist.gov/disk_imaging.htm
It is easy to see how some of the other "commonly used" tools did not pass fully the Nist tests.

The already posted:
www.forensicfocus.com/...1/#6562161
is about the HYPE that is given to those tests and their results on the internet page:
www.perlustro.com/solu...s/iximager

Try going around saying that your 2012 Ford Focus:
en.wikipedia.org/wiki/...h_America)
en.wikipedia.org/wiki/...eneration)
is safe because the results of a crash test performed on the 2006 model were satisfactory.
And that because it has been filmed in Melrose Place:
www.imcdb.org/vehicle_...Focus.html
and in NCIS Los Angeles
www.imcdb.org/vehicle_...-2000.html
it is the "standard" small sized car in Tv series.


If you want to see how a NIST Certificate looks like (for another "kind" of product, a cryptographic module):
csrc.nist.gov/groups/S...st0022.pdf

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Sun Nov 25, 2012 10:44 pm

Patrick Patrick Patrick no you didn't ROFL. SS or it didn't happen. You promised me you weren't a gamer.
Get online and lets settle this over pong.


- Patrick4n6
- Siggi
BTW: Even if my profile shows me as "newbie", I am doing my job for 15 years meanwhile.


So post your real name and company and we'll know whether your endorsement is worth a damn.

Otherwise your post is marketing hype, and you still haven't responded to the fact that NIST does NOT certify forensic software. This is even worse than when EnCase was claimed to be "court approved" when the judgement simply mentioned that the examiner successfully used EnCase to gather the evidence, thereby approving of the examiner's work, but not the tool.

In the gaming world, they have a saying: "SS or it didn't happen". For those with no prior exposure to this comment it means that if you don't provide a screenshot (SS) of your claimed achievement, then you're lying.

Provide a link to a page hosted by NIST where they officially certify iLook and I'll apologise and admit my mistake. In the mean time though, SS or it didn't happen.

_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 

armresl
Senior Member
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Mon Nov 26, 2012 12:29 am

- Siggi

About NIST certification, I might have misunderstood something, so I asked Mr. Jim Baker, CEO Perlustro LP and he answered as followed allowing me to post it here:


I'm noticing that lots of people who post in threads about iLook seem to be able to email highly placed people at Perlustro at whim and get instant replies.

Just confirms for me that this is a pure marketing exercise and pushes me further from wanting to try this tool. Siggi, you should talk to your marketing people at Perlustro and tell them this approach is just alienating your potential customers, stop with the fake accounts and take a different approach. We are all willing to try new tools and to learn, but we don't respond well to people trying to manipulate and use salesman techniques on us.

If Perlustro is serious about this tool and wants to back up it's claims then I will happily run some like to like tests on basic functionality (imaging hard drives, carving data, hashing) if they are willing to provide a "fully functional" trial version (not the limited version because it's a waste of my time to compare oranges to apples).

I'm sure a few other people would be willing as well and then some unbiased comparisons can be posted for us to make an informed choice.

Until then it's all just white noise.

I also find it funny that you don't want to post your place of work and name because you are supposedly a Police Officer (I assumed LEO means Law Enforcement Officer?). Well that makes no sense, criminals all over Germany should know your name and office you work at but you are scared of sharing it will Forensic professionals (largely) in other parts of the world? I have some contacts in the German Police, from my time with the Police in Australia, even just your first name and office and I could at least confirm that much for the skeptics Wink  

Adam10541
Senior Member
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Mon Nov 26, 2012 7:04 am

- Adam10541
...because it's a waste of my time to compare oranges to apples).

JFYI Wink it is considered scientifically acceptable (though futile) comparing apples with oranges:
www.improbable.com/air...pples.html

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Tue Nov 27, 2012 2:46 pm

- Adam10541
I'm noticing that lots of people who post in threads about iLook seem to be able to email highly placed people at Perlustro at whim and get instant replies.

Just confirms for me that this is a pure marketing exercise and pushes me further from wanting to try this tool.


As I wrote, I'm using ILook for 10 years now and all the time there was always a competent contact person reachable if I needed help or informations. Call it "pure marketing exercise" if you want, but I am very happy about this.

And BTW, this is not a fake account. But fighting also against organized crime makes you watch your steps! But if your contacts are as good as you wrote, ask for a city called Bochum...

- Adam10541
If Perlustro is serious about this tool and wants to back up it's claims then I will happily run some like to like tests on basic functionality (imaging hard drives, carving data, hashing) if they are willing to provide a "fully functional" trial version (not the limited version because it's a waste of my time to compare oranges to apples).


Hmm, tell me where you found anything like a limited trial version. AFAIK it doesn't exist.

Quotation of Perlustro's website:

Agencies who are considering more than 10 unit purchases may qualify for a single demonstration version of the standalone tools, ILooKIX and IVault, as well as some of the eDiscovery tools, where appropriate. These products will not be demo “versions”, but full installations, and prerequisites will have to be installed prior to the Perlustro product installations.

Prior ILook licensed user groups of more than 10 qualifying individuals will automatically be considered in this regard. The SaaS term of use will be for 29 days, instead of the default 365 days of use since there will be no purchase, only a contractual agreement. The demonstration-licensed products will only be issued one time for one agency’s consideration. No output from the production of the tools can be published without Perlustro’s permission and no version of SQL Server 08 can be used in the demo version other than the version of Server 08 installation available from Microsoft, in either the Full or Express form.

If you are interested in securing a license for such purposes, and have successfully installed the prerequisites required (all free from Microsoft) please contact volumesales @ perlustro.com.


Try to cantact someone at Perlustro and ask if you are really interested!
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Albert Einstein)  

Siggi
Newbie
 
 
  

Re: ILooKIX - What do you think?

Post Posted: Sun Apr 21, 2013 12:02 pm

I am just going to repost a response that I wrote to a question on another Forum since we're moving the discussion on ilookix to its proper place.

Please ask questions about ilookix and don't ask its users to answer for the hyperbole on the website.

Most of us have corresponded with the developers directly when we have questions and do get direct responses that assist us in doing our jobs. I use the word 'direct' liberally. As you have seen in a few things written by Jim, he never uses 5 words when 20 will do Very Happy He is a bit eccentric.

Siggi is a real person that I have met personally at a conference. I believe when I met him that he had changed jobs from one LE agency to another and was being forced to choose between FTK and EnCase and he was trying to get his new agency to allow him to use ilookix. Good for him, everyone should be able to use the software that they are the most comfortable with, as long as it is not incompetent at what it does.

I have no idea whether Siggi was successful but he was doing it because he has used it for years and it is a really good program, not because he believed all the advertising hype on the website.

This is the quote from the other forum, written by me, another real user. The offer to answer questions about the actual software stands.

It is funny that ILook users are generally very quiet, other than a few who are writing and quoting from stuff taken from the website. I think someone already pointed out that most vendors have their own hyperbole and that users should check things out for themselves. I don't think it is limited to perlustro. There is astroturfing all over the forums - great term, btw - maybe I live under a rock but I had never heard it before. . . .

I think that there is so little penetration into the market for ILook, other than to previous users (people like TWhip and I, and other long time ILook users I have met over the years) that there is no need for forums on how to use it. Current users are very happy with it, as far as I know and most have either been using it for a decade or so, or work with people who have been using it for a long time and have shown them how to use it. If you have ever had training in forensics, then you should be able to understand ILook, it is laid out in the same manner as most other forensic suites, displaying files, hex views, logs, file systems, categories of files, etc., etc. It is very easy and intuitive to use, and very customizable and powerful. There has also been training available from different entities over the years but the developers do not feel that training in the use of software is a sustainable model for a forensic software development company and that forensic training is better left to forensic training companies.

Perlustro would benefit greatly from a professional web designer, a marketing team and a professional technical writer to update the help manual and the online help system. But all they have is a small core of developers who really care about a product that gets right to the root of the file system and displays everything available for the user to make use of as extensively as they are capable of. And they have a core of users that really like the software and know how to use it.

I have a very small business connection to Perlustro as I recognized how badly they needed their help manual updated and I offered to do that for them in return for assistance purchasing a Windows based system to run ILook, and the software needed to work with it (ILook, Windows 7 Ultimate, Word, Acrobat, a few small utilities). I have an Apple ecosystem at home Smile .

I think the investment in equipment and software is split about 50/50 between Perlustro and I and is about $5000. I'm making about 10 cents an hour. Rolling Eyes But the main benefit to me is that I get to learn how to use ILook really, really, well while I am putting it through its paces so I can include screen shots and verify information that is in the manual. But I am working full time and the process is going to take a very long time. If the developers hit the big time with ILook, or any or their other projects, then they can replace me with a real technical writer, but in the meantime, they are just a small American company and I am essentially, a volunteer.

Anyways, like I said, the developers are a bit eccentric, but they write great software and have great customer service.

If anyone has any questions about the software and would like an answer from me, an actual user of ILook in real cases, I'd be happy to take this offline or move it to a forum more suited to the topic.

Debbie  

dacton
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 4 of 10
Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next