I just wanted to give an announcement about an open source program that I've been working on for a while. This is the first public post that has been made about it outside of just the development circle so anyway here goes
Absolution is an open source computer forensics tool that assists in the analysis and extraction of important information from bulk data. As of this writing, June 1st, 2013, Absolution’s third public release and first beta release (Code named “Compassion”) has been placed on SourceForge.net. The software is written in C# for Microsoft Windows platforms using Visual Studio 2013.
…or for a little more info
…or if you want to watch a powerpoint about the project
Primary project goal
Provide a comprehensive computer forensics data analysis tool that is simple enough for any reasonably tech savvy individual to use.
Features
• File Identification (by magic bytes, contents, and extension)
• Collection of data from web browsers (caches, lists, cookies, etc.)
• Identification of HTML files by contents
• Registry Hive Examinations (live and hive files)
• Internal sandboxed scripting language
• Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, …)
• Email Collection (Outlook PST, RFC822 mailboxes)
• Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from)
• Archive Content Searching (ZIP, RAR, TAR, GZ, 7Z, etc.)
• Microsoft Event Logs
• User definable reporting
• Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data)
• File and Email Attachment Exfiltration
• All output and storage in XML format – completely interoperable
• Hash matching using the NSRL hash database
• Lots of cool nice-to-haves like geo-location extraction and search engine queries…
Because this is still a test release, Absolution isn’t “bug free” and will remain in beta until January 1st, 2014. Please keep in mind Absolution is mostly the work of a single developer (+other open source projects that were integrated.) I would greatly appreciate people trying it, giving feedback, reporting bugs, explain your needs that Absolution might be able to solve, and be part of a fresh community that can help bring a big program with a simple idea to its full potential.
Why open source? Imagine the possibilities. As a programmer and considerable nerd, I have my own reasons for wanting to deep dive data, but the reasons other people have are innumerable. For example, law enforcement wants it to help solve crimes or locate missing people, litigators need it to help locate violations of contacts and legal agreements, security experts need it to locate malicious software and locate hacker activities, parents can use it to help locate missing children, businesses need to locate data leaks, and more. Absolution is open source for the reason it could benefit people who can just use it when they need it; and if that makes a difference that could save a life, reunite a family, or right a few wrongs, then it’s worth it for me to write it.
Sincerely,
Eric Knight, Programmer