whilst mowing the astroturf is a worthy task, isn't it just feeding the army of l̶e̶g̶i̶t̶i̶m̶a̶t̶e̶ ̶i̶l̶o̶o̶k̶ ̶u̶s̶e̶r̶s̶ turfers ?
Well, as I see it, if we can have some good answers to (hopefully good) questions, the alone of mystery (further fogged by the marketing hype and the previously recorded astroturfing ) may dissipate and a few rays of sun may let people see the actual tool for what it is (whatever it is).
Knowledge, facts and data are never - in my perverted mind - a bad thing.
jaclaz
If you are OK with it, here (and in public) seems like the right place to ask and reply questions.
Of course you are perfectly free to not answer questions that may conflict with any NDA or revealing any trade secret or the like.I have a few technical questions.
From the scarce documentation I could gather it seems to me that the initial versions of the software, up to around 2007, i.e. until the software was financed by one or the other US Gov. Agency, was Linux based, while the current version runs on and *needs*
- Microsoft Server 2008 X64
- Microsoft SQL Server
- .NET platform
Questions
- Is the above correct?
- When exactly the switch (if any) occurred in the software?
- Which versions were tested/used by NIST?
- Another question is (provided that the "main" tool uses Server 2008 and SQL server) is also the IXimager Windows based or Linux based?
- Finally, is the IXimager intended to be used with or without a writeblocker?
[/listo]
jaclaz
I don't know any trade secrets so that shouldn't be an issue. . . .
1. ILookIX is a suite of products. IlookIX itself runs on Windows 7 Business, Professional or Ultimate 64 bit or Microsoft Server 2008 x64. Microsfot SQL Server is included and required. I believe that SQLServer requires .Net platform so therefore ILOOKix requires it as well.
2. ILook8 which was available up until 2007 when it was supported by the US government and Eliot (and the British government?) did not make use of SQLServer 2008. I am not a programmer so could not tell you how it worked or what the underlying platform was or what language it was written in.
3. I am not up on all the NIST stuff but I do know that IXIMager2 was tested by NIST (IX3 is now in use). I am also aware of the latest NIST data made available by them for Deleted File Recovery testing but do not believe they have actually published any tests. All their published tests are fully publicly available on the internet so anyone with a real interest should be able to find them.
4. IXImager is a CD/USB boot device created from within ILOOKix, used to image devices and memory. It uses a proprietary linux kernel, and produces a proprietary image file.
5. IXImager is intended to be used without a writeblocker.
6. You didn't ask but another part of the suite is an imager called ISeekImager and it is designed for imaging running Windows systems (in case of encryption or any reason someone thinks they need to image a running machine)
I hope that answered your questions without "astroturfing".
Debbie
Sorry, missed the question about the old ILook version running on Linux.
ILook 7 and 8, which were the versions I used prior to 2008, ran on Windows, initially Windows 95/98 and then Windows XP.
Debbie
Good ) so we can say that the actual IlookX is (and has always been) Windows based and that IxImager is (and has always been) Linux based.
Thanks for clearing this aspect that wasn't clear at all to me.
This poses however a further question
4. IXImager is a CD/USB boot device created from within ILOOKix, used to image devices and memory. It uses a proprietary linux kernel, and produces a proprietary image file.
The proprietary image format(s) are briefly described here
http//
But a proprietary Linux kernel isn't AFAIK possible at all if it is distributed to third parties and under a "proprietary" EULA, which I presume is still this one (or similar to it)
http//
but I am not an expert on GPL and related matters.
Or maybe it is not a Linux kernel and it is another thing instead
http//
The entire integrated system of IXImager, as well as the microkernel source code it consists of, are 100% engineered Perlustro products.
A Linux is AFAIK not a micro-kernel, but a monolithic kernel (and debate on the two models have been carried for what 20 years?)
It would be nice if this aspect would be cleared, though I presume that only the developers may do that.
jaclaz
I'm probably not using the correct terminology. The kernel is not debian or red hat or anything like that.
We were able to write to NTFS using it long before it was common for linux users to be able to write to NTFS.
When transaction logs (I think that is the correct term) were being changed by other Linux boot CDs, that did not happen with IXImager.
So, not sure what the correct term is, but it is not just any old Linux.
So, not sure what the correct term is, but it is not just any old Linux.
The point was not really about it being an "old or new" Linux, was only about it being or not "a" Linux
http//
An OS that is released under the GNU GPL cannot AFAIK be re-released "as is" or in "modified" form under any other non-compatible to GNU GPL License
http//
If it is a "brand new" micro-kernel (or monolithic kernel), 100% engineered by the good Perlustro guys, it is OK (and it is NOT Linux).
jaclaz
It seems I can't help you with your question. Sorry, just a user ?
from Perlustor's website
VP Engineering, Erik Andersen
Copyright holder of BusyBox©, uClibc© and Buildroot© technologies
Linux Kernel developer, Linux application developer, member of Linux developer community
Designer of hardware and software embedded systems using BusyBox© and, uClibc©
IXimager is Erik's kid! Go and ask him for some info…
from Perlustor's website
VP Engineering, Erik Andersen
….IXimager is Erik's kid! Go and ask him for some info…
I might do that, thanks ) , though what I was asking was something slightly different, that a licensed user of the IlookIX and IXImager should know, i.e. which EULA/License/Agreement/whatever are the tools licensed under?
I cannot find the text of the License(s) anywhere (if not the already linked to on the old site).
jaclaz
I am a very happy ILooKIX user FWIW and a full time police officer. I am a detective and lead my county's computer forensics laboratory. We are an affiliate of the Pennsylvania ICAC Task Force. The lab receives computers and cell phones from every crime in the PA Crimes Code. We also assist ICE as part of their child exploitation task force. ILooKIX is our computer forensics tool. I have personally met Siggi and dacton and know them to be full time law enforcement officers from agencies outside the United States. I don't much about EnCase and FTK so I won't bash their products. I got involved in computer forensics around 2004 and used ILook v7 because it was free. Later I used v8 for the same reason. I can also say that anyone who has purchased ILooKIX has easy access to Jim Baker, the boss at Perlustro. I'm not sure the man sleeps more than a couple of hours per day.
I don't know if that helps clarify anything or not, but that's my two cents.
Detective Ryan Parthemore
Upper Allen Township Police Department
100 Gettysburg Pike
Mechanicsburg, PA 17055-5604
Ph 717.795.2445 Fax 717.790.9410
http//