I've recently finished developing an IM forensics tool meant for on-scene evidence acquisition of data left by the usage of AIM, MSN, and Yahoo instant messengers. I've done a lot of beta testing on my own, and a little with my local police department, but I'm still looking for feedback from others.
If you'd be interested in trying it, post here and I'll send you a free copy.
EDIT 5
EDIT
Alright, since the PM system doesn't seem to like how many messages I'm sending and my outbox appears to be stuck, I'll just post a link to the file in this thread.
This zip contains the program itself plus a generic license that expires in one month
Enjoy, and please send me any questions or comments.
EDIT 2
Thanks for the feedback so far. I'm really trying to respond the the PMs I'm receiving, but for some reason they're just not sending. If you need to contact me with questions or error reports, please post here or email me at alex @ alexbarnett.com.
EDIT 4
I've added a version of the program that can be run locally (does not require a removable drive), but requires the .NET framework. It can be downloaded
EDIT 3
Bugs fixed thanks to your feedback
Version 1.17 - Fixed a bug that sometimes caused the program to disappear behind other programs while launching.
Version 1.16 - License not found workaround. If the program can't find the license, it will now prompt you to select the license from a file browser dialog. Also, the program must now be run from a removable storage device (unless you are using the non-virtual app version).
Version 1.15 - Program no longer crashes if your date format is DD/MM/YYYY instead of MM/DD/YYYY
Version 1.1 - Program is now a portable app with all dependencies packaged with the exe (ie, the .NET framework is no longer required on the host system).
Hello. A few questions
Is it used on a live computer (via CD or external HDD)?
Is it used with a writeblocker connected to a removed?
Is it used with a boot disk?
and/or
Can it be used against the common forensic images (e01 and dd)?
Have you compared it against other tools that have similar capabilities?
Is it limited to a specific Operating System(s)?
I look forward to reading your response.
Thank you,
Chris Currier
Is it used on a live computer (via CD or external HDD)?
It's intended to be used on a live computer, yes. It's meant to be put on a thumb drive (no installation required, just run the .exe) and taken to a scene for live analysis.
Is it used with a writeblocker connected to a removed?
It can be, yes. It does not write to the source drive when in use, so a write blocker is fine.
Is it used with a boot disk?
It's just a stand-alone executable. It does import data, so while it can be burned to a CD, you'd need another writable source to store data to.
Can it be used against the common forensic images (e01 and dd)?
Unfortunately, it cannot read image files.
Have you compared it against other tools that have similar capabilities?
Unfortunately I do not have access to other similar tools. I think my user interface is more user-friendly though.
Is it limited to a specific Operating System(s)?
It can only read Windows 2000 and forward.
Let me know if you have any other questions.
I'd be interested in testing it out.
Sounds interesting, -)
What versions of those programs does your software support?
Do you have a form to go along with the program where you would like specific areas tested under certain circumstances and have that reported back to you.
I'd be happy to test it out. Can you pm a link plz.
Thanks.
I'd be interesting in testing this out as well!
I'd be interested in trying it out too!
Are you considering adding other platforms to it's capability?
I would also be interested in trying it out.
I'd like to give it a shot, too.
I would greatly appreciate a copy for testing and validation.
Trooper Robert J. Boggs
WV State Police Digital Forensics Unit
Marshall University Forensic Science Center