Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Sergioramos
New Today: 0
New Yesterday: 3
Overall: 29353

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 A question for students and newbies
 E-DISCOVERY & DATA RECOVERY? WHICH ONE IS BETTER?
 Computer Forensic in e-commerce
 Computer Forensic as component in Information Security
 Small Business - Do You Prepared?

Computer Forensics World Forums


Pages Served
We received
51206056
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Open Source Tool - Absolution
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Open Source Tool - Absolution

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools
View previous topic :: View next topic  
Author Message
datendrache
Newbie
Newbie


Joined: Jun 01, 2013
Posts: 1

PostPosted: Sun Jun 02, 2013 12:47 pm    Post subject: Open Source Tool - Absolution Reply with quote

Greetings Everyone,

I've been writing an open source tool for *ahem* quite a while but really haven't been telling people about it. I've just made it to a point where it could be considered Beta and wanted to share it with folks to get more feedback and help take it forward. Here's the details:

Absolution is an open source computer forensics tool that assists in the analysis and extraction of important information from bulk data. As of this writing, June 1st, 2013, Absolution’s third public release and first beta release (Code named “Compassion”) has been placed on SourceForge.net. The software is written in C# for Microsoft Windows platforms using Visual Studio 2013.

sourceforge.net/projects/absolution

…or if you want to watch a powerpoint about the project:

youtube.com/watch?v=ERUhG8pXUc4

Primary project goal:

Provide a comprehensive computer forensics data analysis tool that is simple enough for any reasonably tech savvy individual to use.

Features:
• File Identification (by magic bytes, contents, and extension)
• Collection of data from web browsers (caches, lists, cookies, etc.)
• Identification of HTML files by contents
• Registry Hive Examinations (live and hive files)
• Internal sandboxed scripting language
• Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, …)
• Email Collection (Outlook PST, RFC822 mailboxes)
• Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from)
• Archive Content Searching (ZIP, RAR, TAR, GZ, 7Z, etc.)
• Microsoft Event Logs
• User definable reporting
• Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data)
• File and Email Attachment Exfiltration
• All output and storage in XML format – completely interoperable
• Hash matching using the NSRL hash database
• Lots of cool nice-to-haves like geo-location extraction and search engine queries…

Because this is still a test release, Absolution isn’t “bug free” and will remain in beta until January 1st, 2014. Please keep in mind Absolution is mostly the work of a single developer (+other open source projects that were integrated.) I would greatly appreciate people trying it, giving feedback, reporting bugs, explain your needs that Absolution might be able to solve, and be part of a fresh community that can help bring a big program with a simple idea to its full potential.

Why open source? Imagine the possibilities. As a programmer and considerable nerd, I have my own reasons for wanting to deep dive data, but the reasons other people have are innumerable. For example, law enforcement wants it to help solve crimes or locate missing people, litigators need it to help locate violations of contacts and legal agreements, security experts need it to locate malicious software and locate hacker activities, parents can use it to help locate missing children, businesses need to locate data leaks, and more. Absolution is open source for the reason it could benefit people who can just use it when they need it; and if that makes a difference that could save a life, reunite a family, or right a few wrongs, then it’s worth it for me to write it.

Thanks a bunch for your attention,

Eric Knight, Programmer
Back to top
View user's profile
DavisD
Newbie
Newbie


Joined: Apr 08, 2016
Posts: 1

PostPosted: Sat Apr 09, 2016 1:32 am    Post subject: Computer wiped except.... Reply with quote

I have a Win 7 work station that was wiped but none of the data in the \CryptnetUrlCache folder was touched.
Can your software extract anything from that?
Back to top
View user's profile Visit poster's website
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Sat Apr 09, 2016 11:43 am    Post subject: Reply with quote

First, looking at the project page on sourceforge it looks like he has abandoned the project. Second, how do you wipe a system and still leave files and directories "untouched"? Third, you should be able to look at the contents of the files in there with a simple hex editor.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.