Posted: Sun Jun 02, 2013 12:47 pm Post subject: Open Source Tool - Absolution
I've been writing an open source tool for *ahem* quite a while but really haven't been telling people about it. I've just made it to a point where it could be considered Beta and wanted to share it with folks to get more feedback and help take it forward. Here's the details:
Absolution is an open source computer forensics tool that assists in the analysis and extraction of important information from bulk data. As of this writing, June 1st, 2013, Absolution’s third public release and first beta release (Code named “Compassion”) has been placed on SourceForge.net. The software is written in C# for Microsoft Windows platforms using Visual Studio 2013.
…or if you want to watch a powerpoint about the project:
Primary project goal:
Provide a comprehensive computer forensics data analysis tool that is simple enough for any reasonably tech savvy individual to use.
• File Identification (by magic bytes, contents, and extension)
• Collection of data from web browsers (caches, lists, cookies, etc.)
• Identification of HTML files by contents
• Registry Hive Examinations (live and hive files)
• Internal sandboxed scripting language
• Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, …)
• Email Collection (Outlook PST, RFC822 mailboxes)
• Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from)
• Archive Content Searching (ZIP, RAR, TAR, GZ, 7Z, etc.)
• Microsoft Event Logs
• User definable reporting
• Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data)
• File and Email Attachment Exfiltration
• All output and storage in XML format – completely interoperable
• Hash matching using the NSRL hash database
• Lots of cool nice-to-haves like geo-location extraction and search engine queries…
Because this is still a test release, Absolution isn’t “bug free” and will remain in beta until January 1st, 2014. Please keep in mind Absolution is mostly the work of a single developer (+other open source projects that were integrated.) I would greatly appreciate people trying it, giving feedback, reporting bugs, explain your needs that Absolution might be able to solve, and be part of a fresh community that can help bring a big program with a simple idea to its full potential.
Why open source? Imagine the possibilities. As a programmer and considerable nerd, I have my own reasons for wanting to deep dive data, but the reasons other people have are innumerable. For example, law enforcement wants it to help solve crimes or locate missing people, litigators need it to help locate violations of contacts and legal agreements, security experts need it to locate malicious software and locate hacker activities, parents can use it to help locate missing children, businesses need to locate data leaks, and more. Absolution is open source for the reason it could benefit people who can just use it when they need it; and if that makes a difference that could save a life, reunite a family, or right a few wrongs, then it’s worth it for me to write it.
Joined: Nov 01, 2005 Posts: 551 Location: Marion, Indiana, USA
Posted: Sat Apr 09, 2016 11:43 am Post subject:
First, looking at the project page on sourceforge it looks like he has abandoned the project. Second, how do you wipe a system and still leave files and directories "untouched"? Third, you should be able to look at the contents of the files in there with a simple hex editor.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum