Open Source Tool - Absolution


May 31, 2013
3
0
#1
Greetings Everyone,

I've been writing an open source tool for *ahem* quite a while but really haven't been telling people about it. I've just made it to a point where it could be considered Beta and wanted to share it with folks to get more feedback and help take it forward. Here's the details:

Absolution is an open source computer forensics tool that assists in the analysis and extraction of important information from bulk data. As of this writing, June 1st, 2013, Absolution’s third public release and first beta release (Code named “Compassion”) has been placed on SourceForge.net. The software is written in C# for Microsoft Windows platforms using Visual Studio 2013.

sourceforge.net/projects/absolution

…or if you want to watch a powerpoint about the project:

youtube.com/watch?v=ERUhG8pXUc4

Primary project goal:

Provide a comprehensive computer forensics data analysis tool that is simple enough for any reasonably tech savvy individual to use.

Features:
• File Identification (by magic bytes, contents, and extension)
• Collection of data from web browsers (caches, lists, cookies, etc.)
• Identification of HTML files by contents
• Registry Hive Examinations (live and hive files)
• Internal sandboxed scripting language
• Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, …)
• Email Collection (Outlook PST, RFC822 mailboxes)
• Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from)
• Archive Content Searching (ZIP, RAR, TAR, GZ, 7Z, etc.)
• Microsoft Event Logs
• User definable reporting
• Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data)
• File and Email Attachment Exfiltration
• All output and storage in XML format – completely interoperable
• Hash matching using the NSRL hash database
• Lots of cool nice-to-haves like geo-location extraction and search engine queries…

Because this is still a test release, Absolution isn’t “bug free” and will remain in beta until January 1st, 2014. Please keep in mind Absolution is mostly the work of a single developer (+other open source projects that were integrated.) I would greatly appreciate people trying it, giving feedback, reporting bugs, explain your needs that Absolution might be able to solve, and be part of a fresh community that can help bring a big program with a simple idea to its full potential.

Why open source? Imagine the possibilities. As a programmer and considerable nerd, I have my own reasons for wanting to deep dive data, but the reasons other people have are innumerable. For example, law enforcement wants it to help solve crimes or locate missing people, litigators need it to help locate violations of contacts and legal agreements, security experts need it to locate malicious software and locate hacker activities, parents can use it to help locate missing children, businesses need to locate data leaks, and more. Absolution is open source for the reason it could benefit people who can just use it when they need it; and if that makes a difference that could save a life, reunite a family, or right a few wrongs, then it’s worth it for me to write it.

Thanks a bunch for your attention,

Eric Knight, Programmer
 

DavisD

New Member
Apr 7, 2016
4
0
#2
Computer wiped except....

<t>I have a Win 7 work station that was wiped but none of the data in the \CryptnetUrlCache folder was touched.<br/>
Can your software extract anything from that?</t>
 

cybercop

Administrator
Oct 31, 2005
1,660
0
#3
First, looking at the project page on sourceforge it looks like he has abandoned the project. Second, how do you wipe a system and still leave files and directories "untouched"? Third, you should be able to look at the contents of the files in there with a simple hex editor.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu