Home
Name Modified Size Downloads / Week Status
Totals: 5 Items   5.3 kB 1
Manual and Documentation 2014-03-19 11 weekly downloads
Source 2014-03-19 1313 weekly downloads
Binaries 2014-03-19 99 weekly downloads
Development 2013-06-18 11 weekly downloads
README.txt 2014-03-19 5.3 kB 11 weekly downloads
Absolution™ – “Deterrence” Code Branch Absolution “Deterrence” is the second beta release of the Absolution computer forensics and eDiscovery software. Absolution provides forensic collection, analysis and reporting for an investigator attempting to gather information and/or evidence about activities performed on a computer. Mission: Provide a comprehensive computer forensics data analysis tool that is simple enough for any tech savvy individual to use. Objectives: * Compliant with all standards for forensics software. * Extensible architecture that produces universally usable XML output. * Provide as many automatable steps for forensics as possible. * Improve performance of all forensic analysis steps. * To be useful for people needing rapid forensic response. Features: * File Identification (by magic bytes, contents, and extension) * Collection of data from web browsers (caches, lists, cookies, etc.) * Identification of HTML files by contents * Registry Hive Examinations (live and hive files) * Internal sandboxed scripting language. * Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, …) * Email Collection (Outlook, RFC822 mailboxes) * Comparison of collections (i.e., see what data changed between two points of time.) * Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from) * Archive Content Searching (ZIP, RAR, TAR, GZ, BZ, 7Z, etc.) * Microsoft Event Logs * User definable reporting * Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data) * File Exfiltration * All output and storage in XML format – completely interoperable with 3rd party tools * Hash matching using the NSRL hash database * Lots of cool nice-to-haves like geo-location extraction and search engine queries… Goals of Branch: Absolution 0.5 aka “Deterrence” is the second beta. The goal of this branch is to advance development potential of Absolution, enhance stability, and extend its primary capabilities to new audiences. Goal 1: To create both an Absolution Library (absolutionlib.dll) and a command line (abscc.exe) version of Absolution to extend development for the community. Goal 2: To fix all reported bugs, performance issues, and address user needs. Of interest: improved both memory and file reading performance, faster report generation, lighter platform requirements, and handling of parallelized processing. Goal 3: To add support of comparing two different runs (the Comparison Tool) Goal 4: To enhance the search by including techniques described in forensic books, magazines, and internet articles. Goal 5: Extend testing to other Windows platforms besides Windows 7 (in fact, starting development with a tablet mindset using Windows 8.) Goal 6: To divide Absolution into primary components: Sub-goal 1: Creation of a .DLL for the Fatum code framework Sub-goal 2: Creation of a .DLL for the Absolution forensics framework Sub-goal 3: Creation of a Command Line version of Absolution Goal 7: Double the number of configurable options for a scan Goal 8: Support an “All Memory” scanning option for smaller loads, such as a single file or directory, in order to improve performance for metadata gathering. (Perfect for the command line!) Goal 9: Update and improve the methods of handling external libraries, namely Lucene.NET and SharpCompress, both of which are using standard distribution 64 bit DLLs instead of imported source code. Goal 10: Add a duplicate file handling utility to assist management of duplicate files. Goal 11: Add timeline support to the Investigator Goal 12: Improve the Analysis phase of Absolution to have compiled “high speed” activities as well as the scripting activities. Other changes: * Improved speed and depth of file identification capabilities. * XML file identification framework. * Standardization of XML data naming conventions. * Streamlined Archive reading requires less memory and higher performance. * Changed metadata collection process to be multithreaded. * Optimized FatumCore and Reporter to use less memory operations. * Created additional traps and “bad data handlers” inside of the metadata extraction tool. Platform Requirements: * Quad-core or larger CPU (Requirements have been lowered from previous releases.) * A minimum of 8 gigabytes of RAM, but it helps to have more. * At least 10 gigabytes of free drive space, SSD preferred. * Windows 8 x64, Windows 7 x64, Vista x64, Server 2008 x64, or Server 2013 x64. * .NET Framework 4.5 or later Notable Bug Fixes: * Fixed memory exhaustion during traversal of very large archives * Fixed error preventing an examination of less than 32 total files * Fixed incorrect statistics with files inside of archives * Fixed various collection issues that would have resulted in confusing results * Fixed sorting problems in the reporting system that would lead to resource exhaustion. * Fixed problems with using ReadPST to extract data from corrupted archives. * Fixed issues with PDFSharp to properly capture failure events.
Source: README.txt, updated 2014-03-19