Absolution Compassion Code Branch
Release June 1st, 2013
Absolution Compassion is the first beta development branch of the Absolution computer forensics software. Absolution provides forensic collection, analysis and reporting for an investigator attempting to gather information and/or evidence about activities performed on a computer.
Provide a comprehensive computer forensics data analysis tool that is simple enough for any reasonably tech savvy individual to use.
· Compliant with all standards for forensics software.
· Extensible architecture that produces universally usable XML output.
· Provide as many automatable steps for forensics as possible.
· Improve performance of all forensic steps.
· To be useful for people needing rapid forensic response.
· File Identification (by magic bytes, contents, and extension)
· Collection of data from web browsers (caches, lists, cookies, etc.)
· Identification of HTML files by contents
· Registry Hive Examinations (live and hive files)
· Internal sandboxed scripting language
· Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent,
· Email Collection (Outlook, RFC822 mailboxes)
· Regex Pattern Matching (ANSI, UTF-8, UTF-16 supported, lots of default patterns to choose from)
· Archive Content Searching (ZIP, RAR, TAR, GZ, BZ, 7Z, etc.)
· Microsoft Event Logs
· User definable reporting
· Investigation Tools (Search Engines, Timeline, Master Index, Raw Data, Report Data)
· File Exfiltration
· All output and storage in XML format completely interoperable
· Hash matching using the NSRL hash database
· Lots of cool nice-to-haves like geo-location extraction and search engine queries
Goals of Branch:
Absolution 0.3 aka Compassion is Beta software. The goals of this branch are to bring the program as close to a viable commercial software package as possible.
Goal 1: To implement necessary speed improvements and optimizations to maximize performance as a whole
Goal 2: Support compressed archives and compression schemes in general
Goal 3: To enhance extraction of metadata from documents
Goal 4: Collect electronic mail and perform indexing on their contents
Goal 5: To provide a "master index" and supporting tools that consolidates all discoveries by Absolution.
Goal 6: Support iterative searches for the same data set for forensics analysis
Goal 7: Create support framework for e-Discovery and data exfiltration
Goal 8: Improve the investigation tool to provide cases, deeper investigations, and visualization.
Goal 9: Remove as many bugs as possible from previous branches
· Quad-core or larger Intel i7/Xeon processor or AMD FX 8100+ series CPU.
· A minimum of 4 gigabytes of RAM
· At least 10 gigabytes of free drive space, SSD preferred.
· Windows 7 x64, Vista, or Server 2008.
· .NET Framework 4.5 or later
Other changes of note:
One of the major changes was using .NET Framework 4.5, which should spell the end of the line for Windows XP/Server 2003 support. The inclusion of Lucene.NET forced the issue to upgrade to 4.5.