Absolution is an e-Discovery and computer forensics investigation tool that collects, analyzes and reports on digital evidence. The premise behind Absolution is to provide a single integrated system for exhaustive and robust examination of bulk data operated in the simplest way possible. In fact, Absolution should be usable by any reasonably tech savvy individual.
Absolution also aims to provide an extensible platform usable by advanced investigators, researchers, auditors, law enforcement, litigators (eDiscovery), enthusiasts, and anyone else that needs to perform a comprehensive search of large amounts of data.
- Fast and Friendly (for a program that reads all the files on the system, that is.)
- Regex Pattern Matching in Files (ANSI, UTF-8, UTF-16 supported, lots of default patterns to search with)
- Searching for forensics data located in the Windows Registry or hive files
- User Definable HTML Reporting
- All output in XML for third party tool compatibility
- File Identification (by magic bytes, contents, and extension)
- Collection of data from web browsers (caches, lists, cookies, etc.)
- Identification of HTML files by content
- Internal sandboxed scripting language
- Metadata Extraction (Microsoft, ODF, Exif, HTML, PDF, BitTorrent, ...)
- Email Collection (Outlook PST, RFC822 mailboxes)
- Archive Content Searching (ZIP, RAR, TAR, GZ, 7z, etc.)
- Microsoft Event Logs
- Investigation Tools (Lucene-powered Search Engine, Timeline, Master Filesystem Index, Raw Data, Report Data)
- File and Email Attachment Data Exfiltration
- Hash matching using the NSRL hash database
- Lots of cool nice-to-haves like geo-location extraction and search engine queries...
Be the first to post a review of Absolution!