ABSTRACT
Now let us take a look at ILook, a forensics tool used to analyze images of computer hard drives. We will not be going through our murder case with Patty as in the prior chapters with EnCase and AccessData. Instead, I will be providing an overview of this forensic tool and what procedures to follow to use this tool in the course of an investigation that involves e-mail messages, in particular Microsoft Exchange.pst files. This software was originally engineered by Elliot Spencer, and it is provided to law enforcement agencies globally at no charge. The IRS (Internal Revenue Service) makes this software available through its Electronic Crimes Program. ILook utilizes the Hashkeeper Database, which is maintained by the Department of Justice National Drug Intelligence Center. Some hash tables from the NIST NSRL are also included.
