Indian Science Technology and Engineering facilities Map
 
Preivious Next  

  Digital Catalogue for Technology and Products Development


   Technology and Product Development

    Basic Information

Technology developed: Win LiFT Windows Live Forensics Tool (TP19769369565)
Category: Product(Hardware/Material/Software)
Details of Inventor(s):
Inventor Institution/Organization/Company Department Designation
Ananthalakshm iAmmal R CDAC-Trivandrum Cyber Security Group Scientist G
Technical Application Area: Other
If 'Other', please specify:
Cyber Forensics
Please give more details of new technical application area:
Win-LiFT is a Windows Live Forensics Tool which collects volatile data from a Windows Computer and analyse it to find forensically sound evidence. Win-LiFT consists Win-LiFTImagerBuilder and Win-LiFTAnalyzer tools. Win-LiFT enables volatile data acquisition using Win-LiFTImager and analysis of the Win-LiFTImagerBuilder, which runs in the Investigator’s machine, builds Win-LiFTImager tool to a USB Device. Win-LiFTImager is a Forensic Volatile Data Acquisition Tool that has the facility for capturing various kinds of volatile artefacts from the Suspect’s machine to the Win-LiFTImager USB. The volatile artefacts that cab be collected includes Running Processes, System Information, Network related information like network Neighbours, Network Connections, Process Port Connections, Routing Table, Network Interfaces etc., Scheduled Jobs, Shared Resources, Services List, Clipboard Content, System Users, PC On/Off Time, Drive Information, Loaded Drivers, Installed Applications, Recycle Bin Information, Printer Information, USB Information, Bluetooth Device Details, Jump Lists etc. The imager too has the facility to dump Physical Memory content from Windows Systems. Win-LiFTAnalyzer analyses the data collected by the Win-LiFTImager and creates a detailed report after analysis. This analysis tool is capable of analysing the Live Forensics data captured by Win-LiFTImager from the Suspect’s machine. The tool does advanced Memory Analysis of Windows Physical Memory dump to extract Running Process and its associated details, Network Information, Internet usage based Information including User Credentials used while browsing, MFT Records, Executable Reconstruction. The tool is capable of doing the structural Analysis of Reconstructed Executables. The tool do Registry Analysis, Event Log Analysis, Browser Forensics of IE, Chrome, Opera, Safari and Firefox. same using Win-LiFTAnalyzer.
Organization(s):
Centre for Development of Advanced Computing (CDAC) Pune
Affiliated Ministry: MeitY, Govt. of India
Type of technology development: Indigenous
Does the technology help in replacing any import items currently
procured from outside India?
Yes
Does the technology have export potential? No
Category of Technology developed: Immediate Deployment
Stage of Development: Commercialized
Please describe in detail including the TRL Level:
The product is indigenously developed and deployed for various Law Enforcement Agencies across India. Some of the LEAs include Kerala Police,NIA,MP Police,IB and CBI. The TRL is 9.

    Abstract:

Applications: 1.Live Forensics Acquisition and Analysis of Volatile Data 2.Hash Verification of Data acquired at analysis side 3.Acquiring Volatile Data of Windows Computers 4.Memory Forensics of Windows Physical Memory dumps 5.Browser Forensics of IE/Edge, Chrome, Firefox, Opera and Safari 6.Windows Event Log Analysis 7.Detailed Report Generation
Advantages: 1.Indigenously developed tool. 2.Minimal tampering of Suspect’s machine ensured 3.Hash Verification 4.Plug-in architecture of Imager to avoid execution of unnecessary programs. 5.Acquire and Analyse Volatile Data of Windows Computers 6.Memory Forensics of Windows Physical Memory dumps 7.Internet Forensics with Memory Dump 8.Process reconstruction to find presence of malwares. 9.Browser Forensics of IE/Edge, Chrome, Firefox, Opera and Safari 10.Windows Event Log Analysis 11.Detailed Report Generation

    Technology Inputs:

Imported Equipment/Spare Parts:
Equipment/Spare Parts Year ITC-HS Code
NIL NA
Indigenous Equipment/Spare Parts:
Equipment/Spare Parts Year ITC-HS Code
NIL NA
Imported Raw Materials:
Raw Materials Year ITC-HS Code
NIL NA
Indigenous Raw Materials:
Raw Materials Year ITC-HS Code
NIL NA
Existing R&D Facilities used:
Facilities Year ITC-HS Code
NIL NA

   Patents & Publications:

Patents:
Filed Patents (No.) Granted Patents (No.) Year
0 0 NA
Publications:
Submitted (No.) Published (No.) Year
0 17 2017-18

    Commercialization Potential:

Who are the Potential Licensees? Law Enforcement Agencies such as IB, Kerala Police, NIA,CBI. Academic Institutions, Competition Commission of India, Income tax etc..
What commercially available products address
the same problem?
Company Product Problem Addressed
Volatility Foundation Volatility Framework Memory Analysis
Would you like to develop this invention further with
corporate research support?
Yes
Would you be interested in participating in cluster based
programs for commercialization research or business
planning for your invention?
Yes
      Submitted by: Rajasree S Date of Submission: 12-8-2020



Chat Room      Write Review     Talk to Experts


THE VISION
THE MISSION
ABOUT I-STEM
It has always been the basic tenet of the Government of India, in generously funding R&D efforts at academic institutions over the years, that facilities established through such support be made available to those needing them and qualified to make use of them for their own research work
read more >>

However, this was never easy or straightforward for, among other reasons, there was no ready source of information of what facility was available and where. Thanks to the Web, it is much easier today to have a national and regional “inventory of resources”, so as to match users with the resources they need, and to do all this in an efficient and transparent manner.

This can lead to a leap in R&D productivity and greatly enhance the effectiveness of public investment. This is the motivation behind I-STEM.
read less <<
Visitor Hit Counter
Hosted at Indian Institute of Science
Copyright © 2024 I-STEM. All rights reserved.
Audited by: STQC Bengaluru.