Developer(s): Martin Koopmans
ANT has been developed using a client-server model, where the network clients will boot from a forensically sound Linux OS that is served by the ANT server using PXE. With ANT it's easy to find targeted suspect data on network clients that can be centrally analyzed on the ANT server.
Profiler is an extension has been developed to get a fast overview of information on a system before starting a full investigation. Profiler parses all Windows Registry files (sam, system, software, security) and Internet files (Chrome, Firefox, Safari and Internet Explorer). Profiler reads EWF images, DD images and physical disks.
Profiler functions have been integrated into ANT.
- Koopmans, M.B., J.I. James (2013) "Automated Network Triage". Digital Investigation. Elsevier. ISSN 1742-2876. 10.1016/i.diin.2013.03.002.
- James, J. I., M. Koopmans, P. Gladyshev. (2011, June 14). Rapid Evidence Acquisition Project for Event Reconstruction. The Sleuth Kit & Open Source Digital Forensics Conference, McLean, VA, Basis Technology. <http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/>