Law Enforcement Technology

JUL 2015

Issue link:

Contents of this Issue


Page 41 of 63

42 Law Enforcement Technology July 2015 EVIDENCE & FORENSICS cybersecurity research program focused on the law enforcement community. The initiative was designed to help investigators comb through computer evidence at record speeds. Martin Novak, a computer scientist at NIJ, acknowledges the "acquisition/ analysis phases of digital forensics are time-consuming ... in the best circum- stances taking 16.5 hours to image a 1-terabyte drive…and that's if you only have one 1-terabyte drive await- ing imaging." He adds, the problem's compounded by the fact that multiple media is seized at a crime scene and the backlogs of digital media keep growing. A couple proposed solutions, of which Grier Forensics and Rand Corp. are a part, will significantly reduce the time officers spend sifting through digital evidence. Instead of spending 16.5 hours combing through that one, 1-terabyte drive, it might only take 5.5 hours—a tremendous savings in time and resources. The two companies sub- mitted applications to the NIJ, which were then reviewed on technical merit and finally approved for funding. Both propose a new way for law enforcement to process large capacity digital media in a forensically sound manner that preserves the appropriate amount of evidence. "When you browse around [on a computer] you're modifying the evi- dence; you're spoiling it," says Jonathan Grier of Grier Forensics. That's why investigators make images of the hard disk—to find items that don't meet the eye. It's important, too, to preserve the evidence for chain of custody. It can take a day just to prepare an image from one computer's hard drive. But what if you had a tool that looked only in the right places, and did so quickly? Grier's prototype sifts through the disk as the image is being created. "It looks at the parts of the disc that are relevant, and parts that might be relevant, and parts we know for sure are not relevant. We can bypass large parts of the disc… we don't need to include them in that Circle 57 on Reader Service Card Circle 58 on Reader Service Card

Articles in this issue

Links on this page

Archives of this issue

view archives of Law Enforcement Technology - JUL 2015