The role of computers and portable media devices (such as cell phones and GPS devices) in criminal activity has increased significantly in recent years. Accordingly, such devices frequently contain vital evidence, including user information, call logs, location, text messages, email, images and audio and video recordings.
In the area of cyber forensics, law enforcement has a significant challenge keeping up with technology changes. New technology, both hardware and software, is released into the market at a very rapid pace and used in criminal activity almost immediately. The large volume of information contained on digital devices can make the difference in an investigation, and law enforcement investigators require updated tools to address the changing technology.
Since its inception in November 2008, the Cyber Forensics Working Group (CFWG) has provided project requirements. Part of S&T’s Cyber Security Division, CFWG is composed of representatives from federal, state and local law enforcement agencies. Members meet biannually to provide requirements, discuss capability gaps and prioritize the areas of most immediate concern to focus technology development and participate as test and evaluation partners of resultant solutions.
Current Cyber Forensics Efforts
Solid State Drive Forensics: The increasing popularity and presence of solid state drives (SSD) in consumer computer products such as laptops, netbooks, and other portable devices, present challenging problems for law enforcement forensic investigators. Traditional forensic approaches, utilizing write-blocking tools to image a magnetic hard drive, do not effectively translate to investigations involving NAND flash memory-based SSDs. This effort is researching novel approaches for forensic analysis of SSDs.
Cyber Forensics Tool Testing: Providing funding the Cyber Forensics Tool Testing Program at the National Institute for Standards and Technology (NIST), the project offers a measure of assurance that the tools used by law enforcement in the investigations of computer-related crimes produce valid results. The implementation of testing based on rigorous procedures provides impetus for vendors to improve their tools to provide consistent and objective test results to law enforcement that will stand up in court. NIST test reports may be found published on the CyberFETCH website (www.cyberfetch.org).
Vehicle and Infotainment System Forensics: This effort is researching capabilities to forensically acquire data from information and entertainment systems found in vehicles seized during law enforcement investigations.
Enabling Law Enforcement with Open Source Digital Forensics Software: Adding capabilities to the existing open source digital forensic tool, Autopsy, this effort is developing a low cost solution for law enforcement that can be extended by additional developers. Specifically, this effort is focused on some of the most time consuming and least automated parts of forensic processing: picture/video analysis and timeline analysis.