High-tech toolkit developed to analyze digital evidence
Local, state, federal and international law enforcement agencies that reconstruct and analyze digital evidence to solve crimes can use a high-tech toolkit from Purdue University that has been upgraded to be easier and more cost-effective to set up and maintain.
The new version of the Toolkit for Selective Analysis & Reconstruction of Files, called FileTSAR+, provides a mechanism to selectively reconstruct and analyze multiple data types, including documents, images, email and VoIP (Voice over Internet Protocol) sessions for large-scale computer networks.
Kathryn Seigfried-Spellar, associate professor of computer and information technology at Purdue Polytechnic Institute, led the team that created the toolkit. She said feedback from law enforcement agencies prompted changes to improve it.
“We have reduced the requirements from end users so the toolkit is less resource intensive for agencies of all sizes,” Seigfried-Spellar said. “Law enforcement officers already work hard to prove probable cause in order to gain permission to access digital files. We want to remove any burdens in setting up the toolkit so they can spend more time working their cases.”
The team’s first step to improve the toolkit was removing the functionality to capture digital evidence.
“Law enforcement agencies have already captured the data they need; they just lacked a way to process and reconstruct files,” Seigfried-Spellar said. “Removing the capacity to capture the digital evidence has made FileTSAR+ much more resource efficient.”
The team’s second step was repackaging the toolkit from an open-source, virtual machine-based system with a 15-step process to a less complicated process that allows users to download and run files on a laptop computer in a single step.
“Now law enforcement agencies can download a single, 10-gigabit file and use the toolkit immediately,” Seigfried-Spellar said.
Seigfried-Spellar built the toolkit along with Marcus Rogers, John Springer and Baijian Yang, all professors of computer and information technology in the Purdue Polytechnic Institute. Rogers also is director of Purdue’s Cybersecurity & Forensics Lab. They received funding from the National Institute of Justice to develop the toolkit, which was beta tested by certified digital forensic examiners with the National White Collar Crime Center and the Tippecanoe County High Tech Crime Unit.
Sean Leshney, director of digital forensics investigations at the Tippecanoe County High Tech Crime Unit, said the FileTSAR+ development team did great work to expand the tool’s capabilities to the benefit of end users.
“FileTSAR+ reduces the time and effort examining data captured over networks,” Leshney said. “We look forward to the future improvements of FileTSAR+ by Purdue University to aid in the area of network forensics.”