By Nick Heath, 3 June 2009 15:30
NEWS
...to see what tools are available. There are quite specific objectives that they want to achieve and it is a case of discovering whether they need to rework something that is already in existence or develop a completely new tool.
"If somebody is suspected of a certain form of activity they will be able to carry out a targeted search rather than having to look through every piece of data."
Currently, UK police forces have a backlog of hundreds of computers seized during criminal investigations. The backlog of seized machines, combined with modern drives that can hold terabytes of data, means many forces will wait up to a year to analyse machines, Charlie McMurdie, head of the new Police Central e-Crime Unit, revealed last year.
Use of the tool could minimise the numbers of seized machines and help officers without digital forensics training to uncover evidence on a hard drive.
The continuing growth in the size of modern hard drives means it is becoming increasingly important to speed up digital forensics, and the hope is that such devices will allow police to reduce the amount of work necessary to identify machines of interest to investigators.
Comments
There are 6 comments. Join the discussion
1. anonymous
And what will the cops do when everyone simply encrypts their harddrives or incriminating materials?
2. anonymous
They will simply call the NSA and get there wiretap logs.
3. karen challinor
Anon, US - well here in the UK the police will simply ask for the encryption passwords under RIPA and if they aren't forthcoming immediately the owner of the PC will go to jail until they are, "oh I forgot it" isn't accepted as an excuse
and I bet you thought your state was intrusive in the US
any private individual who encrypts anything must hand over the decryption keys to any person in authority on request or face jail
and for some years now a person of authority includes anyone who works for the local council from filing clerks upwards, firemen, ambulance service personnel .... the list is quite long and personally I don't see the need for them to have these powers at all
4. karen challinor
so basically there aren't enough computer forensics experts employed by the police
and the response is not to hire more forensics experts as thats expensive, but to pay someone to develop a box that does the job of a forensics expert and can be used by someone with little or no training
now when I was very young and people started using digital calculators to solve maths problems (yes I am that old), one of the things I was always told was that it's advisable to know the ballpark figure for the answer before you use the calculator just in case you hit the wrong key and get something completely ridiculous, in other words you had to be capable of solving the problem without the calculator
so it would be advisable for the person using this "CSI team in a box" to have enough forensics training to know if they've made an error in their investigation
which basically means, they need to be a forensics expert and if that's the case why bother with the 'simple' box why not have the full toolkit
5. drew stephenson
Classic case of people not understanding what they're asking for. "Let's make forensics as easy as using a breathalyser". Right. So you're going to make analysis of terabytes of data in a near infinite combination of variables as simple as testing for a single chemical compound. Hmm...
6. karen challinor
drew - it's part of a fairly prevalent attitude
the people who understand technology are viewed with deep distrust by those who don't and it's those who don't who tend to control the money
they spend that money trying to replace the technologically aware people with simple automated equivalents that usually produce results that they are incapable of interpreting correctly
but why bother when they can make the results say whatever they want, as long as there's no one who understands the results to argue against them