Focus Area: Electronic Evidence
Description: Despite persistent and conscientious computer security efforts, terrorists still find ways to gain unauthorized access to computers and steal sensitive information. Collecting data from computers to determine who, how, when, and what was accessed becomes critical and normally requires highly trained investigators or forensic scientists. In this project, ID Scientific created a system to make the extraction and analysis of the data in these cases quicker, easier, and more complete than ever before. This new advanced computer forensic system can rapidly download stored data and RAM, determine the programs and running processes that were being used, identify passwords, and collect other data pertinent to the incident. Most significantly, the new system eliminates the need to have physical access to the targeted computer because it can remotely perform its capabilities and evidence collection via the Internet or a local area network. The advanced log collector can target any Windows, Mac, or Linux-based computer and is minimally invasive. Modules within the software thoroughly analyze the extracted raw data and transform it into easy-to-read reports. The software program is now commercially available from the vendor.
Project Cost: $355,000
Project Duration: 15 months
Operational Impact: Complex forensic computer investigations are possible now through the Internet and can be done quicker. This project has expanded the reach of the forensic computer examiner.
Deliverable: Ten units of a software tool that can access target computers on the Internet or a LAN, extract its data and running processes, and thoroughly analyze and catalogue the data
Performer: ID Scientific
End Users: U.S. Army Criminal Investigation Command, U.S. Immigration and Customs Enforcement, Federal Bureau of Investigation, United States Secret Service, Intelligence Community, Department of Defense, and state and local agencies
Transition: Ten units were distributed to the end users