Widespread use of information technology (IT) has resulted in an increase in computer crime – from money laundering and fraud to terrorism and child pornography. Now that the Internet, electronic data processing and computers are part of our daily lives, criminals and terrorists have been quick to exploit the advantages of these new technologies. Fighting computer crime requires a different approach from the conventional forensic techniques of fingerprinting and DNA tracing. This has led to a rise in demand from law-enforcement agencies seeking highly reliable digital forensic tools to provide evidence that will trap the criminals involved. These tools must be capable of obtaining evidence quickly and be rigorous enough to stand up in a court of law.
The EUREKA E! 3664 IT FORENSIC project has developed the world’s fastest hardware-based portable personal computer (PC) forensic system able to copy and protect evidence in criminal cases involving computers and digital networks. The new instrument is already attracting interest from security agencies, police forces, finance and tax authorities and accountancy organisations in Europe and North America. The application will help make Europe safer and enable it to become even more competitive by containing economic crime.
|Fighting computer crime requires new digital forensic tools.
Digital forensics requires a fast analysis of computer records from picture files and database contents to file transfers and emails. This is essential to find incriminating evidence - or exonerate innocent suspects. However competent and reliable, expert investigators must also be able to provide proof of how they work so as to leave no room for doubt about their results.
As a result of discussions with the German federal and district criminal service, German project leader mh SERVICE identified a problem of slow computer evidence acceptance. It is crucial to copy and analyse vast amounts of data very quickly in a write-protected manner in order to uncover the crime and provide legally credible evidence. “Cooperation within a EUREKA project provided new partners that enabled new knowledge to be developed. We can now copy 10 GB of secured evidence in just five minutes, compared with 30 to 60 minutes using alternative equipment,” says General Director of mh SERVICE, Martin Hermann.
The project aimed to develop a PC-based forensic system that could read all types of memory technology and provide a mirror image of the data on any type of hard disk, sector by sector, using hardware-based writing protection to avoid any possibility of falsifying data while copying. Existing technologies for write protection have relied on software approaches, making them unusable in court. “EUREKA helped us in obtaining the finance for our project, allowing it to get off the ground. It also provided great help concerning marketing and customer contact,” explains Hermann. “The cooperation led to success and we are already planning a further project with our partners.”
By cooperating closely with a German hardware company for writer blocker components, a Swiss specialist in forensic software in a EUREKA project has already resulted in the development of the TreCorder. This is a forensic PC capable of imaging or cloning up to three hard disks simultaneously, rapidly and securely. It not only provides a complete mirror image of the hard disk and system memory, including deleted and reformatted data, but also removes any possibility of falsification in the process.