DHS looking for forensic tools to lift evidence from solid state drives

DHS wants open source software to be at heart of cyber forensic tools

The Department of Homeland Security is looking for tools to help the law enforcement community better pull forensic evidence from solid state drives found in smartphones and GPS devices in particular.

The security agency said the popularity of solid state storage, and specifically solid state drives (SSD), in laptops, netbooks, cellphones and other portable devices, is presenting challenging problems for law enforcement forensic investigators. "Traditional forensic approaches utilizing write-blocking tools to image a magnetic hard drive, do not effectively translate to investigations involving NAND flash memory-based SSDs," DHS stated. 

More: What is on a US Secret Service mainframe anyway?

Specifically the tools DHS is looking for "should consider direct interface with the SSD controller, the controller-driven process of wear leveling, solid state manufacturer specific garbage collection, and the increasing use of the TRIM command[used to tap into solid states drives]."

Any contracts DHS ultimately awards for the forensic technology will include the following developmental phases:

PHAZE I: Law enforcement investigators require the ability to pull evidence from SSDs in a more reliable and forensically sound manner. This will require research into methodologies for imaging and parsing of data from SSDs, particularly those utilizing the TRIM command on TRIM-enabled operating systems (OS). Research methodologies should consider the significance of the OS, any techniques for identifying tampered controllers, and the potential ability to perform user-driven data recovery operations to overcome corruption or damage. The potential future state of integrated, on-board SSS, without a separate drive, in consumer devices may also be considered in this research. The Phase I deliverable should be a method for a comprehensive memory parser for SSDs.

Read more: The weirdest, wackiest and coolest sci/tech stories of 2011

PHASE II: Utilizing the methodology established in Phase I, demonstrate and implement hardware and software applications for development of a comprehensive, forensically sound imaging and parsing tool that is reproducible across multiple SSDs. The tool should be developed for law enforcement and forensic examiner use and, where possible, should utilize or be delivered as, open source technology.

PHASE III: The final developed tools will be marketable to a wide variety of Federal, State, and local law enforcement agencies. It is anticipated that those tools will require support, custom extensions, and additional applications as technologies are commercially introduced.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Layer 8 Extra

Check out these other hot stories:

DARPA system to blend AI, machine learning to understand mountain of text

CISOs morph into soothsayers, managers of double-digit security spending increases

Do you really need a social media will?

The sizzling world of asteroids

Fabulous space photos from NASA's Hubble telescope

IBM melds crime-fighting, big data analytics in one security package

IBM targets mobile, BYOD customers with cloud software, security services

Forget those fancy mega yachts - military auctioning DARPA's super stealth boat

Notion of extraterrestrial life more whimsical than factual?

On the trail of NASA's space potty

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies