US in search of Apple, cell phone forensic tools as online crime morphs

Dept. of Justice looking to develop cutting edge electronic crime and digital evidence recovery technology

The always evolving world of electronic crime is forcing law enforcement agencies  to look even harder for tools and digital evidence recovery technology to keep up. 

This week the research, development, and evaluation agency of the U.S. Department of Justice (DOJ), the  National Institute of Justice (NIJ) said it wants to fund development of a number of key digital crime technologies including Apple Macintosh forensic tools, cell phone analysis packages and software that can fight Internet anonymizers. 

FBI details most difficult Internet scams 

According to the NIJ, state and local law enforcement are seizing Macintosh computers and devices as digital evidence in investigations more frequently. 

Many State and local law enforcement personnel are unfamiliar with these types of computers, operating system and the directory structures and are unprepared to acquire the data from these devices and conduct forensic examinations on these devices, the NIJ states.

State and local law enforcement need forensic tools to acquire and analyze data from Apple Macintosh computer systems that are compatible with and will run on forensic examination platforms running the Windows Operating System.  In the end the group wants to gain the same level of forensic examination from both Windows and Macintosh Operating Systems workstation environments. 

As for cell phones, the NIJ said automated data acquisition and analysis technologies have yet to be developed for a large percentage of mobile devices in use in the United States. What law enforcement needs are technologies to expand the number of cell phone models it can acquire full physical data image files from for examination and analysis, the NIJ stated. 

Estimates indicate an average of 470 mobile device models are available to consumers at any time, and an average of 16 new models are introduced each month. These estimates, combined with the number of mobile devices no longer available on the retail market but still in use, indicate an enormous number and variety of devices that could be seized as evidence in investigations, each requiring unique tools, technologies, and cables.

Hwever, only a percentage of these devices can currently be thoroughly examined for digital evidence, the NIJ stated.  

Devices that can hide identities on the Internet, known as anonymizers,   can also be used to commit and facilitate criminal activity while masking the identity of the perpetrators from law enforcement. Currently, State and local law enforcement have no forensic tools or investigative technologies to investigate crimes committed through the use of Internet anonymizers, the NIJ stated.  The NIJ is seeking forensic and investigative tools and technologies to investigate criminal use of these technologies. 

The NIJ should perhaps take a look at what the Defense Advanced Research Projects Agency (DARPA) scientists are up to in the digital forensics world. DARPA recently said it was spending $43 million on a Cyber Genome Program it hopes will develop technologies that will help law enforcement types collect, analyze and identify all manner of digital artifacts. 

The objective of the four-year program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from software, data, and/or users to support law enforcement, counter intelligence, and cyber defense teams, DARPA stated. 

Such digital artifacts may be collected from computers, personal digital assistants, and/or distributed information systems such as cloud computers, from wired or wireless networks, or collected storage media.  The format may include electronic documents or software to include malware, DARPA stated.

"A challenge in the cyber community is the ability to identify, analyze, and classify users, software, and digital artifacts.  The traditional approach has been to develop custom solutions addressing individual threats for individual systems.  However, it is not a viable approach to enumerate all possible combinations of solutions for each network threat for every sensor, weapon, and command-and-control platform," DARPA stated.  "The result has been a continuous and rapid proliferation of cyber attacks, malicious software and 'spam' email.  These challenges provide an advantage to adversaries who can develop inexpensive, evolutionary cyber exploits that bypass or defeat intrusion detection and protection systems, host-based defenses, and forensic analysis." 

Follow Michael Cooney on Twitter: nwwlayer8  

Layer 8 Extra

Check out these other hot stories:

NASA gives Mars rover extra smarts

Helium rain on Jupiter makes for strange days

US agencies hot on predicting climate change

IRS security faults leave taxpayer information at risk

US to develop smart machines with visual intelligence

NASA, Russian astronauts set records, land back on Earth

First up-close Mars moon photos

NASA Mars Spirit rover battles winter onslaught

10 NASA space technologies that may never see the cosmos

NASA space shuttles gearing up for big phase out

Is the International Space Station just a costly flying lab or irreplaceable resource?

US softens Internet export rules for Iran, Sudan and Cuba

FBI's "Ten Most Wanted" list turns 60

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.