Forensic computer promises to make quick work of digital crime

A European consortium has come up with a high-speed digital forensic computer dedicated to the task of quickly offloading and analyzing all computer records from email or picture files to database contents and file transfers.

The TreCorder is a rugged forensic PC able to copy or clone up to three hard disks simultaneously, at a speed of up to 2 Gb/min. The same transfer would take 30 to 60 minutes using alternative equipment said Martin Hermann, general director of MH-services, the company that lead product development in conjunction with EUREKA. EUREKA is a pan-European venture capital firm that offers partners access to knowledge, skills, expertise and of course national public and private funds.

The PC not only provides a complete mirror image of the hard disk and system memory - including deleted and reformatted date - but also eliminates any possibility of falsification in the process, Hermann said. It uses the FireWire high-speed serial bus to connect the host computer and provides support for IDE, SATA and SCSI hard disks, Hermann said in a statement.

Ultimately the goal of the TreCorder and forensics products similar to it is to provide companies and law-enforcement agencies digital forensic tools that can gather evidence to trap the criminals that will stand up in court. A particular need is to copy and analyze vast amounts of data very quickly in a write-protected manner to uncover the crime and provide legally credible evidence, Hermann said. Legal validity requires logical methodologies, transparency and detailed reporting. In addition, using the necessary tools correctly is essential. The goal therefore was to develop a PC-based forensic system that could read all types of memory technology and provide a mirror image of the data on any type of hard disk, sector by sector, using hardware-based writing protection to avoid any possibility of falsifying data while copying, Hermann said.

The new instrument is already attracting interest from security agencies, police forces, finance and tax authorities and accountancy organizations on both sides of the Atlantic, the company claims.

Indeed security has been a huge problem with computer forensic work. A recent Network World article stated : The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners.

The security company has spent the past six months investigating two forensic investigation programs, Guidance Software's EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.

Researchers have been hacking forensics tools for years, but have traditionally focused on techniques that intruders could use to cover their tracks and thwart forensic investigations. The Isec team has taken a different tack, however, creating hacking tools that can be used to pound the software with data, looking for flaws.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)