"High-Tech Toolkit to Analyze Digital Evidence Made More Efficient and Budget-Friendly for Law Enforcement Agencies"
Purdue University has upgraded its Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR+) to be easier and more cost-effective to set up and maintain. It can be used by law enforcement agencies that reconstruct and analyze digital evidence to solve crimes. FileTSAR+ enables selective reconstruction and analysis of multiple data types, including documents, images, email, and Voice over Internet Protocol (VoIP) sessions for large-scale computer networks. The toolkit was developed by a team led by Kathryn Seigfried-Spellar, an associate professor of computer and Information Technology (IT) at Purdue Polytechnic Institute. The team includes Marcus Rogers, John Springer, and Baijian Yang, all professors of computer and IT at Purdue Polytechnic Institute. Rogers is also the director of the Cybersecurity and Forensics Lab at Purdue. Seigfried-Spellar noted that law enforcement agency feedback prompted enhancements. As a first step toward improving the toolkit, the team eliminated the ability to capture digital evidence, as law enforcement agencies have already captured the data they need but lack a way to process and reconstruct files. Eliminating the ability to capture digital evidence has made FileTSAR+ significantly more resource efficient. The team's second step was to repackage the toolkit from an open-source, virtual machine-based system with a 15-step process to a single-step process that allows users to download and execute files on a laptop. The National Institute of Justice provided funding for the development of the toolkit, which was beta-tested by certified digital forensic examiners from the National White Collar Crime Center and the Tippecanoe County High Tech Crime Unit. This article continues to discuss FileTSAR+.