Massive volumes of data, multiple copies, hidden and encrypted files expand the challenges for investigative teams.
Storming a building and seizing computers for evidence was the easy part for the Fairfield Police Department, which serves a city of about 100,000 people in central California. But capturing and extracting data from the hard drives used to take days.
The department’s investigative team had no in-field imaging system and no network for sharing data. Back in the lab, hardware constraints made it impossible to image more than one computer at a time. The process was slow, tedious and a waste of valuable resources, said Jim Carden, detective computer crimes investigator for the Fairfield Police Department.
On a broader scale, this often is the case for law enforcement agencies across the country. Reliable forensic evidence helps officers identify criminals and protect the innocent. But many forensic science labs are grossly underfunded, understaffed and lack effective oversight, according to a 2009 study of forensic techniques published by the National Academy of Sciences. With no uniform standards, insufficient training and poor supervision, the report recommends an overhaul of the “badly fragmented” forensic science system.
“Much research is needed not only to evaluate the reliability and accuracy of current forensic methods but also to innovate and develop them further,” said committee co-chair Constantine Gatsonis, professor of biostatistics and director of the Center for Statistical Sciences at Brown University, in a release. “An organized and well supported research enterprise is a key requirement for carrying this out.”
Massive volumes of data, multiple copies, hidden and encrypted files expand the challenges for investigative teams. Under the pressure of budget cuts, e-forensics units can’t afford to let time and limited tools compromise criminal prosecutions or civil litigation. But in the past few years, new technology has become available that addresses the changing nature of e-forensics and streamlines the preservation of digital evidence.
In April, the Fairfield Police Department found a solution from Logicube, a data capturing and computer forensics company based in Chatsworth, Calif. The company recently unveiled its Total Forensic Solution, a trio of modular forensic products that provide up to 8 terabytes of forensic data storage, wireless capabilities and the ability to capture and authenticate data at speeds of 7 GB per minute.
“We’ve been focusing on capturing information, but now they can store the captured information into an impregnable storage device and share them on a network,” said Farid Emrani, Logicube’s executive vice president and chief operating officer. “With the economy as it is and less people doing the same amount of work, you have to look to technology to fill gaps.”
In June, the Fairfield Police Department seized 10 computers from a home as part of a child pornography investigation, Carden said. It was a big house, and with only an IP address, the team had no way to trace the origin of the illegal distribution to a single computer at the location.
In the past, the process of analyzing numerous computers in the lab to find the incriminating data would have taken weeks, Carden said. But with a Logicube solution the department bought for about $3,300, Carden said, the investigators can cut imaging time down to hours and free up resources.
“Instead of using a computer to image, I could start processing files,” Carden said. “I ended up using it on all my cases.”