Nearly every crime committed today involves digital media, such as computers and cell phones.
In most cases, these devices contain vital evidence, including call logs, location information, text and email messages, images, and audio and video recordings that could help law enforcement investigators close a case.
At the same time, the types and sizes of these devices are proliferating at an incredible rate, but the budgets of most state and local law enforcement agencies are not keeping pace.
Autopsy, an open-source, digital forensics platform used by law enforcement agencies worldwide to determine how a digital device was used in a crime and recover evidence, is being enhanced with the addition of several new capabilities requested by law enforcement.
Since it was first released 15 years ago, a community has grown around Autopsy development that continues to grow and deliver law enforcement investigators the new capabilities and functionality they have identified as pressing needs.
(Learn More about Forensics with Autopsy. Courtesy of Hacking & Digital Forensics & Autopsy and YouTube. Posted on Oct 26, 2015)
The DHS Science and Technology Directorate previously funded the development and open-source release of Autopsy modules and its stewardship continues today as part of the Cyber Security Division’s (CSD) Cyber Security Forensics project.
CSD is part of the Homeland Security Advanced Research Projects Agency, which was recently honored with a 2017 ‘ASTORS’ Excellence in Homeland Security Award from American Security Today.
As part of the current Cyber Forensics project work plan, the following capabilities will be developed or enhanced within Autopsy:
A New Communication Analysis Framework
- This will develop a storage framework for communications-based data and a graphical interface, making it easier for investigators to view messages from a variety of sources, visualize the messages, and see the relationships between accounts.
Advanced Image Analysis Functionality
- This enhancement will expand Autopsy’s existing photo and video analysis capabilities to more efficiently analyze large numbers of images stored on a device’s hard drive.
Advanced Timeline Visualization
- New features will be added, including integration with existing open-source parsing tools, allowing users to create events and highlight events, and filter by file type to the timeline module to more efficiently analyze activity to determine what events occurred.
Each capability enhancement was identified through a survey of law enforcement agencies conducted by Cambridge, Massachusetts-based Basis Technology Corporation, Autopsy’s primary developer.
Basis Technology queried agencies about their biggest challenges and where they spend the bulk of their investigative time.
These new/enhanced capabilities will be provided through future open-source releases of Autopsy.
“These enhancements will substantially increase Autopsy’s ease-of-use for law enforcement agencies,” said Megan Mahle, program manager of S&T’s Cyber Security Forensics project.
“The modules we’re focusing on through our effort will add new functionalities and promote flexibility for use by each law enforcement investigator.”
Autopsy, built as an extensible platform—boasts thousands of users around the world and is downloaded an average of 4,000 times each week.
- It supports all types of criminal investigations—from fraud to terrorism to child exploitation.
- As an open-source platform, it is a cost-effective tool investigators can use to solve crimes, especially in these days of shrinking budgets.
- In addition to the development activity, the platform also supports the incorporation of third-party modules (either open or closed source).
The easy-to-use software system has standard forensic tool features regularly used by federal, state, and local law enforcement organizations, including disk-image analysis, hash-set analysis, indexed keyword search, registry analysis, and Android and web-artifact analysis.
Additionally, Autopsy includes unique capabilities such as support for multi-user cases, automated ingest and correlation analysis.
It is taught at many law enforcement conferences and training courses, including at DHS’s four Federal Law Enforcement Training Centers, and used by many agencies as either a primary and validation tool for casework.
The overarching Cyber Security Forensics project develops solutions law enforcement use to investigate criminal activity.
It addresses DHS law enforcement components specific needs and collaborates with investigators from federal, state, and local agencies as well as international partners.
The project encompasses efforts in the persistent areas of cyber forensics, including mobile device forensics, GPS forensics, and data acquisition and analysis.
Project requirements are established by the Cyber Forensics Working Group (CFWG), which is composed of representatives from law enforcement agencies at all levels of government.
The group, led by CSD, meets biannually to discuss capability gaps, prioritize technology development foci, and set solution requirements.
Members also serve as testing-and-evaluation partners for prototype technologies developed through the project.
Over the last several years, the Cyber Security Forensics project has transitioned the following technologies in support of law enforcement organizations nationwide.
- Tutorials on accessing and analyzing disposable mobile phones
- Previous Autopsy module enhancements
- iVe, a digital forensics tool that acquires user data from the vehicle infotainment and telematics systems of more than 10,000 vehicle makes and models
The Cyber Security Forensics project, through a partnership with the National Institute of Standards and Technology (NIST), also is providing resources and standards to the broader digital forensics community, including the National Software Reference Library, Computer Forensics Tool Testing and Computer Forensics Reference Dataset.
The 2017 ‘ASTORS’ Homeland Security Awards Program
American Security Today’s 2017 ‘ASTORS’ Homeland Awards Presentation Luncheon at ISC East was an overwhelming success, with distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government.
Over 100 professionals gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:
- The Department of Homeland Security
- The Department of Justice
- The Security Exchange Commission
- State and Municipal Law Enforcement Agencies, and
- Leaders in Private Security
Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.
American Security Today was formed after careful reflection of 9/11 and its aftermath when the Department of Homeland Security was established and there was an immediate explosion of new products and solutions for what was perceived as an imminent second attack on primary targets in the United States.
As time moved forward from 9/11 itself and in recent years, the threats to our nation have evolved from a large scale 9/11 type attack to:
- Domestic and International Terrorist Attacks carried out by ‘lone wolves’ and coordinated individuals
- Cybersecurity breach attacks against our government agencies, financial institutions and critical infrastructure facilities
- Unprecedented urban violence
- Cultural shifts and societal media bias, which make it increasingly difficult to secure our nation in this constantly evolving threat environment.
These current circumstances have put forward another rapid expansion of new ideas, products and solutions to combat these ever changing challenges.
These changes have called for a new generation of security experts in the Homeland Security and Public Safety fields who need real time knowledge of our ever growing threats.
These experts include the Government at the Federal, State and Local levels as well as from Private Firms specializing in Physical Security, Port Security, Law Enforcement, First Responders, Military and Private Security responsible for implementing coordinated security measures to ensure our Nation’s Security and improve Public Safety.
Together, each of these entities work together seamlessly on the front lines of protecting our communities, to ‘Keep our Nation Secure, One City at a Time.’
