Filehound sniffs out extensions on suspects' computers
By John Moore
Published on October 16, 2006
The National Institute of Justice (NIJ) has given $200,000 to Purdue University professors working on software that lets police investigators more efficiently search for files on a suspect’s computer.
The software, called Filehound, helps police mine specific types of information, such as images and spreadsheets. In the case of child pornography, a suspect may try to disguise photos by changing the file extension from .jpg to.doc. Filehound, however, examines a file’s coding, which alerts investigators to hidden photo files, according to the university.
Purdue’s College of Technology spearheads the Filehound software project. Marcus Rogers, an associate professor in the college’s Department of Computer and Information Technology, and Richard Mislan, an assistant professor in that department, created Filehound with the help of graduate student Blair Gillam.
Rogers said Filehound enables investigators to quickly identify and evaluate files. The software resides on a laptop computer, which investigators take to a crime scene. The laptop is connected to the suspect’s computer via a hardware write block device, which prevents the modification of the computer’s hard drive.
“The central requirement for a sound forensic examination of digital evidence is that the original evidence must not be modified,” according to the National Institute of Standards and Technology’s Computer Forensics Tool Testing project. The capture of digital data from hard drives “must be performed so that the contents are not changed,” NIST reported.
Filehound has been provided free of charge to about 85 law enforcement agencies worldwide. The NIJ grant will be used to make improvements to the software. The program will be fully operational by summer 2007. At that point, Filehound can be offered to additional agencies, the university said.
Rogers said the software will not be commercialized and will remain free to law enforcement agencies.
Users will incur some hardware costs. Rogers said the cost of a hardware write block kit is about $1,250. Digital Intelligence’s UltraKit, for example, is priced at that level. UltraKit provides Parallel IDE, Serial Advanced Technology Attachment and SCSI hardware write blockers. Other vendors such as WiebeTech also offer write block products that will work with Filehound, Rogers said.
Filehound and a hardware write block kit offer a major cost advantage, he said, adding that the equipment many officials use today costs about $15,000.
In addition to the Filehound grant, the Purdue professors also received a $240,000 National Institute of Justice grant to pursue a Forensic Rapid Evidence Extraction Analysis Kit. That project aims to provide a simplified way to extract information from cell phones and other mobile devices, according to the university.
|
Digg
De.licio.us
Slashdot
Technorati
