Digital Forensics Research

Cloud Forensics

Cloud computing, where applications and data storage are provided as services to users via the Internet, is becoming more and more prevalent - and because of it, law enforcement cyber forensics investigators are facing new challenges in obtaining evidence. Instead of the evidence being on a device that they can seize, the evidence is likely located in a data center at a service provider that is often not geographically easily accessible. [Read More]


Human Image Detection

The average computer has hundreds of thousands of images stored on its hard drive. When law enforcement is involved in an investigation that involves finding pictures containing humans, such as pornography or child pornography, they must manually search through each of these hundreds of thousands of images to find what they are looking for. The URI research group on Human Image Detection, under a U.S. Dept. of Justice-sponsored project, is creating software trained with law enforcement criteria that will assist law enforcement in the detection of these images, thus greatly reducing the number of hours that law enforcement spends on these types of investigations. [Read More]


Cell Phone Forensics

With phones received from a leading device refurbishing company, we are testing the claims for support of several top forensic hardware and software solutions. With our results from these tests, a gap analysis will be performed. This analysis will determine where hardware and software are lacking so far as information that can be gathered from a seized device from a law enforcement perspective. With this knowledge, more targeted research can be done to help law enforcement agencies get the information they need to make investigations easier and more successful. [Read More]


Software Write Blocking

When a digital forensics professional investigates a piece of storage media they must use "write blocking" to ensure that the media is not altered during the investigation. The state of the practice is to use hardware write blockers. These devices are very expensive and are awkward since they require physical connections and a different connector for each type of interface (IDE, SCSI, USB, etc). Furthermore, disk imaging using hardware write blockers is slowed considerably due to protocol translations that the device must perform. [Read More]


Network Boot Disk

Acquiring digital evidence has become a problem for investigators due to the fact that more and more evidence is stored in massive networked data centers. The use of forensically sound boot disks is a solution to this, as it allows investigators to boot a machine and perform triage, allowing then to collect only the evidence they need. As opposed to the difficult to use Linux boot disks currently available, we have developed a Windows based boot disk, which gives investigators an easy to use platform in which to perform triage. The boot disk is also forensically sound in that it performs write blocking on all attached drives to protect evidence. This write blocking is performed through software, eliminating the need to bring costly and large hardware write blocking solutions on-scene. [Read More]


Forensic Steadier State

The process of investigating digital evidence requires the use of a forensic workstation. It is important for law enforcement and laboratory analysts to use a forensically sound machine when starting a new investigation. To prevent cross-contamination of remnants between cases, most law enforcement agencies seek to have a controlled operating environment that can be reset to a sterile state which ensures that all remnants of previous cases aren’t present. Forensic investigators need a viable automated solution for ensuring a controlled environment that ensures the probative value of digital evidence. [Read More]


Steganalysis

Steganography is the art of hiding data in plain sight. Criminals use this technique and advanced computer knowledge to hide data inside seemingly harmless files (image files, music files, text files, etc). This technique is so advanced that no human can visually detect that a specific file has hidden data in it. The URI research group on Steganography Detection, under a U.S. Dept. of Justice-sponsored project, is creating sophisticated machine-learning software that will assist law enforcement in the detection of data that has been hidden through steganography, on a computer. [Read More]


Law Enforcement Search String Assistant

For law enforcement, there are not many resources that provide help with search strings. As a result of this problem, the Law Enforcement Search String Assistant was created. This resource allows law enforcement officials to share keywords with a keyword repository and provides a regular expression generator for advanced search strings. [Read More]