Forensics for Free

Helix is already out on the market in the free world.  This looks interesting though.  I am hoping to take it for a spin this weekend.

Apparently some students at Edith Cowan University’s School of Computing and Information Sciences in Australia have developed a Linux-based tool to help collect cyber evidence without compromising its integrity.  The idea arose after the Western Australian Police asked the University for help two years ago.

I guess the police hadn’t utilized Helix or any of the other tools available. Normally, the police take PCs back to the station to gather evidence, but this tool allows them to collect it on site.  Now I am not sure if this does a bit by bit copy or what have you, but I know that in the US there will be a significant problem with chain of custody and the desire to see the original evidence if a case goes to court.

Supposedly the tool searches out certain file types, which saves the police a great deal of time.  To make sure the original evidence will still be admissible in court, the tool’s developers “removed all network support and the ability to write to disk.  If for some reason a disk is writeable, the system will halt automatically.” Write blocks are an important aspect.  More to be analyzed – the jury is still out on this tool.

http://www.zdnetasia.com/news/security/0,39044215,62038612,00.htm