An all-in-one cyber toolkit for criminal investigations

New Purdue University technology makes it easier to follow a criminal’s digital footprint

IMAGE

Credit: Kathryn Seigfried-Spellar/Purdue University

WEST LAFAYETTE, Ind. – Cybercriminals can run, but they cannot hide from their digital fingerprints.

Still, cybercrimes reached a six-year high in 2017, when more than 300,000 people in the United States fell victim to such crimes. Losses topped $1.2 billion.

Now, Purdue University cybersecurity experts have come up with an all-in-one toolkit to help detectives solve these crimes. Purdue has a reputation in this area – it is ranked among the top institutions for cybersecurity.

“The current network forensic investigative tools have limited capabilities – they cannot communicate with each other and their cost can be immense,” said Kathryn Seigfried-Spellar, an assistant professor of computer and information technology in the Purdue Polytechnic Institute, who helps lead the research team. “This toolkit has everything criminal investigators will need to complete their work without having to rely on different network forensic tools.”

The toolkit was presented in December 2018 during the IEEE International Conference on Big Data.

The Purdue team developed its Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR) by collaborating with law enforcement agencies from around the country, including the High Tech Crime Unit of Tippecanoe County, Indiana. The HTCU is housed in Purdue’s Discovery Park.

FileTSAR is available free to law enforcement. The project was funded by the National Institute of Justice.

The Purdue toolkit brings together in one complete package the top open source investigative tools used by digital forensic law enforcement teams at the local, state, national and global levels.

“Our new toolkit allows investigators to retrieve network traffic, maintain its integrity throughout the investigation, and store the evidence for future use,” said Seunghee Lee, a graduate research assistant who has worked on the project from the beginning. “We have online videos available so law enforcement agents can learn the system remotely.”

FileTSAR captures data flows and provides a mechanism to selectively reconstruct multiple data types, including documents, images, email and VoIP sessions for large-scale computer networks. Seigfried-Spellar said the toolkit could be used to uncover any network traffic that may be relevant to a case, including employees who are sending out trade secrets or using their computers for workplace harassment.

“We aimed to create a tool that addressed the challenges faced by digital forensic examiners when investigating cases involving large-scale computer networks,” Seigfried-Spellar said.

The toolkit also uses hashing for each carved file to maintain the forensic integrity of the evidence, which helps it to hold up in court.

Their work aligns with Purdue’s Giant Leaps celebration, celebrating the global advancements in artificial intelligence as part of Purdue’s 150th anniversary. This is one of the four themes of the yearlong celebration’s Ideas Festival, designed to showcase Purdue as an intellectual center solving real-world issues.

The team is working with the Purdue Research Foundation Office of Technology Commercialization to patent the innovation.

###

About Office of Technology Commercialization

The Office of Technology Commercialization operates one of the most comprehensive technology transfer programs among leading research universities in the U.S. Services provided by this office support the economic development initiatives of Purdue University and benefit the university’s academic activities. The office is managed by the Purdue Research Foundation, which received the 2016 Innovation and Economic Prosperity Universities Award for Innovation from the Association of Public and Land-grant Universities. For more information about funding and investment opportunities in startups based on a Purdue innovation, contact the Purdue Foundry at [email protected] For more information on licensing a Purdue innovation, contact the Office of Technology Commercialization at [email protected] The Purdue Research Foundation is a private, nonprofit foundation created to advance the mission of Purdue University.

Writer: Chris Adam, 765-588-3341, [email protected]

Sources: Kathryn Seigfried-Spellar, [email protected]

Seunghee Lee, [email protected]

Media Contact
Chris Adam
[email protected]

Related Journal Article

http://dx.doi.org/10.1109/BigData.2018.8621914

Comments