Widespread use of information technology (IT) has inevitably resulted in an escalating prevalence of computer crime - from fraud to child pornography. This has led to an increasing demand from law-enforcement agencies for digital forensic tools to provide evidence that will trap the criminals involved and will stand up in court. The EUREKA E! 3664 IT FORENSIC project has led to the development of the world's fastest hardware-based forensic system able to copy and protect digital evidence in computer crime cases.
The new instrument is already attracting interest from security agencies, police forces, finance and tax authorities and accountancy organisations on both sides of the Atlantic. Security applications will result in a safer Europe and the containment of economic crime will enable Europe to be more competitive.
Project leader MH-Services identified the problem of slow computer evidence acceptance through discussions with the German federal and district criminal service. A particular need is to copy and analyse vast amounts of data very quickly in a write-protected manner to uncover the crime and provide legally credible evidence.
"We did not have all the know-how necessary," explains Martin Hermann, general director of MH-services. "Cooperation within a EUREKA project provided new partners that enabled new knowledge to be developed. We can now copy 10 GB of secured evidence in just five minutes, compared with 30 to 60 minutes using alternative equipment."
The goal was to develop a PC-based forensic system that could read all types of memory technology and provide a mirror image of the data on any type of hard disk, sector by sector, using hardware-based writing protection to avoid any possibility of falsifying data while copying. Existing techniques for write protection have relied on software approaches, making them unusable in court.
"EUREKA helped us in obtaining the finance for our project, allowing it to get of the ground. It also provided great help concerning marketing and customer contact," adds Hermann. "The cooperation led to success and we are already planning a further project with our partners."
Close cooperation with a computer hardware company in Germany for writer blocker components and a forensic software specialist in Switzerland in a EUREKA project has already led to the development of the TreCorder. This rugged forensic PC is able to image or clone up to three hard disks simultaneously, rapidly and securely. It not only provides a complete mirror image of the hard disk and system memory - including deleted and reformatted date - but also eliminates any possibility of falsification in the process.