Purdue cybersecurity experts create tool to solve cybercrimes
Marie Donlon | March 07, 2019Purdue University cybersecurity experts have created an all-in-one toolkit that can help law enforcement solve cybercrimes.
Affecting as many as 300,000 victims in the U.S. in 2017 and costing roughly $1.2 billion in losses, cybercrimes are at a six-year high. In an effort to reduce those numbers, Purdue cybersecurity experts created the Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR) in collaboration with law enforcement agencies throughout the U.S. FileTSAR collects data flows and offers a mechanism for selectively reconstructing several datatypes like documents, images, email and VoIP sessions for large-scale computer networks. According to the Purdue team, the toolkit could be used to unearth network traffic associated with a specific case, like employees selling trade secrets or harassing coworkers using workplace computers.
"Our new toolkit allows investigators to retrieve network traffic, maintain its integrity throughout the investigation, and store the evidence for future use," said Seunghee Lee, a graduate research assistant working on the project. "We have online videos available so law enforcement agents can learn the system remotely."
"The current network forensic investigative tools have limited capabilities — they cannot communicate with each other and their cost can be immense," said Kathryn Seigfried-Spellar, an assistant professor of computer and information technology in the Purdue Polytechnic Institute and a lead on the research team. "This toolkit has everything criminal investigators will need to complete their work without having to rely on different network forensic tools."
The toolkit also employs hashing for each carved file to preserve the forensic integrity of the evidence, helping it hold up in court, and was funded by the National Institute of Justice. It will be free to law enforcement agencies and can be used by digital forensic teams at the local, state, national and global levels.