A global collaboration between digital forensics specialist Evidence Talks and Australia-based Schatz Forensic will afford investigators in law enforcement, Government agencies and Corporate Security Departments the ability to create forensic images significantly faster than when using traditional techniques.
The breakthrough in forensic imaging speed in a triage tool comes as a result of integration between Evidence Talks’ SPEKTOR solution and Schatz Forensic’s next generation forensic imaging technology, named Evimetry. Evimetry is based on the peer-reviewed AFF4 forensic image file format, advanced compression and intelligent sequencing of disk access.
Dr Bradley Schatz, director of Schatz Forensic and an inventor of the AFF4 forensic image format, has a PhD in Digital Forensics, a Bachelor’s degree in Computer Science, 23 years experience in IT and 13 years in digital forensics. Schatz is a globally recognised leader in forensic research, with appointments across the leading publication venues of the field.
Andrew Sheldon MSc, Chief Technical Officer of Evidence Talks and originator of the SPEKTOR forensic platform, has 37 years of experience in IT, 23 of which have focused on forensic computing. He holds a Masters degree in the discipline from the Centre for Forensic Computing at the Royal Military College of Science, Cranfield University and is a regular speaker at industry events.
Sheldon commented: “During our research into methods of reducing forensic imaging times, I discovered Dr Schatz and his work on the peer reviewed and forensically sound AFF4 imaging format. Further development of this work by Schatz Forensic was so close to our desired objectives that we approached him to work collaboratively and combine the technology into the SPEKTOR product range. This has accelerated our ability to deliver outstanding performance to a market that’s demanding faster image creation in order to cope with massive increases in target media capacities.”
Exclusive licensing agreement
Now, with an exclusive licensing agreement in the triage space, Evidence Talks is embedding the necessary code across its SPEKTOR product suite. In a recent test, the SPEKTOR Rapid Imager produced a full linear image on a MacBook Air with 120 GB storage in under four minutes. That can be set against the previous timeframe using industry standard tools of some 45 minutes.
SPEKTOR Rapid Imager isn’t just fast when imaging SSD media. It’s optimised for slower systems employing rotational media with tests indicating significant reductions in imaging times.
The new system was launched at the 2016 F3 annual workshop in Gloucester on Tuesday 8 November. Evidence Talks is a founder member of F3, which is a non-profit organisation helping to provide low-cost training for digital forensic practitioners.
Commenting on the product release, Dr Bradley Schatz said: “We recognised very early in discussions with Andrew Sheldon that Evidence Talks had the vision and will to lead the forensic triage market to preserve more evidence in less time. This vision aligns perfectly with that of Schatz Forensic. The seamless integration of SPEKTOR and the Evimetry imager engine provides a dramatic increase in digital forensic triage performance which will have immediate and measurable benefits for end users.”