High-tech toolkit to analyze digital evidence made more efficient and budget-friendly for law enforcement agencies

Sean Leshney, director of digital forensics investigations at Tippecanoe County (from left) and Patrick Harrington, Tippecanoe County prosecutor, view an analysis of digital evidence created by the FileTSAR+ forensic tool. Purdue University researchers improved the original tool by simplifying its functionality and packaging to make FileTSAR+ easier and more cost effective for law enforcement agencies to set up and maintain. (Purdue Research Foundation photo/Steve Martin)

Purdue University researchers simplify FileTSAR+ functionality and packaging to improve setup, use and maintenance

WEST LAFAYETTE, Ind. – Local, state, federal and international law enforcement agencies that reconstruct and analyze digital evidence to solve crimes can use a high-tech toolkit from Purdue University that has been upgraded to be easier and more cost-effective to set up and maintain.

The new version of the Toolkit for Selective Analysis & Reconstruction of Files, called FileTSAR+, provides a mechanism to selectively reconstruct and analyze multiple data types, including documents, images, email and VoIP (Voice over Internet Protocol) sessions for large-scale computer networks.

Kathryn Seigfried-Spellar, associate professor of computer and information technology at Purdue Polytechnic Institute, led the team that created the toolkit. She said feedback from law enforcement agencies prompted changes to improve it. 

“We have reduced the requirements from end users so the toolkit is less resource intensive for agencies of all sizes,” Seigfried-Spellar said. “Law enforcement officers already work hard to prove probable cause in order to gain permission to access digital files. We want to remove any burdens in setting up the toolkit so they can spend more time working their cases.”

The team’s first step to improve the toolkit was removing the functionality to capture digital evidence.

“Law enforcement agencies have already captured the data they need; they just lacked a way to process and reconstruct files,” Seigfried-Spellar said. “Removing the capacity to capture the digital evidence has made FileTSAR+ much more resource efficient.” 

The team’s second step was repackaging the toolkit from an open-source, virtual machine-based system with a 15-step process to a less complicated process that allows users to download and run files on a laptop computer in a single step.

“Now law enforcement agencies can download a single, 10-gigabit file and use the toolkit immediately,” Seigfried-Spellar said.

Seigfried-Spellar built the toolkit along with Marcus Rogers, John Springer and Baijian Yang, all professors of computer and information technology in the Purdue Polytechnic Institute. Rogers also is director of Purdue’s Cybersecurity & Forensics Lab. They received funding from the National Institute of Justice to develop the toolkit, which was beta tested by certified digital forensic examiners with the National White Collar Crime Center and the Tippecanoe County High Tech Crime Unit.

Sean Leshney, director of digital forensics investigations at the Tippecanoe County High Tech Crime Unit, said the FileTSAR+ development team did great work to expand the tool’s capabilities to the benefit of end users.

“FileTSAR+ reduces the time and effort examining data captured over networks,” Leshney said. “We look forward to the future improvements of FileTSAR+ by Purdue University to aid in the area of network forensics.” 

Law enforcement agencies interested in gaining access to FileTSAR+ should submit information to an online form to initiate the process.

About Purdue University

Purdue University is a top public research institution developing practical solutions to today’s toughest challenges. Ranked in each of the last five years as one of the 10 Most Innovative universities in the United States by U.S. News & World Report, Purdue delivers world-changing research and out-of-this-world discovery. Committed to hands-on and online, real-world learning, Purdue offers a transformative education to all. Committed to affordability and accessibility, Purdue has frozen tuition and most fees at 2012-13 levels, enabling more students than ever to graduate debt-free. See how Purdue never stops in the persistent pursuit of the next giant leap at https://stories.purdue.edu.

About Purdue Research Foundation Office of Technology Commercialization 

In fiscal year 2022, the office reported 157 deals finalized with 237 technologies signed, 379 disclosures received and 169 issued U.S. patents. The office is managed by the Purdue Research Foundation, which received the 2019 Innovation and Economic Prosperity Universities Award for Place from the Association of Public and Land-grant Universities. In 2020, IPWatchdog Institute ranked Purdue third nationally in startup creation and in the top 20 for patents. The Purdue Research Foundation is a private, nonprofit foundation created to advance the mission of Purdue University. Contact otcip@prf.org for more information. 

Writer/Media contact: Steve Martin, sgmartin@prf.org 

Source: Kathryn Seigfried-Spellar, kspellar@purdue.edu