Hello everyone,
Hopefully 2013 has been good to you so far! It’s been a while since my last blog post, 2013 has been a busy year for us right from the get-go. We hope you enjoyed Paul Henry’s post a couple weeks ago, I always like seeing how someone might use IEF or other forensic tools in ways sometimes unintended by the authors.
Today the big announcement is IEF Frontline. Just released yesterday, Frontline is a scaled-down, simplified, and fast (a search takes 5-15 minutes) edition of IEF. Focusing on the essentials (pictures/videos, Internet history, and chat), IEF Frontline is targeted at first responders and less-technical personnel (i.e. not trained in digital forensics). It’s not a triage tool; we prefer to call it a “preview” or “first look” tool. There are lots of great triage tools out there (including IEF Triage which will continue to grow in features and functionality), Frontline is not one of them.
Triage tools certainly have their place in the investigative process but require a technical background or digital forensics training. What we’re trying to do (and I think we’ve succeeded) is to provide a low-cost tool that child exploitation investigators, parole and probation officers, border security agents, and patrol officers can use to get a quick look at what’s on a computer and to qualify it for seizure.
Here’s the problem (and this isn’t news to any of you): the number of devices per investigation are increasing and the amount of data on those devices is increasing. Budgets for the most part, however, are not. And even if they were, there’s just no way to keep up with the barrage of data by simply adding more forensic examiners. The time has come for us to empower the frontline and other non-forensically trained personnel to assist in digital investigations. Download our free white paper to read more about why we believe this is so important to the forensics process.
Can they do a full examination without any training? Of course not. But can they plug a thumb drive into a computer and run a program to get a quick look at what’s on that computer to determine if it needs to be seized or not? We think so, if that program is extremely simple to use and forensically “safe”. Frontline is not bootable. Why? The folks we are catering this tool to don’t know the forensic considerations around booting a suspect’s computer with a thumb drive or CD, nor do they want to know, and we shouldn’t be wasting their time teaching them these risky procedures when they won’t have the frequency of usage to stay sharp. It’s like any other training: you use it or lose it. They are experts and have skills and talents in other areas; we want to give them a tool that allows them to continue to focus on those areas and have a safe and easy way to quickly preview a computer.
The first concerns about Frontline are usually around it being forensically sound. Frontline runs from a thumb drive, does not install anything on the target computer, does not modify any last accessed dates/times, and saves all the recovered data back to the thumb drive in date/time stamped folders. The only 2 things that are added to the target computer are a USB drive entry in the registry and a prefetch file, both of which are unavoidable (and explainable) and make up a tiny footprint. To learn more about how Frontline is forensically sound, click here.
Ease of use? Frontline has one screen where you select what you want to search (Internet, Chat, Pictures/Video), enter a case number/name, and click Scan Computer. That’s it. The search starts and a simplified report viewer pops up where items can be reviewed and bookmarked. Frontline ships in a ruggedized Pelican case and with a Quick Start Guide to ensure the USB thumb drive is always protected and step-by-step instructions are always right there.
In the end, you have to try it to see for yourself what Frontline can do. Please visit our IEF Frontline webpage to learn more and you can request a free trial here.
Sorry for the long post! As always, we look forward to your feedback.
Stay safe out there,
Jad