Too
often, sexual predators who seek child pornography—or, worse yet, attempt to
contact and meet children online—are pretty savvy when it comes to covering
their online tracks. They regularly delete their browsing history, and erase
file after file. Or they can be quite clever at hiding "stuff."
This
often makes it difficult to investigate and prosecute these criminals. Case
backlogs in the U.K. reportedly average two years,
and police in the United States have indicated that backlogs can
stretch up to twice that length of time. Typically, there aren’t enough
specialists available—or the counter-technology resources don’t exist—that can
readily reconstruct data that has been erased and scattered throughout a hard
drive.
So professor
Nasir Memon, a cyber-security expert and head of the Information Systems and
Internet Security (ISIS) Lab at Polytechnic Institute of New York University, and
his students have come up with a technology solution called Adroit Photo
Forensics 2009, which that can reconstruct erased or scattered data. Adroit
uses a patent-pending “SmartCarving” technology, developed at NYU-Poly, to find
and recover these image files.
SmartCarving
works in three phases: The first is preprocessing, in which file system data
clusters are decrypted or decompressed as needed. The next is collation, in
which data clusters are classified as belonging to a file type and, in some
cases, even a particular file. The final step is that of reassembly, in which
clusters that were identified and merged in the collation phase are pieced
together to reconstruct files. This final step is much like simultaneously
solving millions of jigsaw puzzles without knowing what the reconstructed
picture would look like.
After
recovering all deleted files, Adroit allows an analyst to quickly sort through
and look for evidence from tens of thousands of files by using biometrics and
other tools. It scans and sorts for child pornography images, distinguishing
those from the legal images. It allows an investigator to search for evidence
using time-line analysis, information about the camera, type of image and other
factors.
Memon
and his students have now formed a company, Digital Assembly, to launch and
market this system. With the support of the National Science Foundation and NYU-Poly,
Memon and his students are now getting this tool in the hands of forensic
investigators. So far, Adroit is being used by police departments in Europe, Asia and the United States.
“The
pressure on digital forensics professionals promises to only increase as
criminals increasingly use computers for communication and storage,” Memon
said. “We expect that software like Adroit will help reduce the backlog of
cases awaiting digital forensics expertise and help solve crimes like child
pornography quickly and efficiently.”