Too often, sexual predators who seek child pornography—or, worse yet, attempt to contact and meet children online—are pretty savvy when it comes to covering their online tracks. They regularly delete their browsing history, and erase file after file. Or they can be quite clever at hiding "stuff."

This often makes it difficult to investigate and prosecute these criminals. Case backlogs in the U.K. reportedly average two years, and police in the United States have indicated that backlogs can stretch up to twice that length of time. Typically, there aren’t enough specialists available—or the counter-technology resources don’t exist—that can readily reconstruct data that has been erased and scattered throughout a hard drive.

So professor Nasir Memon, a cyber-security expert and head of the Information Systems and Internet Security (ISIS) Lab at Polytechnic Institute of New York University, and his students have come up with a technology solution called Adroit Photo Forensics 2009, which that can reconstruct erased or scattered data. Adroit uses a patent-pending “SmartCarving” technology, developed at NYU-Poly, to find and recover these image files.

SmartCarving works in three phases: The first is preprocessing, in which file system data clusters are decrypted or decompressed as needed. The next is collation, in which data clusters are classified as belonging to a file type and, in some cases, even a particular file. The final step is that of reassembly, in which clusters that were identified and merged in the collation phase are pieced together to reconstruct files. This final step is much like simultaneously solving millions of jigsaw puzzles without knowing what the reconstructed picture would look like.

After recovering all deleted files, Adroit allows an analyst to quickly sort through and look for evidence from tens of thousands of files by using biometrics and other tools. It scans and sorts for child pornography images, distinguishing those from the legal images. It allows an investigator to search for evidence using time-line analysis, information about the camera, type of image and other factors.

Memon and his students have now formed a company, Digital Assembly, to launch and market this system. With the support of the National Science Foundation and NYU-Poly, Memon and his students are now getting this tool in the hands of forensic investigators. So far, Adroit is being used by police departments in Europe, Asia and the United States.

“The pressure on digital forensics professionals promises to only increase as criminals increasingly use computers for communication and storage,” Memon said. “We expect that software like Adroit will help reduce the backlog of cases awaiting digital forensics expertise and help solve crimes like child pornography quickly and efficiently.”