FileTSAR: Free digital forensic investigations toolkit for law enforcement
Purdue University cybersecurity experts have created FileTSAR, an all-in-one digital forensic investigations toolkit for law enforcement.
FileTSAR, which stands for Toolkit for Selective Analysis & Reconstruction of Files, combines open source tools and code wrappers to provide a tool for network forensic investigators to capture, selectively analyze, and reconstruct files from network traffic.
The toolkit collects data at the network packet level and allows investigators to reconstruct documents, images, email and VoIP sessions for large-scale computer networks.
“The current network forensic investigative tools have limited capabilities,“ said Kathryn Seigfried-Spellar, assistant professor of computer and information technology, and lead of the research team.
“They cannot communicate with each other and their cost can be immense. This toolkit has everything criminal investigators will need to complete their work without having to rely on different network forensic tools.”
FileTSAR uses hashing for each carved file to maintain the forensic integrity of the data, and this makes the results of the investigation admissible as evidence in court proceedings. ..Read more..