Advertisement
Different regions of a typical hard drive vary greatly in their forensic value. The parts of the disk that hold, for example, temp files, history and logs as shown in the diagram will be of great value to a forensic investigator because they show clearly how a suspect’s computer was recently used. These areas are therefore labeled ‘High Value’ and will be part of an image created by Sifting Collectors, the product which Grier Forensics is developing for the Department of Justice.It is often the case that the spur to innovation in America takes the form of a government solicitation. As an instrument of the people, the government gives power to the those that develop ideas and tools that benefit everyone. Forensic tools are no exception.
 
Forensic Magazine recently spoke with Martin Novak, Program Manager at the National Institute of Justice (NIJ), and Jonathan Grier, principal of Grier Forensics. The focus of the discussions was Grier Forensics's development of a way to speed-up computer hard drive imaging. The growing use of digital evidence in court and in the field has created the need for access to suspects' information faster than before — not to mention, the growing amount of data found as evidence that needs to be analyzed.
 
In this Part 1 of our discussion, Martin Novak speaks about the NIJ's role in bringing Jonathan Grier's technology to state and local law enforcement personnel. He also speaks about the application beyond the state and local level. In the second part of the discussion, we talk to Jonathan Grier, getting technical details about his method. Grier also expands on the path he took from idea to application.
 
The solicitation and the need
In 2014, the NIJ put out a solicitation for new evidence processing. There were two parts to the solicitation. One was to find a means to speed forensic processing of large capacity digital media, and the other was to reduce digital evidence storage requirements. Grier applied for the first — speed. 
 
Grier's application was subjected to a standard review panel and was found to have merit. Although Novak was the project manager, he did not choose Grier Forensics. "They keep Program Managers at a distance during the selection process, so they don't have an influence," Novak says.
 
As Grier will explain about his experience with DARPA, he had a prototype. But the job of the NIJ was to mature the technology and make it stable for use by law enforcement.
 
Novak explained that hard drive imaging is one of the largest bottlenecks that investigators face. Even in the best of circumstances, it takes 16.5hrs to image a one terabyte drive. If Grier's software can triple the speed a drive is imaged, time would be cut to 5.5hrs. This is a conservative example as the software can image a hard drive anywhere from 3x to 13x faster than without it.
 
Often investigators at the federal level and in the private sector have the same problems as state and local law enforcement. A project funded in 2008-9 called Mac Marshal provided a way to forensically investigate Macintosh computers. Before this there was only a difficult-to-use Linux program. Mac Marshal was first put into use an easier-to-use Windows format, and eventually, into use a Mac format. The usable format made it more appealing to governmental agencies and private enterprises.
 
Moving forward
"I don't know any Program Manager that wouldn't like to see more stuff funded," says Novak. NIJ is not the only organization that is affected by budgets restrictions. But Novak says that NIJ sees the same level of funding year over year. The organization wants to get state and local law enforcement the tools they need, and NIJ "will be an active participant in this area for a long time to come," Novak says.
 
Now that Grier Forensics has been awarded the contract, NIJ follows what progress is being made. In addition to scheduled, formal evaluations, there must also be research papers written and conference presentations given. 
 
It comes down to, "Do we have a usable product?" says Novak. One way to determine this is to have a partner in the field. Actually, as a part of the application process, a partner is required. 
 
Read the second part of the discussion. Find out how Jonathan Grier and his software interacts with law enforcement investigators and about the benefits of his NIJ award. Also, read Part 3 of the discussion.
 
Martin Novak is a Program Manager at the National Institute of Justice.
 
 
Advertisement
Advertisement