Sifted evidence. The tangible possibility of digital forensic technology. Grier ForensicsAfter listening to colleagues for years and exploring it further, Jonathan Grier saw how pressing the need was for technology like his. As explained in the previous discussion with Grier, his technology decreases the time to image a hard drive by 3 to 13 times, speeding digital investigation and reducing the use of resources. 

Grier told us that he did preliminary experiments, wrote some software and then looked to see if he could get some kind of backing. He explained that although the NIJ was the organization that bridged the gap between idea and practical application for his technology, it was another agency that saw its possibility. In his search, he was directed toward DARPA.

Grier wrote a proposal for DARPA, who are generally interested in cyber incident response and cyber defense. The military is usually constrained not only by time but by resources, so any technology that speeds things along and cuts resources might be welcome.

Establish your company as a technology leader. For 50 years, the R&D 100 Awards, widely recognized as the “Oscars of Invention,” have showcased products of technological significance. Learn more.

The recent grant is from the NIJ, but DARPA funded Grier initially.

"DARPA does not take things to a finished product. It's not their goal," Grier said. What they do is "to remove the excuse of impossibility." 

After the initial viability of a technology is proven, it is then handed off to other organizations — whether governmental agencies or private industry — to bring it to fruition.

So, today, the NIJ is providing funding for the technology's use by state and local law enforcement. Is there anything beyond that for Grier? 

"My vision is that this would become the dominant way to deal with forensic investigation," whether for law enforcement or the private sector, Grier said. 

Enterprise forensics is huge. Companies with say 50,000 PCs don't want to ship out their equipment, Grier explains. Investigations are done remotely. And there are many bottlenecks in terms of resources, and, as a result, many investigations bypass the chain of evidence. 

"There might be a backlash against remote technology," Grier pointed out, but this system has the ability to preserve a bit-by-bit device-level image. This ability will be extremely useful when evidence is needed in court. Also, the technology builds an element of trust in the evidence, which would make the digital evidence obtained less likely to be thrown out. 

In a time when many things are virtual and seem ephemeral, public trust in the legal system can be built, Grier said. If the "smoking gun is some bits stored in the ether, it doesn't really promote confidence," he added.

Grier said he would like to see his technology become a seamless part of the digital forensic process. His software would become a function of another program that could be activated when using that other software.

"I don't want them to know my name," Grier said. "I just want them to know that it takes 10 percent of the time it used to take."

But why go to all the trouble to copy a disk? Wouldn't having the original computer inspire trust? Why not work with the original source of the data evidence?

"We never want to work with the original. When you work with something, you interact with it, and when you interact with it, you modify it. One false step can destroy huge amounts of data," Grier said. 

Aside from data loss, anything that goes to court needs to be given to both sides for the sake of disclosure, Grier said. Additionally, those outside of law enforcement cannot seize a device; so, a copy is necessary. 

We wondered if there would be a product that Grier Forensics will sell.

"Although there is a stand-alone product at the moment that law enforcement is trying out to give us feedback," Grier explains. "It will have its greatest impact when it is incorporated."

This was the last installment of Forensic Magazine's discussion of Grier Forensics' sifting technology. Read Part 1, an interview with Martin Novak of the NIJ, and the first part of the discussion with Jonathan Grier in Part 2.

Jonathan Grier is principal of Grier Forensics.