Try Buy
 

2018 in Review

The close of 2018 provides a perfect milestone to reflect on what we accomplished and contributed in the last year. We shared novel research and tools that advanced the field of digital forensics, worked with third-party vendors to improve tool interopability, and brought game-changing forensic tools to the market.

Here's the reasons why we are proud of the year and looking forward to 2019.

Brought a game-changing approach to in-lab forensic workflow to market

In May we announced Evimetry Lab: a game changing approach to accelerating in-lab workflow. Lab fuses our existing analyse-while-you-acquire technology with high-end networking & storage. This enables acquisition and processing to occurr at the same time with negligible slowdown. Our early adopter testing is showing evidence progressing into the analysis phase hours and days earlier, especially for multi-terabyte spinning disks.

Evimtry Lab gets processing underway as acquisition proceeds

Advanced the state of the art in evidence preservation

Third party interest in and support for the AFF4 evidence container really began to pick up. With it we attracted funding to continue our research and development and contribute back to the open source forensic stack.

Shared a refined AFF4 logical imaging implementation

A big-4 forensic team needed an open source logical imaging solution for an in-house forensic tool. We extended the Python AFF4 implementation to support logical imaging and released the code to the pyAFF4 Github Repository, for all to use.

The images produced are able to be browsed using regular ZIP64 implementations such as 7Zip (seen below).

AFF4 Logical Images are generally interopable with ZIP64

Created a new method of de-duplicated logical imaging

NIST have for years been archiving software distributions and compiling and releasing a hash set known as the National Software Reference Library (NSRL). With software-as-a-service, the game has changed, and NIST are currently looking at how to adapt their processes to Steam games.

We were funded by NIST to help solve their storage scaling issues with this work. Our solution was the addition of deduplication to AFF4 logical imaging, by adapting our earler AFF4 Hash Based Disk Imaging work to task.

We integrated the work with pyAFF4 and shared the code.

Grew the AFF4 tool ecosystem

Shifting the field to using AFF4 requires buy-in from the existing tool vendors, so making it easy to adopt the AFF4 evidence format has been a big part of our work to date. In August 2018 NUIX released v7.6, which includes our open sourced Java AFF4 read implementation. We closed out 2018 by helping Arsenal Consulting integrate AFF4 read support into the widely used Image Mounting software Arsenal Image Mounter.

Looking Ahead

We are excited by what 2019 has in store for us. We will release new features targeting in-lab efficiency and continue to refine Evimetry, making it simpler than ever to use. We look forward to sharing new research, continuing to contribute to the open source forensic stack, and supporting new vendors in adopting AFF4.