by Paolo Valpolini
The number of electronic evidence is dramatically increasing together with the use of such devices by nearly all the people. Searching computers for crime evidence, including pictures, has thus become a usual procedure. However such search usually takes hours of work of specialists, who moreover are available in small numbers. The time used to analyse the content of computers seized to suspects delays the availability of evidence. Depending on the size of the memory to scan current systems can take from hours to days.
UK-based Cyan Forensics developed a new set of tools that allow reducing considerably the time needed, opening new horizons, such as near-real-time search on items carried by suspect people, i.e. in airports. The company just released its first set of tools based on new generation algorithms developed in cooperation with academia. Cyan Forensics tools are 16 times faster, thus an 80 Gb device which was usually scanned in 35 minutes can be now scanned in two minutes, a time fully compatible with on-site analysis. A 1 Tb hard disk can be scanned in 27 minutes instead of today 7 hours 30 minutes. Typical material searched by police officers is related to counterterrorism, material related to radicalisation, or child sexual exploitation. The company system uses a contraband filter rather than a hash database; these filters are inherently secure and it is impossible to extract from the images or data, which is not the case for databases, thus allowing the use of the Cyan Forensics software can thus be used without risk outside of the lab for on-site analysis, multi-filter search capability being available. The dramatic decrease in search time allowing a faster finding of evidence, together with the high reliability of the system, can in some cases change the outcome of an investigation, while in general terms it allows employing computer search in a wider number of situations. Will this soon apply also to mobile phones, that have become one of the most widely diffused storage items?