Make this page my home page
  1. Drag the home icon in this panel and drop it onto the "house icon" in the tool bar for the browser

  2. Select "Yes" from the popup window and you're done!

September 17, 2013
Print Comment RSS

Tim Dees Police Tech & Gear
with Tim Dees

Computer forensics on a small department budget

Flashback Data has services designed to extract the data from damaged and/or encrypted storage media for as little as $500

These days everyone has access to computers, including criminals. This means that it’s rare for a complex case not to involve some kind of digital media, whether it’s a desktop computer, a laptop, a smartphone, or a flash drive.

Large agencies with specialized investigative units often have their own computer forensics labs, where digital evidence can be extracted and examined in-house. But roughly 80 percent of the law enforcement agencies in the United States have 25 or fewer sworn officers, and those agencies will have one or two general-assignment detectives, if that. There isn’t enough funding or manpower to staff a digital forensics function.

Flashback Data, an accredited lab in Austin, Texas, has services designed for departments with limited resources. Flashback will extract the data from damaged and/or encrypted storage media for as little as $500, then return the data to you for analysis by your investigators.

Request product info from top Evidence Management companies.
First: *
Last: *
Department: *
Department size: *
Email: *
Zip Code: *
Telephone: *
I recommend or purchase products for my Department: *
Purchasing Timeframe: *
*Required Field

Most law enforcement agencies have access to a state or regional crime lab for digital forensics, but those resources tend to be overextended.

“Typically, what you’ll end up having to do is get into a queue at whatever regional lab services you. And that queue can be awful long,” said David McGroty, Director of Compter Forensics for Flashback Data.

“This can be problematic if you’re looking at something that may be time-sensitive, and they tell you, ‘If we put it in our high-priority queue, it will be a month and a half.’ That can be an awful long time in an investigation,” he said.

Flashback Data can crack the password on a smartphone, extract and return the data to the investigating agency, or do the same with a computer hard drive.

Flashback in Action
A small Oregon agency had a homicide investigation and had identified a possible suspect. They believed that the information on a password-protected hard drive would tie the suspect to the crime.

The prosecutor didn’t trust the mails or FedEx to deliver the hard drive to Flashback Data, so a detective hand-delivered the drive to Texas. Flashback Data was able to crack the password and deliver the contents to the detective, who took it back to Oregon for analysis. In the end, the suspect was cleared of suspicion and the detectives went on to look for other leads.

Most forensics labs do both extraction and analysis of the data. This isn’t always the most desirable method, as photos, emails and other media may contain elements that mean nothing to the forensics analyst, but are of interest to the detective who is familiar with the principals in the case. A photo of your suspect and victim together is extremely valuable if the suspect denies knowing the victim, but the forensics tech may not know what the suspect and victim look like.

Another issue all computer forensic labs face is the increasing size of storage media. A laptop hard drive used to be considered large if it held 80GB. Now, 500GB hard drives are common in laptops, and there are 3TB (3072GB) hard drives for desktop machines available for about $100. Although investigators can always sift through this volume of information manually, a good forensic lab may be able to make the process more efficient.

Like a Key Under the Mat
Cracking the password on storage media that has been encrypted can be much easier if the volatile memory of the computer is preserved. McGroty provided a residential analogy for computer security. “It doesn’t matter how good the locks on your front door are if you keep a key under the mat.”

Popular open-source encryption software like TrueCrypt and PGP do a good job of protecting data from prying eyes, but the password they key in to decrypt the file may be stored in the computer’s random access memory (RAM) when it’s entered. The RAM contents are constantly changing as new processes start and stop, and the RAM is purged completely when the power is shut off.

By using a data capture application such as the Forensics Tool Kit on a flash drive, a responding officer can download and preserve the RAM contents before power to the computer is interrupted. Alternatively, it may be possible to plug the computer into a portable power source for transport, so that a trained forensic tech can capture the contents of the RAM before it vanishes.

Without some hint as to what the password might be, decrypting the drive might take a while. A brute-force cracking effort requires a lot of networked computer power a local lab may not have. A service like Flashback Data can put its battery of machines to work and extract many passwords, given enough time.

If your agency is small and you have computer evidence to handle, don’t throw your hands up in frustration. Consider the economy of using limited services from a commercial forensics lab and allow them to perform the heavy technical work, leaving the analysis to your officers already on the payroll. 

About the author

Tim Dees is a writer, editor, trainer, and former law enforcement officer. After 15 years as a police officer with the Reno Police Department and elsewhere in Northern Nevada, Tim taught criminal justice as a full-time professor and instructor at colleges in Wisconsin, West Virginia, Georgia, and Oregon.

He was also a regional training coordinator for the Oregon Dept. of Public Safety Standards & Training, providing in-service training to 65 criminal justice agencies in central and eastern Oregon.

Tim has written more than 300 articles for nearly every national law enforcement publication in the United States, and is the author of The Truth About Cops, published by Hyperink Press. In 2005, Tim became the first editor-in-chief for Officer.com, moving to the same position for LawOfficer.com at the beginning of 2008. He now writes on applications of technology in law enforcement from his home in SE Washington state.

Tim holds a bachelor’s degree in biological science from San José State University, a master’s degree in criminal justice from The University of Alabama, and the Certified Protection Professional credential from ASIS International. He serves on the executive board of the Public Safety Writers Association.

Dees can be reached at tim.dees@policeone.com.

Keep up on the latest products by becoming a fan of PoliceOne Products on Facebook




PoliceOne Offers


Evidence Management Sponsors

Featured Products

TASER X3

TASER X3



Digital Evidence Management Solutions

Digital Evidence Management Solutions




Featured Videos

Top Product Articles

Featured Product Categories

Evidence Management Questions

PoliceOne Offers