The University of New Haven has created a digital forensic evidence archive to revolutionize how investigators around the world analyze cyber forensic evidence and share data.
The new Artifact Genome Project (AGP), will document how various apps and digital information used as forensic evidence are structured and decoded. It will record where and what type of digital evidence can be located and, if data is encrypted, how to unencrypt it.
The initiative, modeled after the Human Genome Project, unites researchers and practitioners to centralize knowledge about digital forensic artifacts. Now a law enforcement professional in Chicago can see how a researcher in Miami decoded an app such as Tinder, which uses a location-based search-mobile app to connect users. Investigators can avoid having to themselves “crack the code” of each device or version of an app.
The database will allow investigators worldwide to solve cases more quickly as they will no longer have to figure out for themselves what others have already learned. Using the AGP platform, they can research what has been done before or message other investigators for help.
“So many applications and so many technologies are being created and continuously updated, that forensic investigators can’t keep up,” said Ibrahim Baggili, Elder Family Endowed Chair and founder of the university’s Cyber Forensics Research Group. “Without the artifact archive, every investigator is trying to figure out every technology.”
Now when investigators determine how to get information from a smartphone, for example, they can upload the “artifact” -- information about where and how they found the information --- to the Artifact Genome Project.
The AGP allows researchers to keep up with technology in drones, Fitbits, mobile phones, laptops with different operating systems, and millions of applications in the Google Play and Apple Stores, Baggili said.