A new system allows investigators to boot, run, and install investigative tools to examine computers used in the commission of crimes or terrorism, without altering the contents or compromising the chain of evidence, according to the inventor.
It's common today for computers and their contents to be tagged as evidence. The problem has been how to boot and examine their contents, and still maintain "forensic soundness." Traditionally, this required painstaking hours of copying and transferring data. The result was a huge backlog in computer crime labs across the nation, while investigators waited months for forensic information to be processed, according to Voom Technologies Inc.(PDF)
The VOOM Shadow 2 is a hardware device designed break that logjam by providing "read write access from the host computer's perspective." It also includes a built-in hardware write blocker to maintain the original hard drive unchanged, according to VOOM.
"What a competent (computer forensics) examiner can do in a day with the Shadow, would surely take weeks or months using alternative forensic procedures," said investigator and former U.S. Customs Special Agent Will Docken in a testimonial.
The system allows seeing and operating the "native system," whether it's Mac, Linux, UNIX or Microsoft, according to the company. No more waiting for processing or forensic lab examination- you can start rummaging before the corpse has cooled.