Sunday, August 29, 2010

World’s Smallest Cyber Crime Investigation Device Released by ASCL & Data64

The world’s smallest cyber crime investigation device was released in Pune on Saturday 28th August, 2010 by Hon’ble Justice Rajesh Tandon, Chairperson, Cyber Appellate Tribunal, New Delhi.

Code-named pCHIP, this Portable Mega Investigation & Forensic Solution is delivered in two versions – on a USB device and on a micro SD card.

pCHIP runs from a USB drive / micro SD card without installation on the suspect PC. It captures relevant volatile evidence from a live (switched on) computer. It has an extremely easy-to-use interface and provides detailed reports.

Volatile Evidence Recovered by pCHIP

The pCHIP retrieves crucial volatile digital evidence from the suspect computer and generates 38 reports at the click of a button.

Password & Encryption handling by pCHIP

The pCHIP can detect and list password protected & encrypted files on a suspect computer. It can also attack and crack hundreds of types of passwords.

USB History detection by pCHIP

At the click of a button, the pCHIP can generate a report containing the details of every USB device ever connected to the suspect computer.

Cloning and Imaging by pCHIP

The pCHIP can clone and image disks and also recover deleted data.

pCHIP has been designed by Asian School of Cyber Laws & Data64 Techno Solutions Pvt. Ltd.

Data64 Techno Solutions Pvt. Ltd. is incubated by Science & Technology Park, a STEP promoted by Department of Science & Technology, Government of India.

Asian School of Cyber Laws is a global leader in education, training and consultancy in cyber law, cyber crime investigation and digital forensics.

Mr. Debasis Nayak, Director, Data64 Techno Solutions Pvt. Ltd. said:

It is widely believed that computer forensic investigations must be carried out on static data and never on live systems.

This usually means that the investigator would first pull the plug on any live machine and then physically remove the hard disk(s). This hard disk would then be imaged and subsequently the image would be analyzed.

We believe that such an approach is flawed. In many cases, it is prudent for an investigator to first carry out preliminary investigations on the live system and then pull the plug.

Some of the reasons for this approach are:

1. In many computer attacks, the evidence may be only in the computer memory and not in any files on the hard disk. Pulling the plug or shutting down such a computer may destroy the evidence.

2. If the suspect is using cryptography to secure his data, then pulling the plug may mean that the data will no longer be available in an unencrypted format.

3. The suspect could configure his computer to clear the paging file automatically on shutdown. This would cause a lot of evidence to be lost.


Benjamin Wright said...

Shoeb Hakim: On the SANS Institute's forensics blog, I have published new methods for preserving and authenticating evidence in a cyber investigation. What is your opinion? --Ben

David Richy said...

Cyber ​​Crime Investigation is a new concept which is developing around the world. Investigates cyber crime cases and help respective police organizations in implementation of laws addressing cyber crime and cyber frauds.


Watershed development said...

Thank you for providing this great information to us.