MICROSOFT COFFEE

[nihil]

Interesting...............

It looks like a cost saving and resource optimisation exercise to me.

This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.

So you would certainly need physical access rather than an online connection.

I don't know about you guys, but over here computer forensics resources are scarce and expensive. This probably means that a lot of leads are not followed up due to budget and time constraints.

I could be wrong, but if the tool works it should indicate if there is anything worth pursuing further and greatly improve the effectiveness (strike rate) of the mainstream forensics facilities.

There might also be a PR angle to it, as it would avoid the annoyance and embarrassment of seizing equipment, keeping it for weeks or months and then finding nothing?

EDIT:

I wonder to what extent this product would be acceptable in a court to the extent that EnCase generally is?............witnesses? MD5 hashes?
It would seem to me that unless you create a certified copy of the drive BEFORE you do anything you will have just tainted the crime scene?

I am now thinking that it won't be that much of a help to the scene of the crime officers as they will still have to take the equipment and go through recognised procedures?

Where it might help, is by allowing the preliminary investigation to be carried out by semi-skilled personnel? After all EnCase is expensive and it requires quite a lot of expensive and time consuming training.

At the end of the day you are still faced with the usual computer forensics problem of proving who was actually using the computer when the offence was committed, and that they actually did it.