Filehound sniffs out extensions on suspects' computers

The National Institute of Justice (NIJ) has given $200,000 to Purdue University professors working on software that lets police investigators more efficiently search for files on a suspect’s computer.

The software, called Filehound, helps police mine specific types of information, such as images and spreadsheets. In the case of child pornography, a suspect may try to disguise photos by changing the file extension from .jpg to.doc. Filehound, however, examines a file’s coding, which alerts investigators to hidden photo files, according to the university.

Purdue’s College of Technology spearheads the Filehound software project. Marcus Rogers, an associate professor in the college’s Department of Computer and Information Technology, and Richard Mislan, an assistant professor in that department, created Filehound with the help of graduate student Blair Gillam.

Rogers said Filehound enables investigators to quickly identify and evaluate files. The software resides on a laptop computer, which investigators take to a crime scene. The laptop is connected to the suspect’s computer via a hardware write block device, which prevents the modification of the computer’s hard drive.

“The central requirement for a sound forensic examination of digital evidence is that the original evidence must not be modified,” according to the National Institute of Standards and Technology’s Computer Forensics Tool Testing project. The capture of digital data from hard drives “must be performed so that the contents are not changed,” NIST reported.

Filehound has been provided free of charge to about 85 law enforcement agencies worldwide. The NIJ grant will be used to make improvements to the software. The program will be fully operational by summer 2007. At that point, Filehound can be offered to additional agencies, the university said.

Rogers said the software will not be commercialized and will remain free to law enforcement agencies.

Users will incur some hardware costs. Rogers said the cost of a hardware write block kit is about $1,250. Digital Intelligence’s UltraKit, for example, is priced at that level. UltraKit provides Parallel IDE, Serial Advanced Technology Attachment and SCSI hardware write blockers. Other vendors such as WiebeTech also offer write block products that will work with Filehound, Rogers said.

Filehound and a hardware write block kit offer a major cost advantage, he said, adding that the equipment many officials use today costs about $15,000.

In addition to the Filehound grant, the Purdue professors also received a $240,000 National Institute of Justice grant to pursue a Forensic Rapid Evidence Extraction Analysis Kit. That project aims to provide a simplified way to extract information from cell phones and other mobile devices, according to the university.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.