SCHUMER ANNOUNCES ODYSSEY RESEARCH ASSOCIATES IN ITHACA SET TO RECEIVE $775,000 IN DOJ GRANTS FOR ELECTRONIC CRIME AND FORENSIC EVIDENCE RECOVERY

U.S. Senator Charles E. Schumer today announced that the National Institute of Justice has awarded four grants totaling $775,000 to Odyssey Research Associates in Ithaca under the Electronic Crime and Digital Evidence Recovery Program. These funds will enable Odyssey Research to improve the tools and technology needed to retrieve forensic evidence in an accurate, accessible and efficient manner. Odyssey Research Associates in Ithaca is a subsidiary of the Architecture Technology Corporation, and conducts advanced research and development in computer security and reliable systems, and has a growing research group in information management.  

"Criminals can no longer run and hide from forensic evidence," Schumer said. "Through these grants, Odyssey Research will continue to improve the quality and efficiency of their stateoftheart technology that allows the most accurate and thorough retrieval of forensic evidence from computer systems. I will continue to support programs like this that address the growing need for quality forensic science technology, research and training."   

Odyssey Research Associates will use these four grants, totaling $775,000, to improve the tools and technology needed to retrieve forensic evidence in an accurate, accessible and efficient manner. Specifically, the first grant will improve the capabilities of NIJfunded Mac Marshal, a digital forensics tool used by law enforcement that extracts and analyzes forensic information specific to Macintosh computers. Mac Marshal is in wide use, and significantly increases the quality of evidence extracted from Mac Computers, while reducing the backlog of cases. With the second grant, ATCNY will develop Mobile Marshal, a forensic data extraction and visualization tool that operates on backup files generated from mobile devices. The third NIJ grant will be used to make improvements in efficiency and reporting capabilities to P2P Marshall, a program that allows digital forensic examiners to examine files that have been shared on a target computer through peertopeer technology. The final grant will allow Odyssey Research Associates to make enhancements to Mem Marshal, a computer forensic software, by significantly increasing the efficiency of investigators through increased Mem Marshal's automated evidence gathering capabilities.

Electronic Crime and Digital Evidence Recovery: Proposals for Supplemental Funding $275,000

Mac Marshal is a NIJ developed digital forensic tool that extracts and analyzes forensic information specific to Macintosh computers. Mac Marshal is in wide use, increasing the quality of evidence extracted from Macs while at the same time reducing the backlog of cases. In order to make Mac Marshal an even better tool for law enforcement, ATCNY proposes four followon tasks for Mac Marshal: (1) Extend Mac Marshal's analysis capabilities to iPhone, iPad, and iPod disk images and backups; (2) Modify Mac Marshal to enable the analysis of Time Machine backups, partial disk images, and recovered deleted files; (3) Enhance and extend Mac Marshal's existing analysis tools in order to further speed investigations, including support for Mac OS (operating system) X 10.7 when it is released; and (4) Enhance the reports generated by Mac Marshal, making them highly customizable and showing in detail the sources of all data presented, enabling investigators to verify Mac Marshal's results using independent tools and to explain their findings in court.
 

Electronic Crime and Digital Evidence Recovery: Forensic Tools for Mobile Cellular Devices $275,000

ATCNY will develop Mobile Marshal, a forensic data extraction and visualization tool that operates on backup files generated from mobile devices. Mobile Marshal will extract valuable cell phone information such as the contact list, SMS messages, and call logs.  Additionally, because of the flexibility of the backup files, formats, other data such as pictures, calendar events, and todo lists will be extracted. Mobile Marshal will compare multiple backup files to determine differences between them, thus identifying when data objects have been added or removed from a device. Mobile Marshal records an audit log of all the actions it takes, generates forensically sound hashes of all data, and provides detailed reports of the information extracted.

Electronic Crime and Digital Evidence Recovery: Proposals for Supplemental Funding $125,000

To obtain evidence from P2P file sharing clients efficiently, law enforcement investigators and forensic analysts require a fast, easyto use computer forensic analysis tool that acquires and analyzes this evidence. P2P Marshal fills this role, but should be enhanced to increase its usefulness to forensic analysts. To better meet the needs of law enforcement, P2P Marshal will address the following requirements: 1. Analyze individual evidence files, such as those extracted by thirdparty tools or available in partial disk images; 2. Provide data source information in reports, simplifying presentation in court; 3. Provide improved reporting capabilities; 4. Support modern P2P clients often seen in crime labs; and 5. Support new versions of existing P2P clients.

Electronic Crime and Digital Evidence Recovery: Proposals for Supplemental Funding $100,000

ATCNY proposes two enhancements to the current Mem Marshal: (1) Desktop Recovery would enable investigators to see and operate a subject's desktop at the time his machine was imaged. Investigators could click on each window, resize, move it, and even use its scrollbars The recent computer activities of a subject would be immediately apparent to an investigator. (2) InMemory Disk Cache Forensics will allow investigators to quickly see which files were recently read or modified, and extract their contents, even for files written to drives that were not recovered. Together, these enhancements significantly increase the efficiency of investigators by increasing Mem Marshal's automated evidence gathering capabilities.

Odyssey Research Associates in Ithaca is a subsidiary of the Architecture Technology Corporation.  Odyssey Research Associates has conducted advanced research and development in computer security and reliable systems, and has a growing research group in information management.  The company provides many different computer software suites that have allowed law enforcement personnel to investigate crimes through forensic science.

The Electronic Crime and Digital Evidence Recovery Program is administered by the Department of Justice's National Institute of Justice.  The purpose of the  National Institute of Justice Research, Evaluation, and Development Projects Grantsprogram is to encourage and support research, development, and evaluation to improve criminal justice policy and practice in the United States. With this solicitation, NIJ seeks proposals for funding of research and technology development leading to the introduction of new forensic tools for digital evidence. NIJ is specifically interested in proposals addressing topics such as forensic tools for mobile cellular devices, data forensics in the Internetbased environment, forensic tools for Voice over Internet Protocol (VoIP) communications, and forensic tools for vehicle computer systems.