Digital forensics examiners dealing with video, CD or DVD, and/or Flash device forensics may be interested in what’s coming this fall from Infinadyne, one of our conference Platinum sponsors: three pieces of free software (valued at more than $1,000) per participant, plus labs that introduce the software and help investigators figure out where it fits in their day-to-day.
The three pieces of software – CD/DVD Inspector, Vindex, and Flash Retriever – represent a mix of what Infinadyne has to offer investigators. “CD/DVD Inspector is the best known of our products, having been around since 2003,” says Paul Crowley, the company’s president. “Vindex is our newest software, while Flash Retriever addresses a different need by imaging data from Flash devices and SD memory cards.”
Conference participants will be able to download a one-year license from Infinadyne.com for all three fully featured products, which will be available on a CD-ROM at the conference.
Who can use these tools?
Crowley says that although copyright infringement (especially of movies) and child exploitation constitute 85 to 90 percent of cases that most often see this software used, other “more esoteric” uses emerge, too.
In one case, a suspect being raided by the U.S. Secret Service snapped a DVD in half in front of the agents. “They called us, and we explained how to put it back together and sent them an evaluation copy of CD/DVD Inspector,” says Crowley. “An hour later they bought four copies.”
Inspector was also used in Baghdad, during an investigation into mercenary outsourcing abuses. That order came in via satellite phone call. Improvised explosive device (IED) plans have been found on DVDs overseas, and Navy SEALS were reported to have found about 100 Flash drives at Osama bin Laden’s compound.
Crowley expects to cover the CD/DVD Inspector and Flash Retriever capabilities during Infinadyne’s lab. “These tools make it easy for participants to do hands-on imaging,” he explains.
Last year, the Inspector lab exercise took a DVD that was not playable, then extracted the video from the disc so that it could be played. This phenomenon happens more often than many people think, especially when it comes to disk images that have not been properly finalized. Crowley says this is most frequent with direct camera-to-disk video surveillance or other recording.
The Flash Retriever lab, meanwhile, will use three camera cards: one card that holds digital images, one card that contains deleted images, and a third from a camera that has been formatted so that the images have been wiped.
Crowley relates the story of a forensic examiner from Arizona who had gone through the lab at a conference in Las Vegas. He emailed Crowley a week later to tell him that the evaluation copy of Flash Retriever he’d received had helped him retrieve images that his usual method could not.
Exhibiting a new product
At its booth, Infinadyne will be showcasing a new hardware product: Rescue Drive, a modified DVD-ROM player that works with CD/DVD Inspector to help examiners read discs that will not mount.
“A CD or DVD is not like a hard drive,” says Crowley. “You can’t get at the data in it unless the drive lets you. So in the past, the solution might have been to take the drive apart, but most supervisors nixed the idea because exposing the laser was a safety hazard.”
Crowley will demonstrate how the patent-pending Rescue Drive works, which is by using a “swap mode.” Examiners first put a good disc in the drive. Then, they press and hold the Eject button to put the drive in swap mode; when the tray opens, the examiner places the bad disc inside.
“Swapping” the disc in this way fools the drive into “thinking” that it’s seeing the otherwise inaccessible disc. Then, the examiner can use CD/DVD Inspector to analyze what’s there.
Lab registration will be available at a later date. Meanwhile, reserve your space in Indian Wells now!