UK digital forensic experts Evidence Talks released SPEKTOR Drive. It is the latest powerful e-discovery, litigation support and forensic incident response tool designed for non-expert users, and will reduce the need for outsourced expertise, which will lower the cost of responding to litigation, digital incidents and forensic investigations.
Andrew Sheldon, director and principal consultant at Evidence Talks, and a 20-year veteran of forensic investigations, explained: “Corporates are no longer prepared to pay the high fees associated with sending outsourced consultants around the globe to preserve and examine digital evidence when, in many cases, little of value is identified.
“Recently, a corporate compliance manager expressed his annoyance at having spent tens of thousands on sending an expert overseas to, in his words, ‘wait for ages while forensic imaging was completed and then receive an inconclusive, complicated report three weeks later’.”
In response to the frequent occurrence of this type of frustration, Evidence Talks leveraged the success of its flagship law-enforcement product, SPEKTOR Forensic Intelligence, to create SPEKTOR Drive for the corporate market. This new tool enables non-technical users to preserve and assess digital evidence to create an e-discovery, compliance and incident response.
Because it is intuitive, powerful and easy to use, in-house staff no longer need specialized skills or experience to conduct common forensic investigations, data preservation and discovery tasks, which helps avoid incurring outsourcing costs.
Designed to cope with most of the tasks required by corporates, SPEKTOR Drive is a bootable thumb drive that temporarily turns a normal PC or laptop into a powerful digital forensic workstation. Its simple interface guides the user through every step of data preservation, analysis, review, reporting and exporting procedures.
It makes it easy for non-technical users to rapidly preserve, investigate and report on the contents of computers, servers and removable media using forensic methods. SPEKTOR Drive’s reports are suitable for hearings and interviews and to be submitted as evidence, and include audit logs of the investigators’ actions.
Some of the most regular forensic tasks this innovation addresses in corporate scenarios includes: (1) Acquiring full images of suspect media in any of the common forensic tool formats, (2) Preserving live system memory and network data, and (3) Forensically acquiring target content, such as email, documents, images or other files based on date ranges and/or content type.
In all cases, SPEKTOR Drive uses forensically sound techniques to recover live and deleted content, while not altering the original, retaining all original file and file-system metadata, and ensuring compliance with forensic best practice by locking the user into a guided process using clear onscreen prompts.
More than a preservation tool, SPEKTOR Drive automatically extracts, analyses, indexes and categorizes collected content without the user needing to do anything more than press the start button. It knows how to dissect email containers while maintaining links between individual emails and their attachments; reconstruct web pages, browser history and chat sessions; process file metadata; and even detect potentially devious file-hiding activity.
Using the powerful index and hash matching capabilities, users can perform instant and unlimited keyword searches, as well as review email messages, Office files and documents, images, movies, browser activity and much more in an intuitive review interface that protects the original data.
“SPEKTOR Drive will pay for itself the first time it is used in anger for e-discovery or forensic investigations,” commented Andrew.
If internal staff call in external staff, they can save money by handing them forensic images or fully audited file collections created by SPEKTOR Drive.