Elementary: A secure platform for the acquisition, custody, processing and presentation of electronic evidence

Project Overview

Elementary: A secure platform for the acquisition, custody, processing and presentation of electronic evidence

In this day and age, there is a rise in the number of delinquents who make use of new technologies to facilitate committing violations and eluding the authorities. This fact has generated the need for the Judicial Police, the Prosecutor General’s Office and the Judiciary to specialize and train their personnel in these new areas, where the ICTs become essential tools in the support of Justice, the interception of the violation and the persecution of the delinquent.

Data acquisition is one of the most relevant stages in the success of a criminal investigation and demands highly effective work from the investigators in charge of acquiring, preserving, evaluating and presenting digital evidence in order to guarantee its authenticity and integrity for later use before a Criminal Court.

Through Elementary, a set of tools capable of acquiring, safeguarding, processing and presenting evidence can be developed, such that all this digital information may be used as evidence before the courts. Moreover, Elementary will be capable of providing digital evidence from cloud computing environments, regardless of the difficulties posed by such new Internet service environments (PaaS, SaaS, IaaS, etc.).

Objectives

The main objective of Project Elementary consists in designing and developing a set of tools capable of acquiring, preserving, processing and presenting electronic evidence, constantly assuring information authenticity, integrity, completeness and quality.

The project’s technological objectives will provide the Elementary platform with following features:

  • Hot Data Acquisition (systems in operation): hard drives and external storage devices, data residing in volatile memory, running processes, cache data, such as DNS entries, ARP, navigation, recycling bin, etc., active sessions and users, input/output traffic.
  • Cold Data Acquisition (systems off): hot data acquisition (systems in operation), cold data acquisition (systems off), tagging of hard drives and external storage devices, raw HDD copy (integrated copies), remote data access, security sealing and storage of HDDs: both originals and copies, integrity check (MD5, SHA1, SHA256, etc.).
  • Data capture from mobile devices: data capture from tablets and smartphones, supporting most operating systems, such as iOS, Android, RIM and Windows Phone, among others. It may even capture information from SIM cards or backup files.
  • Data capture from the cloud: Elementary will develop a powerful system capable of acquiring digital evidence from cloud computing environments.
  • Secure and reliable custody to assure privacy, authenticity, completeness and non-tampering of digital evidence obtained by way of: role/permit-based access control systems; periodic backups aimed at recovering information in the event of loss or attack; powerful contingency plans capable of determining what to do, how to do it and under what responsibilities for a wide range of scenarios; malware, spyware or virus protection.
  • Evidence analysis and processing.
  • Customizable report generation.
  • Presentation of the evidence will enable exporting results and reports in commonly used formats, such as MS-Word/Excel/Power Point or PDF.
  • Friendly user interface.
  • Creation of processing and presentation templates – will consist of a WYSIWYG data modeling tool to enable easy creation of presentation templates.

Participating Bodies

Nextel S.A.

INNOVALIA ASSOCIATION