E-Crime Investigative Technologies (Continuation 2008-2009)

Florida State University will continue work on the following three projects: Distributed Network Technology for Large Scale Code Breaking (DNA project); Design & Development of an Undercover Anti-Spoofing Kit (UnMask project); and Predator & Prey Alert system (PAPA project). The DNA project will continue to support the submission and breaking of passwords and pass phrases by law enforcement agencies by providing a tool that will enable the computer forensic examiner the ability to break the password or pass phrase on a password or passphrase protected file, thus allowing them to examine that file. The UnMask project will automate the investigation of email-based crimes by providing a forensic tool that will allow the computer forensic examiner the ability to examine a spoofed email and to determine where it originated.

The PAPA project will support law enforcement in investigating crimes such as cyber-stalking and predators preying on children, and in the monitoring of parolees by providing an investigative tool that will allow investigators to 'shadow' the victim's online activities in a forensically-sound manner. The project will be redesigned to incorporate feedback received from law enforcement. nca/ncf

The UnMask system will provide law enforcement with a sophisticated toolkit that is practical, easy to use, secure, and powerful enough to serve as the focal point for the forensic analysis of suspect email. The goal of the UnMask project is to automate the investigation of email-based crimes. Continued funding will allow ECIT to integrate the following new capabilities into the system: (1) develop enhanced analysis and parsing tools to support the automatic generation of a targeted and simple report that will supplement and perhaps be more useful to law enforcement as compared with a comprehensive report dump; (2) enhance the UnMask system so that it is reasonably easy to deploy at law enforcement agencies with proper and adequate security considerations; (3) develop an Unmask Toolkit with substantial functionality including the ability to open emails in a virtual environment to analyze the behavior of email attachments; and (4) research the notion of accountability and its relationship to the UnMask system as it relates to the development of software architectures.

This project contributes to the reduction of crime laboratory computer evidence backlog principally through automation of the forensic process as it relates to email based crimes.

nca/ncf

The goal of the UnMask project is to support investigators in investigating email crimes such as phishing attacks and threats. UnMask supports the uploading of suspect email through a secure web interface, the automatic analysis of the email and addition of related Internet information into a database, and the generation of custom reports from the populated database. UnMask Version 2.0 will be deployed this year with feedback expected from analysts and investigators. Continued funding will allow ECIT to complete an UnMask Version 3.0 that would be available for general use by investigators. For the continuation project ECIT would (1) incorporate feedback received from the deployed system and also add new capabilities into Version 3.0 such as: email attachment analysis, origin of email analysis and a user-friendly query system; (2) extend the UnMask architecture to a web services architecture to increase the flexibility and usability of the system, (3) explore developing UnMask as an online system and its use as a spam filter. These new features and functionalities will make UnMask a comprehensive and extensible email investigation system. The availability of the feature-rich UnMask Version 3.0 system should provide law enforcement with a sophisticated toolkit that is easy to use and deploy, secure, and powerful enough to serve as the focal point for email investigations. This project contributes to the reduction of crime laboratory computer evidence backlog principally through automation of the forensic process as it relates to email based crimes.

ca/ncf