USB Live Acquistion and Triage Tool (US-LATT)

Investigators and first-responders are in dire need of tools that quickly and efficiently acquire volatile evidence from live running computers. The development of a USB Live Acquisition and Triage Tool (US-LATT) will provide the ability for forensic examinations to be performed on live system prior to seizure. The US-LATT intent is to capture common information from systems. In addition, target data immediately relevant to cases involving subject matter such as youth exploitation, parole violations and possible terrorism. All forensic analysis of the collected information on the US-LATT will be done in the Forensic Lab using standard analysis tools like FTK or EnCase. This project contributes to the reduction of crime laboratory computer evidence backlog by allowing forensic computer analysts to more quickly process cases, using the volatile information gathered from a live acquisition. nca/ncf