This Master’s thesis paper serves as a guide for law enforcement personnel to the LEAP utility for running live forensic analysis, and reviews current standard operating procedures used by law enforcement as well as encryption complications with current procedures.
The purpose of the thesis is to explore the current options for users to encrypt data and law enforcement practices, and to provide a guide for law enforcement workers in using the LEAP utility to capture live forensic evidence. The objective of this LEAP utility, which is designed to be implemented on mobile storage technology such as external flash drives and hard drives, is to provide law enforcement with a new tool to collect as much data as possible while operating under a live environment. Before presenting arguments and guidance for the LEAP utility, the author first provides a broad overview of the terms and technologies referenced and examined in the thesis, including methods of encryption, TPM chips, BitLocker, and current law enforcement practices and techniques regarding digital evidence.