2nd Year uni studen...
 
Notifications
Clear all

2nd Year uni student - Mobile forensic app

9 Posts
5 Users
0 Likes
758 Views
(@laurencem)
Posts: 4
New Member
Topic starter
 

Hi,

I'm currently in my second year at the University of Derby studying computer forensic investigation & network security. For one of our modules we have been placed into a 'company' to develop new software. We have decided to create an app (for use with phones or tablets - android only for now as we only have 12 weeks), that allows a user to create a case, and document everything found at a scene.

The app would go something like
Open the app >> Login (this is just incase someone gets hold of your device as you don't want anyone playing around with the app) >> You'll be greeted with a list of devices that you may find >> Click one (IE Hard Drive) >> You will then be able to take a picture, note down the serial and any other codes >> You will do this for everything you find, once finished the app will be able to generate a report based on what you have entered which can be used when creating the final court/internal report.

Just wondering what sort of features you guys would want, what issues we may run into, any possible legal problems (we want the evidence to be admissible)? Or anything else you could think of?

Thanks

 
Posted : 23/01/2013 5:21 pm
(@boucher88)
Posts: 15
Active Member
 

As far as issues go, try to think of who would be using the app and what benefit over existing methods it would provide.

If your target is a police force for instance, many of them do not have the resources to allow forensic analysts to gather data at the scene, only police officers. This would change the layout and language of your application as it would have to be tailored to suit a less technologically knowledgeable person/people.

Also the person using your application would need an untouched, dedicated business phone that the application could be used on. If not, (as if the case with many police forces) then the practically of such an application is seriously questioned.

If they do have such a device, how will your application save the police force time/money over using conventional methods (i.e. Camera, seizure forms and police notes). If you can't prove it would save time then practically it would never get used. This is before you even consider the legal issues.

They are many other issues dependant on what your user audience is. I would recommend trying to get in touch with those who you intend to be your user and gather some client requirements, researching how they do things currently.

I hope this is of help.

 
Posted : 23/01/2013 5:46 pm
(@zekituredi)
Posts: 16
Active Member
 

If this application is for only for documenting electronic devices that have been seized it will be much more hassle during an execution of a warrant compared to the practices that are already implemented by a lot of Police forces. Although if it was an application that took over the form filling for all items that could be seized during a warrant, it could be very beneficial.

 
Posted : 23/01/2013 7:04 pm
alex101
(@alex101)
Posts: 105
Estimable Member
 

How about an android app that's along the lines of QCC's CaseNotes?

You could include the ability to take photographs directly into the report (and hash them) then export the report as pdf (with final hash).

This would be useful for both examiners and/or police officers (as is QCC's CaseNotes).

 
Posted : 23/01/2013 9:15 pm
(@laurencem)
Posts: 4
New Member
Topic starter
 

Thanks for the replies, has opened up quite a few things for us.

So lets say a private company was asked to seize 'Johns' computer; a person is using a dedicated android device to open the app (Say a £100 tablet - we're trying to keep the app lightweight as possible), they create a 'new case', they take pictures of the computer (Note down the make/model etc), picture the internal components with serials etc - you know the drill. Once all pictures and data has been added, the PDF report can be printed, emailed, or saved online (Online may be an option in the future, depends on security risks).

The report created by the app is court friendly; so all that needs to be done once you get back to the office afterwards is the investigation into what's on the hard drive / RAM / any other devices.

 
Posted : 23/01/2013 9:25 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

More loosely if you check some of the existing tablet based "inventory" software, the procedure is more or less the same, (but instead of the picture/pictures taking a bar code scan is performed).

jaclaz

 
Posted : 23/01/2013 9:28 pm
(@laurencem)
Posts: 4
New Member
Topic starter
 

More loosely if you check some of the existing tablet based "inventory" software, the procedure is more or less the same, (but instead of the picture/pictures taking a bar code scan is performed).

jaclaz

We could include an option to scan a barcode instead of taking a picture - Would make it easier for items with bar codes, and then if there isn't a code then a picture could be used.

Alex Thanks for the link to QCC's CaseNotes - Has quite a bit of information to help with security related stuff; Just need to read into how much can be done with android.

 
Posted : 23/01/2013 9:32 pm
(@laurencem)
Posts: 4
New Member
Topic starter
 

As a side note

Does anyone here have an adroid device? If so would anyone like to test the app once it's ready for testing? (We will be creating a website with a download link / information)

 
Posted : 23/01/2013 9:34 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

We could include an option to scan a barcode instead of taking a picture - Would make it easier for items with bar codes, and then if there isn't a code then a picture could be used.

Yep ) , but what I meant was something different, I was suggesting you how there are great similarities in the "procedure" or "workflow".

There are virtually no differences between making (correctly) an inventory of a warehouse and "cataloguing" items found during a search (well things in a warehouse should be slightly better accessible wink ), basically "by hand"
Warehouse inventory

  1. you get where the stuff is carrying your blocknotes, pen and (optionally) a camera
  2. you examine the item on the scaffolding
  3. you take notes of what it is and where it is
  4. optionally you take a picture of it
  5. loop to #2 until no items left
  6. [/listo]

    Caltaloguing items found in a search

    1. you get to the place carrying your blocknotes, pen, camera and some containers for evidence
    2. you examine the item found
    3. you take notes of what it is
    4. you take a picture of it
    5. you put it in an evidence container (and seal/sign/date/etc.)
    6. loop to #2 until no items left
    7. you carry the evidence containers away with you or arrange to have them delivered to laboratory
    8. [/listo]

      When it goes to "automated" and with the help of a tablet instead of the paper/pen the procedure is exactly the same in both cases, when doing an inventory you might want to use a bar code scanner to be faster and avoid mistakes when copying serials/labels/ID's etc., but the workflow is the same.

      The suggestion was that since the "inventory" kind of software exist, you could have a look at some of them to understand how exactly the workflow is arranged (as I presume that their developers will have tested sequences/commands/sound alerts if needed/etc./etc. that result in either a faster or "as intuitive as possible" procedure).

      jaclaz

 
Posted : 23/01/2013 11:45 pm
Share: