We’ve all been there, right? You’re a forensic examiner with a backlog of cases in your lab and you’ve just been handed another piece of media to add to your caseload. Of course, this is time sensitive too and the final report was needed yesterday. You want to get started with your examination right away but first you need to acquire an image of the evidence. You plug the new drive into a write-blocker and then into your forensic workstation and start the acquisition process to obtain a full forensic image you can work from. Depending on the size of the source drive, that could take hours or even days. With your building caseload, you get to work on other cases while the new drive is imaging. As you wrap things up with your other cases, the new drive is finished imaging. But you’re still not done with the forensic process because you have to transfer that image file into your forensic exploitation software for processing, which could also take anywhere from hours to days to complete. And once it’s done, you still have to review the output to identify relevant evidence.
The amount of digital forensics data has increased dramatically in the past decade. And the need for investigators to be able to access that data quickly has never been more urgent. Digital evidence from a single law enforcement raid on a target can result in 10 terabytes of data that needs to be imaged and processed. Meanwhile, cases languish while investigators’ hands are tied waiting for their evidence.
From the front line investigator to the examiner in the lab, time-to-evidence needs to be shorter, and the path to evidence needs to be easier.
This reality was the catalyst for the creation of ArcPoint Forensics, Inc. Founders, Jared Ringenberg and Amy Moles had spent years working in the digital forensics field, sharing the pain points and frustrations of their fellow investigators, analysts, and examiners across law enforcement and military organizations. They watched while technical innovation and new advanced have helped professional examiners perform even more complex operations and deeper dives with captured data. However, the need that perpetually remained unmet was equipping people beyond the professional examiner to support the exploding caseloads. So, ArcPoint set out to develop straightforward, automated, fast tools that get more people doing more forensics.
The first step in the process was to perfect and patent our unique processing technique that enables ArcPoint tools to perform acquisition and exploitation simultaneously. We knew this would be essential to our goal of speeding up the digital forensics process. The next step was to create a tool built on that patent-pending technique that meets our second goal of eliminating the technical barrier to entry associated with most other industry tools. The result is our first product offering, ATRIOTM, a fully automated tool that simultaneously images and exploits your digital media, and provides simple, organized results in a non-proprietary format. And, ATRIO enables anyone on your team to image and exploit those 10 terabytes in about 35 hours.
ArcPoint’s mission was never to eliminate the need for the highly trained examiner, but to save their expertise for the most difficult operations. By providing much needed tools that empower other team members, we believe we are helping everyone do their best work, save time, and reduce backlogs.
Curious? Find out more about ArcPoint and ATRIO on our website www.arcpointforensics.com.
