White
Paper
ComputerCOP
Professional
ComputerCOP Professional is engineered to be used by Investigators. Ease of use, speed and built in crime categories allow computer searches to be performed, as they have never been done before. The new product is used to perform computer examinations by officers in the field. We believe this tool is a must for officers in this highly technological age when it seems that everyone has a computer. By quickly examining the computer of a person anywhere in the field, the Investigator can determine in minutes if there is a crime being committed
ComputerCOP examines not only all the local drives but is able to examine Zip drives, Jazz drives as well as the floppy drive, CD drives and/or all network drives available to the computer. ComputerCOP searches files, deleted files and all unallocated disk space on the drives. Additionally, ComputerCOP Professional is able to space on the drive. Additionally, ComputerCOP Professional is able to search and allow the user to review the file slack (the disk area between the end of the file and the end of a disk cluster where the files is stored) for all file types and also enables the officer to search and review Ram slack (a piece of random memory content that was saved to disk at the end of a file)
Upon starting the program, the officer is prompted for case related information, evidence folder location and search parameters.
After the scan is completed, the ‘multi view image review’ allows the user to examine from 1 to 9 images at a time. A single click on an image will bring the image to full view.
A click on the green ‘SECURE IN EVIDENCE FOLDER’ button and the file is copied to the evidence folder. A window opens and the officer types in a description of the evidence.
The description goes to an ‘evidence log’ that resides in the evidence folder along with the directory path of the evidence. Another click will return the examiner to the ‘multi view image review’ window. This feature, in conjunction with ComputerCOP Professional’s ability to detect graphic files by file header, as well as by file type, whether present, zipped or deleted, insures that the examiner will not fail to review renamed, deleted and/or hidden images files.
ComputerCOP’s word category directory tree enables the user to obtain an overview of words or phrase usages in existing files, deleted files and unallocated disk space. The ability to look at unallocated disk sectors allows users to review portions of deleted files containing questionable text. All suspect words found are documented in an expanding directory tree structure. The tree structure lists the suspect words by crime category then by word usage in descending order of number of occurrence.
This feature allows the examiner to get a complete overview of the computer’s textual content from a single screen of information.
ComputerCOP Professional offers extensive image and word search options. The image Options include both file type selection and file size range. The Word options include a crime category selection that allows the user to limit the search to words that
may be indicative of certain types of crimes. Several Law enforcement agencies have assisted us in dividing the 7,500 words and phrases into over 21 categories of crime. The categories include areas such as controlled substances, drug paraphernalia, burglary & robbery, sex crimes, terrorism and gambling. The Word Options, after a fast initial review of the hard drives, list all the file types found on the specific computer, and allows the examiner to select from that list, or to select all files for the automated search process. The examiner may add specific words to be searched for, those words stored on a floppy disk. This set of words and/or specific words added by the examiner.
ComputerCOP Professional provides a Case Management Tool that enables its user to easily document the evidence collected in such a way as to ensure a plea bargain or a conviction. After importing the evidence from the removable device from which it was originally secured to, the Case is presented to the user as multiple reports.
The first report is the Audit trail that documents every action of ComputerCOP during the examination.
The Cover Page and evidence Log document all of the information that was collected during the search of the suspect computer. The Evidence report shows each piece of evidence along with specific information about each piece of evidence.
From the Evidence Report, the user may open the piece of evidence in its associated application (i.e. doc in word, gif in browser, xls in excel). In order to ensure the integrity of the evidence, a copy of the evidence is moved to temporary and the associated application accesses the copied evidence; the copy is later deleted when the associated application is quit.
Throughout the entire evidence management process, the integrity of the evidence is maintained with an MD5 hash signature that is derived when the evidence is secured. Each time the evidence is accessed, the MD5 hash signature is verified. ComputerCOP professional allows the user to archive cases to conserve space on the computer. This Archive function compresses the case and moves to another location. ComputerCOP’s Restore function moves the case back to the Case Manager insuring integrity once again with the original MD5 hash signature.
The user may select print at any level in the Case Manager report tree. Selecting the Case and pressing the Print button will cause a report of the entire case to be printed. Selecting a computer serial number will cause a set of reports for the specific computer to be printed. It is also possible to just the evidence that was secured.
It should be noted in the Case Manger report tree that the time and date has been added to the serial number. This is done by ComputerCOP and enables the same computer to be examined multiple times as part of the same case.
The product is intended to be another standard issue piece of equipment enabling your personnel to do their job faster, easier and more cost effectively.
While ComputerCOP Professional makes use of the Windows operating system, ComputerCOP accomplishes the examination of a computer without the need to install the product on the suspect computer. It is not possible to detect that ComputerCOP Professional’s Evidence collection tool has been run on a computer.
1-800-210-4209