Contact Us Champlain.edu  
The Leahy Center for Digital Forensics & Cybersecurity
The Leahy Center for Digital Forensics & Cybersecurity

Raspberry Pi Imaging Device

Research Projects

Introduction

Since its arrival on the market, the Raspberry Pi has proved to be a solid base for any number of projects. On its own, it is a programmable single card computer (“microcomputer”) that fits in the palm of your hand and features multiple I/O pins that allow the card to control other hardware.  It is a compact, mobile programming solution.

analysis

The goal of our project is to create a mobile imaging device on the Raspberry Pi. A device like this would be particularly useful in a digital forensics environment, as imaging computers is essential when conducting digital forensic research. Creating an image is crucial when looking for forensic artifacts on a hard drive, where modifying the original in any way has the possibility of reducing its credibility.  Building a device such as ours would also allow an investigator to obtain an image of a client’s media without taking it from them.  Our team will be testing several different Raspberry Pi imaging configurations for performance, efficiency, and ease of use. These potential configurations include using a write blocker, imaging from a drive to a network, and, eventually, using F-response to remotely image a drive directly connected to the Raspberry Pi.

This project has been underway for only a short while, and current efforts are focused on exploring the capabilities of the Raspberry Pi to support different methods of imaging. One operating system being considered is a variation of Windows, since Windows is a common system that many people feel comfortable with.  However, the Raspberry Pi is based on ARM architecture that is incompatible with almost all versions of Windows, which are built on an x86 processor. While theoretically possible, it is still unclear how stable that set-up would be. Another option is using Kali Linux as an operating system for the Raspberry Pi, as there is a specific distribution for the Raspberry Pi that can be modified to suit the needs of a forensic investigator.  Alongside operating systems, the team is investigating the use of FTK Imager and the dd command to create images.

This project is still in the development phase, with a lot of exploration and testing still outstanding.  Once the Raspberry Pi is formatted and creating reliable images, then the different set-ups will be introduced and tested.

conclusion

Ultimately, the team hopes to have created a portable disk imaging system for the Raspberry Pi and discovered the possibilities of the device as a forensic tool by the time the project is complete. We would love to hear suggestions as to other questions that the forensic community would be interested in having answered! Leave a comment or contact us on Twitter at @ChampForensics.

LCDI Twitter LCDI Facebook

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment

CyberRange Team: Creating The Perfect Sandbox Environment

The Internet of Things Team: An Inside Look

The Internet of Things Team: An Inside Look

CyberTech: Creating a Safer Internet Through Education

CyberTech: Creating a Safer Internet Through Education

Burlington, Vermont
© Copyright 2024 | Champlain College Incorporated, Burlington, VT | (802) 860-2700 or (800) 570-5858