This project focuses on using a Raspberry Pi for mobile imaging in a digital forensics setting. A Raspberry Pi is a programmable, micro single card computer featuring I/O pins that allow the card to control other hardware. By building a mobile imaging station around this device, our team has a more compact method imaging drives, an essential part of any digital forensics investigation.
Analysis of Raspberry pi
We have been working to get our drives set up with data generation files for consistency. We have an 80GB drive, a 500GB drive, and a 1TB drive. We created a data generation sheet consisting of different tasks that we need to complete on the computer to create user data on the machine (watching videos, using different web browsers, downloading data). When that is completed, we will have to take the drive and use FTK Imager to create an image file. With the Raspberry Pi, we should be able to take the image off of the project drive and verify that the newly copied image and the original image have the same hash values. This can assure us that none of the data has been changed since transfer, which would keep the integrity of the drive admissible in court. We have also been preparing for TechJam, making our presentations and trying to find a different way to present our project to individuals looking for another way to use the Raspberry Pi, other than just having to use the command line and a large series of commands.
We will be sharing our progress and findings in future blog posts throughout the coming months. If you have questions or comments about the project, you can leave a comment or contact the LCDI via Twitter @ChampForensics or via email at email@example.com.