Open source research on the Internet has become an everyday requirement for law enforcement officials. The special requirements of such activity include keeping a useable audit trail, screen capture of static and dynamic content, and document capture. All of these artefacts need to be stored in an evidential container and captured content should be suitably hashed. A report must then be generated from the evidence gathered. At the moment police in the UK use a number of different tools to carry out this process but there is no one tool that meets all of the requirements in an integrated way. This research seeks to fill this gap by creating a bespoke tool in collaboration with the College of Policing that allows one tool to carry out all tasks required for law enforcement to carry out open source internet research as part of a single tool and an integrated process.
Written in C#, this early iteration of the tool automatically logs all websites visited, hashes all screenshots and downloaded files using MD5 for validation, and generates reports in PDF format detailing all activities within the case; allowing for dissemination to other departments/individuals.
Presently, there are no overall guidelines within the UK of which we are aware for how Internet evidence should be gathered. For example, when a website makes an external call to download a JavaScript file, or access the Facebook API, should that be documented within the audit log? How should a tool of this nature deal with dynamic content, such as AJAX?
Future plans for this project include a browser ‘hot-swap’ facility, addition of the ability to screen record browser activity, and to make the tool suitable for international use on multiple-platforms
