The world’s smallest cyber crime investigation device was released in Pune on Saturday 28th August, 2010 by Hon’ble Justice Rajesh Tandon, Chairperson, Cyber Appellate Tribunal, New Delhi.
Code-named pCHIP, this Portable Mega Investigation & Forensic Solution is delivered in two versions - on a USB device and on a micro SD card.
pCHIP runs from a USB drive / micro SD card without installation on the suspect PC. It captures relevant volatile evidence from a live (switched on) computer. It has an extremely easy-to-use interface and provides detailed reports.
|Volatile Evidence Recovered by pCHIP
The pCHIP retrieves crucial volatile digital evidence from the suspect computer and generates 38 reports at the click of a button.
Password & Encryption handling by pCHIP
USB History detection by pCHIP
Cloning and Imaging by pCHIP
pCHIP has been designed by Asian School of Cyber Laws & Data64 Techno Solutions Pvt. Ltd.
Data64 Techno Solutions Pvt. Ltd. is incubated by Science & Technology Park, a STEP promoted by Department of Science & Technology, Government of India.
Asian School of Cyber Laws is a global leader in education, training and consultancy in cyber law, cyber crime investigation and digital forensics.
|Mr. Debasis Nayak, Director, Data64 Techno Solutions Pvt. Ltd. said:
It is widely believed that computer forensic investigations must be carried out on static data and never on live systems.
This usually means that the investigator would first pull the plug on any live machine and then physically remove the hard disk(s). This hard disk would then be imaged and subsequently the image would be analyzed.
We believe that such an approach is flawed. In many cases, it is prudent for an investigator to first carry out preliminary investigations on the live system and then pull the plug.
Some of the reasons for this approach are:
1. In many computer attacks, the evidence may be only in the computer memory and not in any files on the hard disk. Pulling the plug or shutting down such a computer may destroy the evidence.
2. If the suspect is using cryptography to secure his data, then pulling the plug may mean that the data will no longer be available in an unencrypted format.
3. The suspect could configure his computer to clear the paging file automatically on shutdown. This would cause a lot of evidence to be lost.