Current computer forensic practices primarily advise analysts to review and search all digital evidence within designated labs. This practice does not take into account the possibility of encryption software being present on the suspect machine. As a result, possible evidence may become unrecoverable to the investigator. This paper will review the current standard operating procedures used by law enforcement, complications with current procedures with regard to encryption, and the design of a free to use utility for law enforcement to facilitate live analysis.
展开▼
