CLEW: Current Features

From NCSA Security R&D - University of Illinois at Urbana-Champaign

Jump to: navigation, search

NCSA Cybersecurity Directorate

University of Illinois at Urbana-Champaign

Cyberinvestigation Law Enforcement Wizard: Current Features

  • Provides an investigation wizard to guide the law enforcement first responder (LEFR) through the steps of gathering pertinent evidence, including volatile memory. CLEW provides LEFRs with the expertise necessary to navigate quickly and efficiently through a variety of options.
  • Currently supports investigations of email- and IM-related threats, the most common incidents reported to LEFRs. CLEW gives LEFRs a variety of options to help guide him/her in capturing evidence specific to a particular service, like Gmail or Yahoo! Messenger,
  • Enables capture and tamper-proof storage of live data. CLEW's live-capture component is easy to use to capture volatile information that may be critical to an investigation. CLEW has also been successfully integrated with Microsoft COFEE, an automated live data extraction tool used by expert law enforcement across the country.
  • Automatically documents the LEFR's steps in collecting the data. Recording data collection procedure both preserves the chain of custody and aids future investigation.
  • Suggests follow-up steps for configuring the target system to better capture future evidence, such as chat logs, email, and browser data.
  • Provides download capability for analysis by other investigators. CLEW can be loaded easily onto any USB key, and collected data downloaded just as easily.
Retrieved from "http://security.ncsa.uiuc.edu/wiki/CLEW:_Current_Features"
Personal tools