A breakthrough from US Forensic Imaging company CyanLine has allowed investigators to reveal the true number of times a hard disk has been in active use and when it was first activated.

CyanLine's  Fast Disk Acquisition System (FDAS) exposes vital metadata from the disk controller that reveals information previously thought unavailable.

“The discovery of this new information can be utilised in nearly every case that uses computer forensic imaging as evidence,” said Steven Branigan, founder of CyanLine and forensic scientist. “The information from FDAS can be used to confirm or overturn cases, if the metadata aligns with their claims.”

Cyber crime suspects can buy brand new drives and copy only the ‘evidence’ they want investigators to see, according to Branigan.

“Forensic investigators can search a suspect’s metadata, and if they find that the drive was in use for just 20 hours, but the computer is three years old, it shows that evidence was not only tampered with, but it was also hidden elsewhere,” he added.

Branigan states that the biggest problem in digital forensics cases are that lawyers and investigators have not known to look for metadata, nor realise that suspects can and will replace their disk drives to hide evidence.

“FDAS not only provides a faithful copy of the evidence disk, but it also provides information about the disk drive itself. It is this data can be used to determine age and usage of the disk,” Branigan said.

Lawyers and investigators can now use FDAS to confirm that the data under review is, in fact, the right data.

CyanLine says that FDAS is the only forensic imaging system that reports on this key metadata, which not only adds value, but also offers evidence that can crack and close a case. For more information, visit http://www.cyanline.com.