AFRL’s Fast, Secure Forensic Suite Moves to Commercial Market Published April 2, 2012 By Brandie Woodard Informaiton ROME, New York -- The Air Force Research Laboratory's OnLine Digital Forensic Suite (DFS) Small Business Innovation Research (SBIR) effort resulted in the commercialization of ATC-NY's OnLineDFS™ using ATC-NY's Mobile Forensic Platforms (MFP) SBIR technology. OnLineDFS aids investigators and administrators with the forensic task of system assessment following a suspected intrusion or internal security issue and the potential compromise of a host. It can be quickly deployed on any network to perform remote forensic investigation of a running system with very high assurance of security. No software needs to be preloaded on the target machines. A web-based interface allows the investigator to connect to OnLineDFS and manage an investigation from anywhere using a wide variety of web browsers and operating system (OS) platforms. The connection, which does not need to be high speed, is encrypted via the Secure Sockets Layer (SSL) protocol. Analysis with OnLineDFS is forensically sound, employing accepted best practices to document all actions, preserve the integrity of evidence, and maintain the chain of custody. Data is stored in non-proprietary formats, making OnLineDFS work easily with third-party tools. After completion of AFRL's SBIR Phase II, ATC-NY and its parent company, Architecture Technology Corporation, formed a new company named Cyber Security Technologies (CST) Corporation to launch the OnLineDFS into the commercial market. Both Architecture Technology and CST have invested significant financial resources in marketing OnLineDFS and further enhancing it. It is now on its fourth major release. OnLineDFS is in use in federal, state, and local law enforcement agencies in the United States and internationally, and in public and private sector enterprise security operations. OnLineDFS is a low-cost alternative for information technology (IT) security organizations that need to conduct investigations of live computers over their internal networks. It is also an ideal product to integrate with other security technologies, such as firewalls, intrusion detection systems, security information and event management products, to automatically initiate investigations of suspect computers when possible security breaches are detected. Because OnLineDFS does not rely on pre-installed agents, it is very simple and inexpensive to deploy, maintain and use in response to an incident, on new networks/machines, and on a wide variety of target operating systems.