A school resource officer (SRO) and an administrator reviewing content on school-issued tablets. A soldier doing a field check on a computer recovered at an improvised explosive device (IED) explosion site. A police officer doing a “knock and talk” investigation. A computer forensics expert doing triage on a number of suspect computers. A federal agent searching for intelligence related to counterterrorism activities. And a probation and parole officer, checking up on a sex offender’s Internet use.
What do they all have in common? They’re all using Field Search, the free forensics software provided by the Justice Technology Information Center (JTIC).
When the National Law Enforcement and Corrections Technology Center (NLECTC) System began providing Field Search in 2006, probation and parole agents who needed a nontechnical tool to check up on client computers while in the field made up the target audience. As the software has morphed through five iterations — the most recent (5.0) released in 2016 — more and more users in a wider variety of criminal justice fields and including those involved in school safety, and even the U.S. military, have found that Field Search meets needs far beyond the suite’s original scope.
Field Search, provided by JTIC to only vetted active professionals, allows users to quickly and efficiently search a target computer and create a detailed report of the findings. Originally developed with funding from NIJ and since upgraded by the developers at no charge to the federal government, Field Search can be launched from a USB drive and works live on a suspect computer to quickly find potential evidence such as Internet histories, images, multimedia files and results from text searches.
For Version 5.0, the software developer completely recompiled, recoded and rebuilt Field Search to improve its compatibility with today’s hardware and software. Although those changes aren’t apparent to the end user, the end result still allows the software to run a complete scan of a hard drive, analyze the contents and produce a report in less than an hour – even though the hard drives of 2016 are much larger than those of 10 years ago, and even though the Field Search of 2016 has vastly expanded capabilities compared to those of the original version.
“Field Search was originally developed Field Search to help monitor sex offenders and protect children,” says Joe Russo, the JTIC corrections technology subject-matter expert who has worked with the software since its initial development. The developers have also provided numerous train-the-trainer sessions to criminal justice professionals over the years, equipping them to return to their agencies and share their knowledge as Certified Field Search Instructors. “As its use expanded into school safety and law enforcement, military, border security and counterterrorism arenas, we realized the need and importance of providing quality tools for nontechnical users at no cost, and even after the initial funding ended, we remain committed to this project because it’s the right thing to do.”
Although many of Version 5.0’s changes run behind the scenes, it includes a number of new features and upgrades that will directly benefit users. One of the most significant expands the keyword search function to include the capability to search for a word or phrase in any language. Not just any language that uses the Latin alphabet; that function came with Version 4.0 in 2012 (see “In Any Language, Field Search Translates to Success,” TechBeat, Summer 2012, https://justnet.org/InteractiveTechBeat/summer_2012/FieldSearch.pdf.) Rather, Version 5.0 adds the capability to query in any language spoken on this planet, whether it uses the Latin alphabet, the Arabic, Cyrillic or Eastern language characters, or anything else.
A second major change adds chat history tools to allow users to examine activity for Skype, Windows Live, ICQ and Yahoo Messenger. The tool provides information on who the user sent messages to, what they said and when they said it. Another new addition is a search function that provides the ability to scan a drive for hits against HASH sets. A HASH, Russo explains, is a virtual “fingerprint” of a computer file. Each computer file, via a mathematical algorithm, produces a unique set of letters and numbers that identifies it; change one letter in a file or one pixel in a picture, and the file generates a new HASH. The National Center for Missing and Exploited Children maintains a HASH database of all known child pornography files, and if a law enforcement agency has access to that database, analysts can use Field Search to compare the files on a computer hard drive and locate matches. This function can also tell probation and parole officers if clients have downloaded software they are not permitted to access.
Yet another significant change makes Field Search fully compatible with Windows 8 and 10, as well as the most current versions of Internet Explorer, Edge, Opera, Chrome and Mozilla Firefox. The software maintains compatibility with older versions as well.
Additional new features/upgrades include:
“The upgraded Field Search software allows agencies access to an easy-to-use, yet powerful, forensics tool, and the best part is that it is completely free,” he says. “We are deeply indebted to the developers for their tireless dedication to the Field Search effort. They both have a deep desire to support public safety and have each volunteered countless hours to improving Field Search and keeping it viable.”