ArcPoint Newsletter, July 2021

Jul 1, 2021 |

DF Industry Happenings

Sandwiched between our participation at Techno Myrtle Beach in June, and Techno Denver coming up in August, ArcPoint had a great experience at the National Technical Investigators’ Association (NATIA) 2021 Annual Training Conference & Technology Exhibition in mid-July. It’s a fascinating conference with participation from law enforcement organizations from all over the country. We got more great feedback on ATRIO and a lot of interest in adding ATRIO to their tool sets from tiny local police departments all the way to some of the largest county and state-level organizations in the nation. (And some national LE agencies, too, of course!)

It’s so fun to meet stakeholders face-to-face at these events to talk about the kinds of investigations they do, how they are managing their digital forensics workloads, and what they need from their tools. We want ATRIO to do what YOU need it to do, and the best way to make sure we hit all the marks is to hear directly from you!

On that topic, ArcPoint has several conference passes available to share with stakeholders for Techno Denver (https://www.technosecurity.us/co), so if you want to go and don’t want to pay the registration fee, give us a shout at info@arcpointforensics.com.


ArcPoint Company and Product News

We are growing! Teamwork makes the dream work! Our small but mighty team has grown from 4 to 6 ½ ! Blake Johnson and Nicole Clements (part-time) have joined Jared and Geng on the ArcPoint development team. Blake is an experienced developer with direct experience the DF environment and with related DF toolsets, while Nicole is an expert in UI and the overall user experience. On the corporate side, Sara Catherine Corbett is teaming up with Amy and Joelle, bringing her organizational and customer relations skills to support business development and marketing administration. There is a lot to do to get ATRIO ready for market, and our new team members are hitting the ground running!

ATRIO progress. Our development team is making great progress in the near-final push to get ATRIO ready for sale. We won’t bore you with the details (because this work is mostly the not-too-sexy backend development stuff), but the upshot is that ATRIO’s output is coming together nicely. Our next focus will be refining that output and ensuring an intuitive reporting format, with well-aggregated data laid out in an easy-to-navigate set of results. We have also added a couple of new features to automatically pull out certain windows-specific evidence items. ATRIO will be ready for full-scale live demo at Techno Denver (August 2-4) and for distribution later in August for stakeholder field testing. Hoping to start pre-sales in August as well, with delivery to our first customers in September. Reach out through our website and get yourself on the list! Component supply shortages affecting the entire industry mean we may have limited inventory to start

Monthly Tech Tip

If you accidentally delete a hard drive or a file and the data hasn’t been written over, you can recover the data using a tool called tsk_recover. This will work when the user has deleted using shift+delete or by deleting and emptying the recycle bin. To do this you’ll need to run the tool from the command line in Linux, you can use a liveboot USB drive like Kali to perform this recovery. If recovering data from a computer you’ll boot to the Linux USB from that computer. If you’re recovering a removable storage drive you’ll plug that into the computer running the Linux live boot. To run tsk_recovery and get the deleted files, make sure to use the -e option. This will recover all files including deleted files. You’ll then run tsk_recover against the partition on the drive that needs to be recovered and you’ll point the recovered output to another hard drive that you provide. You can use fdisk -l to identify the partitions. An example of running this will look like: tsk_recover -e /dev/sda1 /myoutputfolder. Once it runs you’ll find the entire folder structure, to include deleted files sitting in the output folder.