FileTSAR+ dockerized the VM-based FileTSAR toolkit, which was created through a collection of open-source tools and custom code wrappers. Like FileTSAR, TShark was used to reassemble packages, the Elasticsearch database was adopted for indexing and file restoration, and Kibana was used for visualization and queries. Unlike its predecessor, FileTSAR+ is much more lightweight by leveraging the host machine’s infrastructure for most kernel functionalities. As a result, it improved interactivity and significantly increased resource efficiency, specifically we changed the system resources requirement from 20+ virtual machines down to one personal computer/workstation.
This elastic version of FileTSAR analyzes and reconstructs network traffic in a forensically sound manner for authorized law enforcement investigations. FileTSAR+ addresses the concerns of law enforcement agencies with storage, budget, and back-end support limitations.
This project was funded by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice (#2020-DQ-BX-0008). Any statements on this website are those of the authors and do not necessarily reflect the views of the U.S. Department of Justice.
Research team
Kathryn Seigfried-Spellar, Baijian Yang, John Springer, and Marcus Rogers
Purdue University
FileTSAR+ is available to law enforcement for free. Please fill out this form to submit a request to access FileTSAR+.
If you have any questions, please contact us at filetsar@purdue.edu.