SEIZED

Evidence Preservation Tool

This simple but effective program is designed to limit access to computers that have been seized as evidence. All too often, 'resident computer experts' get curious and attempt to operate seized computers in hopes of finding clues or evidence. These individuals many times are not trained in computer forensics and are therefore unfamiliar with proper computer evidence processing procedures. They typically don't know that even the mere running of a computer system can overwrite evidence stored in the Windows swap file and/or in erased file space. This program was written to help prevent these common problems and its uses are described in Computer Forensics, Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser, Cyber Crime Investigator's Field Guide by Bruce Middleton and Cybersecurity Operations Handbook by Dr. John W. Rittinghouse and Dr. William M. Hancock.

When the Seized program is operated, it locks the computer system and displays a message on the screen advising the computer user that the computer contains evidence and it should not be operated without authorization. The program was designed to be installed on a DOS system diskette for placement in all floppy diskette drives on the computer system. The program is called from an AUTOEXEC.BAT file configured to call the program. Once the program has been called it locks the computer and displays the warning message on the screen. Please note that this methodology may not work effectively if the seized computer is configured to boot from the computer hard disk drive. Therefore, a knowledgeable computer forensic specialist should configure system diskettes to boot with the automatic operation of the program. The computer specialist should also examine the content of CMOS to insure that the computer will boot from a floppy diskette rather than a hard disk drive.

SEIZED Program - Primary Uses:

Used to aid in the preservation of computer evidence.

Provides the computer user with an audible and visual warning that the subject computer has been seized as evidence. It also warns them to cease operation and locks the computer keyboard.

Provides the computer user with the name and phone number of the computer specialist who seized the computer. This information is embedded in the program by NTI.

SEIZED - Program Features and Benefits:

DOS based for ease of use on a single floppy diskette.

No Software Dongle! - We know that software dongles get in the way and they restrict your ability to process several computers at the same time. That is why NTI does not use software dongles and our licensing of this software allows you to process multiple computers at the same time. NTI's goal is to make your life easier and this software was designed with ease of use in mind.

Compact program which easily fits on any system formatted floppy diskette.

Provides visual and audible alerts warning that the subject computer contains evidence.

Prevents the operation of the computer.

Clearly displays the name and phone number of the computer specialist who seized the computer as evidence.

Can not be bypassed by pressing the (Control C) or (Control Break) keys.

Provided free to law enforcement agencies to help with limited budgets.

Back To NTI's Home Page