Over the past five years, we at Probity have been working on a new approach to digital forensics. A fundamental rethinking of forensic processing based on over 20 years of experience building large scale systems for handling tens of billions of things, petabytes of data and many simultaneous users. We’ve put these hard lessons learned into a framework to tackle the problems of modern forensics. There’s always too much data, too many analytic techniques, too many file formats, too few tool developers, no analytic coordination, too few metrics on effort, and too little time to explain results to normal people.

Truxton is an open solution to core problems in forensics. It uses multiple machines to process the incoming data. All forensic techniques are applied to all the data every time. New capabilities can be added using any programming language. It works with your existing hardware and network architecture, from a single laptop to rooms filled with racks of hardware.

Truxton’s goal is to present information, not data, to many investigators simultaneously from the seized media in a form they can easily understand. Instead of looking at each piece of media (hard drive, SD card, cell phone) individually, analyze all of the media at once as a team. Multiply that most precious of resources, forensic technicians, with automation. Reserve their unique abilities for problems that require a human brain to solve. Attack the backlog!

In the coming articles, we will talk about these core problems, how Truxton treats them and hints of where we’re going.

We’re happy to have you come along with us,