recommended reading

Tool will help TSA connect the dots among scattered pieces of digital evidence

Sergey Nivens/

The Transportation Security Administration has awarded a contract for technology to mine digital evidence scattered across emails, the cloud, hard drives and digital files stored in the agency’s internal network, according to the system developer.

The tool digests huge volumes of disorganized information, known as big data, according to officials from software firm Nuix.

The company was not authorized to speak to the types of investigations that the technology will help TSA pursue.

TSA’s Focused Operations Branch expects to use the technology for after-the-fact investigations, not screening would-be hijackers -- although agency officials recently said that is a big data effort TSA might pursue.

This type of forensics investigation involves sorting hard facts already collected, and strewn across incongruent data sources, to build solid cases.

“Hypothetically, if they have an individual they have profiled in the past digitally or digital information on previously profiled individuals, Nuix could provide visibility into additional connections to other people,” said Peter Morse, U.S. public sector director for Nuix.

TSA officials could not comment in time for publication.

Generally, investigators use evidence synthesized by such software to convict criminals, or to piece together proof of ongoing criminal activity, Morse said.

Investigators for the Internal Revenue Service’s Criminal Investigation division, Health and Human Services Department inspector general, and Immigration and Customs Enforcement, for example, cull evidence of fraud with the software.

According to TSA’s contract specifications, the technology must be able to crunch up to 1.5 terabytes daily, or the amount of paper made from 75,000 trees.

Here is how it works: With the software, a federal agent can find out who an individual has emailed incriminating information to, based on seized computers, while simultaneously inferring which websites that individual has visited based on cloned hard drive data. At the same time, the agent can be examining the timestamp on a digital photo file retrieved from a smartphone to determine where the suspect was on a certain date.

The technology does not intercept emails, wiretap smartphones or perform other types of real-time surveillance. Rather, it extracts emails, digital recordings or other communications and files that an agency has collected in the past, Morse said.  

The contract cost was not disclosed.

(Image via Sergey Nivens/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.