X-Ways X-Tension C4...
 
Notifications
Clear all

X-Ways X-Tension C4All users-More formats/cets/pic-vid lib

24 Posts
4 Users
0 Likes
2,753 Views
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

C4All is a program used by law enforcement and others to categorize pictures and videos.

This X-Tension is for Users of C4All. The guides that are included describe how to best use the X-Tension with the Strategy hash sets , but your own hash sets can be used. Also it is based on the file types (video and pictures) that C4All presently uses and searches for.

With this X-Tension, you will be able to process with the speed of X-Ways, and be completing most of the C4Prep stage all at once (like skin tone % and video stills).

Benefits of the X-Tension
-speed, fewer steps to follow than original C4All process
-even faster if ran locally and saved locally. upto 30GB min speeds on SSD drives observed.
-crash protection. Use X-Ways ability to resume if there is a crash during preparation of data.
-If X-Tension is interrupted there is the option to resume, start new or if needed just make new XML file
-ability to filter out irrelevant files and false positive carved files before C4All extraction.
-Hash sets are connected to X-Ways and not SQL server. This allows for known irrelevant or good files to be excluded from extraction. Also SQL Express can be used (free) as the only database used would be a local database and would not grow to be to large.
-These hash sets are transferable by simply copying the folder and pointing X-Ways to storage location. No need to wait all day for Database to be created.
-ability to use your own hash sets. upto 65,000+ separate hash sets.
-Better resulting folder structure, especially when run against many evidence objects in one case.
-Results can be extracted from C4All in hashkeeper format to be easily brought back in to X-Ways case. no need to run Encase book marking enscript.
-thumbnails are extracted from files that include thumbnails or are created by X-ways due to original picture size. If thumbnails exist in a file it is not used twice, reducing duplicate files.
-When processing, all functions of X-Ways are available during X-Tension run phase.
-Able to use X-Ways reporting features for court and presentation.
- video stills extracted using free mplayer or forensic framer from within X-Ways

Below are links to the X-Tension and guides on how to use it. If you are part of the Strategy and need the hash set, please contact Trevor at the Ontario Provincial Police or obtain from the C4All forum. guide updated 5 November 2015 now in power point and pdf version
In the guides there is also information on how to use your own hash sets and including extracting them from your SQL server.

the latest version can always be found at http//info.jedsontech.com/revision-history

All versions of X-ways to use latest version posted
22 June 2016
New Version 3.6.8.
use X-Ways 18.8 sr8 or higher
- many fixes
- results.txt refined to properly reflect extracted files. now file count is accurate and includes total for thumbnails.
-can support up to 20 categories if needed.

8 April 2016
Version of X-Tension 3.6.6.m
-many fixes and updates since last posted version.
-this shows as limited version, but has all functionality of previously posted versions
-if using with C4All client , make sure you are using the latest posted version from their webiste. (at time of posting was 2.0.9)

note that the XML produced works with C4All, NetClean (Griffeye Analyze) and Lace BlueBear.

Version of X-Tension 3.6.5.j
5 November 2015
**please use this version with all versions of X-ways from 18.3 and later*************
-minor tweaks and updates.

X-Tension version 3.6.5.h
September 15 2015
This fixes 'Primary Key must be unique' issue that was introduced in version p.
- More handling of illegal characters caused by utf-16 surrogate pairs.
There will be, in the future, additional features of the X-Tension that will be unlocked by software key. This version will run as expected without the use of key. But if an unlock key was present would offer the enhanced feature set.

please contact me if a 32 bit version is needed

April 9th 2015
New Version of X-Tension Version 3.6.4.m
- issue being caused by control characters in folder paths. this has been corrected in the same manner as file names with control characters.

Also here is a 'File Type Signature Search C4All Files.txt' file. Please copy this to your X-Ways install folder. This will create a group with all supported file types supported by C4All as well as added Zip, Rar and 7Zip to the list. updated 5 november 2015
download - https://www.dropbox.com/s/5mljh1950funs3r/File%20Type%20Signatures%20Search%20C4All%20Files.txt?dl=0

Update Mar26, 2015
New Version of X-Tension 3.6.4.l
-added functionality to include the video stills (frames) of all files not just Category 1, 2 or Unknown. There is a check box 'Include Video Stills from Irrelevant Parents' when checked videos stills will be extracted even, if the parent video is not included. This is to used be when the button 'Omit Files classed as irrelevant' is NOT checked.
-minor tweak

Update Mar26, 2015

New version of X-Tension 3.6.4.k
-Corrected issue with illegal extended UTF-16 characters in metadata (any striped characters now show as '«' instead of ?)
-More efficient parsing of Metadata
-minor tweaks.

Update Mar 24, 2015

New version of X-Tension 3.6.4.J
-Corrected issue that could arise when creating paths in XML that included Extended UTF-16 characters in paths/parent files names. illegal characters will be replaced with '?'
-previous fix included that corrected issue when using the 'never copy' option to create a new/different XML paths were not created correctly (only affected never copy option)

Update February 10, 2015
New versions of X-Tension to be used by all version of X-ways v18.0 sr7 and later
Many raw formats previously not included in C4All added

leadtooldcf.dll required to be put in folder 'C\Program Files\C4All Strategy\C4All 2.0' along with other leadtools dlls
link to leadtooldcf.dll download - please become a member at C4All forum as dll is registered and i am not owner
(this dll will be included in version 2.0.3 of C4All Categorizer when released.)

changes
-fixed exception that would cause no files to be added to folders if " " (blank spaces at end of evidence object name) Windows error blocking writes.
-Added extraction of raw formats
ARW, SR2, SRF Sony Digital Camera RAW format
DNG Adobe Digital Negative Format
CR2, DNG Canon Digital Camera RAW format
RAF Fujifilm Digital Camera RAW format
NEF, NRW Nikon Digital Camera RAW format
ORF Olympus Digital Camera RAW format
RW2, RAW Panasonic Digital Camera RAW format

These formats will now be extracted from X-Ways and added to the C4All XML. C4All categorizer will now properly view these files with full quality.
(use dll if C4All version less than 2.0.3, dll will be included with Trevor's next release)
-other minor fixes/updates.

Update 15 Jan 2015 -
Version 3.6.3.j

changes
The following characters which are not accepted by Windows for folder/file names will be replaced as follows in the ‘Case Name’
· / becomes -
· becomes ;
· * becomes +
· ? becomes -
· | becomes -
· \ becomes -
· < becomes {
· > becomes }

These changes only pertain to the report folder path that is created for the current case. The case name reported in the results and XML files will contain the original characters entered into X-Ways.

Update 14 Jan 2015 - Ver 18.1 users must use
Version 3.6.3.i

-fix for change to API introduced in ver 18.1. this change is backward compatible for previously supported releases.
-fix to properly extract files of interest from Volume Shadow copies (if VSC processed)
-fix to properly create report tables in results.txt file. now any version of 'cat #' or 'category #' can be used.
Example —- 'cat 1', 'CaT 1' 'CATEGORY 1' , 'category 1' are all the same. any variation of upper and lower case will work.
-new rasterize feature is visible with toggle switch. At this point please do not use. This is there to potentially create a 'signatures.dat' file in future releases.(like c4prep) At this point if pressed it will only increase length of time to process as each picture is being fully raterized in the background.

version 3.6.2.d
This update changes the way the video stills are treated when extracting movies.
-now video stills are extracted if the parent movie is extracted, regardless of whehter
the video still has been type verified.
both 32 bit and 64 bit version included.

previous release 3.6.2.c
-Fixed issue with extended character support of UTF-16 in XML. should show all but those 0xD800 – 0xDFFF characters.
-Adds the functions of 3.5.12.k as well as option to create a Picture/video library based on MD5 hash value as name and the option to include not confirmed files when extracting pictures and movies. (before the file had to have a type status of Confirmed or newly identified. see post from 27 September in this thread for more details)
- 3.5.12.k
option to include or not include metadata in XML
-The option to run against multiple evidence objects and better naming of folders in c4all folder tree.
-CETS users have toggle to create a CETS XML or not.

Steps to prepare and run C4All X-Tension powerpoint version
https://www.dropbox.com/s/9101j9fzunmu8qq/C4All%20X-Ways%20X-Tension%20-%20Final.pptx?dl=0

PDF version of steps guide. recommended to use Pwoerpoint as movies and slides appear slightly different.
https://www.dropbox.com/s/w2yol2pgcknbl5x/C4All%20X-Ways%20X-Tension%20-%20Final.pdf?dl=0

I recommend downloading both guides. both Udpated November 2015

Links to Youtube videos to run X-Tension
https://www.youtube.com/watch?v=HP6DTzpG0KI - part 1 of 3
https://www.youtube.com/watch?v=zCIcrA9CldI - part 2 of 3
https://www.youtube.com/watch?v=53cLlcogr40 - part 3 of 3

This is provided free to any user to be used with X-Ways Forensics.

 
Posted : 10/06/2014 9:07 pm
rjpear
(@rjpear)
Posts: 97
Trusted Member
 

Thanks Fine folks at OPP!…always putting out great stuff..

Rob

 
Posted : 12/06/2014 3:10 pm
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

-)
Trevor is with OPP. I am not.
But thank you
Derek

 
Posted : 12/06/2014 4:10 pm
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

Excellent OPP software - I am pleased to say that Reconnoitre has worked with C4ALL for about 18 months now (including the ability to easily resolve a graphic carved in a VSC back to the actual file within the VSC).

 
Posted : 13/06/2014 4:13 am
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

Thanks goes to Dennis for creating a C4All category for use with the "File Type Signature Search.txt' file.
Just append the contents of the linked file to the 'File Type Signature Search.txt' file in the X-Ways install directory and a new category to select all the C4All files in one click has been added.

Download link to 'c4all category for file header signature search.txt' http//1drv.ms/1q9bMa6

Derek

 
Posted : 25/06/2014 6:43 pm
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

A separate file based on Dennis' C4All category for File type signature searching. copy this file to the install directory of X-Ways. http//1drv.ms/TZ8Grl
This file does not get overwritten during updates and works the same, allowing one click to select all relevant C4All file types.

Derek

 
Posted : 08/07/2014 1:19 am
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

MD5 hash file manipulator to be used with C4All X-Tension
http//www.forensicfocus.com/Forums/viewtopic/t=12040/

This will help maintain your hash sets as well as removing duplicates or records that are wrong hash set.

Derek

 
Posted : 08/08/2014 11:36 pm
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

Added CETS compatibility.

For CETS Users here are some extra instructions

For use with CETS
1. This will provide a generic "CETS Media Manifest.xml" file

2. This generic file will not include the digital signature InvestigationID, ManifestID, or CategorizationID. However, the CategorizationID can be added manually.

3. With the CETS Media Uploader you can "re-sign" the manifest file if you use "adminmode" of the CETS Media Uploader.

To enter into Admin Mode
1. Right Click on "CETSMediaUploader.exe"
2. Select Sent To, Desktop (create shortcut)
3. Locate the shortcut on your desktop
4. Right Click on the shortcut and select Properties
5. In the Target Field append to the end of the line(after the closing ") -adminmode
6. Double click the edited Short Cut

When you launch the CETS Media Uploader in Admin Mode you will a new button to "Sign Manifest" file.
Clicking on the button will bring up a dialogue window to manually select a user and the related investigation.

Keep in mind, that you must manually cut and paste your Categorization settings into the XML file.

Also there have been a few changes made to Detailed steps. Please re-download.
As well there has been a change to the C4All signature search file . re-downlod from link to get latest. 1drv.ms/TZ8Grl
It fixes an issue that may cause slow down while carving certain types of JPEGs..

Derek

 
Posted : 15/08/2014 9:55 pm
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

New version of X-Tenision

3.6.2.a http//1drv.ms/1rrCJ7s

Changes
-adds the functionality to create a picture/video library.
-adds the ability to extract pictures or movies that are type status of 'not confirmed'
(this was added as there are so many variations of avi formats, that even some valid working movies were not 'confirmed')
If the user does not want these files, they can be filtered out and the X-Tension run excluding filtered or excluded files

Derek

 
Posted : 28/09/2014 1:09 am
(@f111th)
Posts: 29
Eminent Member
Topic starter
 

Update October 19 2014

download link to version 3.6.2.c 1drv.ms/1prWU2h
-Fixed issue with extended character support of UTF-16 in XML. should show all but those 0xD800 – 0xDFFF characters.
-Adds the functions of 3.5.12.k as well as option to create a Picture/video library based on MD5 hash value as name and the option to include not confirmed files when extracting pictures and movies. (before the file had to have a type status of Confirmed or newly identified. see post from 27 September in this thread for more details)
- 3.5.12.k
option to include or not include metadata in XML
-The option to run against multiple evidence objects and better naming of folders in c4all folder tree.
-CETS users have toggle to create a CETS XML or not.

 
Posted : 20/10/2014 4:02 am
Page 1 / 3
Share: