±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 4
Overall: 27872
Visitors: 50

±Forensic Focus Partner Ads

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

X-Ways X-Tension C4All users-CETS & pic/vid library option

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3  Next 
  

X-Ways X-Tension C4All users-CETS & pic/vid library option

Post Posted: Tue Jun 10, 2014 10:07 am

C4All is a program used by law enforcement and others to categorize pictures and videos.

This X-Tension is for Users of C4All. The guides that are included describe how to best use the X-Tension with the Strategy hash sets , but your own hash sets can be used. Also it is based on the file types (video and pictures) that C4All presently uses and searches for.

With this X-Tension, you will be able to process with the speed of X-Ways, and be completing most of the C4Prep stage all at once (like skin tone % and video stills).

Benefits of the X-Tension
-speed, fewer steps to follow than original C4All process
-even faster if ran locally and saved locally. upto 30GB min speeds on SSD drives observed.
-crash protection. Use X-Ways ability to resume if there is a crash during preparation of data.
-If X-Tension is interrupted there is the option to resume, start new or if needed just make new XML file
-ability to filter out irrelevant files and false positive carved files before C4All extraction.
-Hash sets are connected to X-Ways and not SQL server. This allows for known irrelevant or good files to be excluded from extraction. Also SQL Express can be used (free) as the only database used would be a local database and would not grow to be to large.
-These hash sets are transferable by simply copying the folder and pointing X-Ways to storage location. No need to wait all day for Database to be created.
-ability to use your own hash sets. upto 65,000+ separate hash sets.
-Better resulting folder structure, especially when run against many evidence objects in one case.
-Results can be extracted from C4All in hashkeeper format to be easily brought back in to X-Ways case. no need to run Encase book marking enscript.
-thumbnails are extracted from files that include thumbnails or are created by X-ways due to original picture size. If thumbnails exist in a file it is not used twice, reducing duplicate files.
-When processing, all functions of X-Ways are available during X-Tension run phase.
-Able to use X-Ways reporting features for court and presentation.
- video stills extracted using free mplayer or forensic framer from within X-Ways

Below are links to the X-Tension and guides on how to use it. If you are part of the Strategy and need the hash set, please contact Trevor at the Ontario Provincial Police or obtain from the C4All forum.
In the guides there is also information on how to use your own hash sets and including extracting them from your SQL server.

Update 15 Jan 2015 - All versions of X-ways to use this version. 18.1 users please use this X-Tension
Version 3.6.3.j
download link www.dropbox.com/s/mzqr...j.zip?dl=0 (link fixed)

changes
The following characters which are not accepted by Windows for folder/file names will be replaced as follows in the ‘Case Name’:
· / becomes -
· : becomes ;
· * becomes +
· ? becomes -
· | becomes -
· \ becomes -
· < becomes {
· > becomes }

These changes only pertain to the report folder path that is created for the current case. The case name reported in the results and XML files will contain the original characters entered into X-Ways.


Update 14 Jan 2015 - Ver 18.1 users must use
Version 3.6.3.i
download link for 32 bit version www.dropbox.com/s/y08l...i.dll?dl=0
-fix for change to API introduced in ver 18.1. this change is backward compatible for previously supported releases.
-fix to properly extract files of interest from Volume Shadow copies (if VSC processed)
-fix to properly create report tables in results.txt file. now any version of 'cat #' or 'category #' can be used.
Example ---- 'cat 1', 'CaT 1' 'CATEGORY 1' , 'category 1' are all the same. any variation of upper and lower case will work.
-new rasterize feature is visible with toggle switch. At this point please do not use. This is there to potentially create a 'signatures.dat' file in future releases.(like c4prep) At this point if pressed it will only increase length of time to process as each picture is being fully raterized in the background.

version 3.6.2.d
This update changes the way the video stills are treated when extracting movies.
-now video stills are extracted if the parent movie is extracted, regardless of whehter
the video still has been type verified.
both 32 bit and 64 bit version included.

previous release 3.6.2.c
-Fixed issue with extended character support of UTF-16 in XML. should show all but those 0xD800 – 0xDFFF characters.
-Adds the functions of 3.5.12.k as well as option to create a Picture/video library based on MD5 hash value as name and the option to include not confirmed files when extracting pictures and movies. (before the file had to have a type status of Confirmed or newly identified. see post from 27 September in this thread for more details)
- 3.5.12.k
option to include or not include metadata in XML
-The option to run against multiple evidence objects and better naming of folders in c4all folder tree.
-CETS users have toggle to create a CETS XML or not.

Steps for c4all X-tension updated November 2014.doc
www.dropbox.com/s/sfd3...4.doc?dl=0

Steps to prepare and run C4All X november 2014.doc
www.dropbox.com/s/23ts...4.doc?dl=0

I recommend downloading both guides. ***both Udpated November 2014***



Links to Youtube videos to run X-Tension
www.youtube.com/watch?v=HP6DTzpG0KI - part 1 of 3
www.youtube.com/watch?v=zCIcrA9CldI - part 2 of 3
www.youtube.com/watch?v=53cLlcogr40 - part 3 of 3

This is provided free to any user to be used with X-Ways Forensics.  

Last edited by f111th on Fri Jan 16, 2015 5:54 am; edited 11 times in total

f111th
Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Thu Jun 12, 2014 4:10 am

Thanks Fine folks at OPP!...always putting out great stuff..

Rob  

rjpear
Senior Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Thu Jun 12, 2014 5:10 am

Smile
Trevor is with OPP. I am not.
But thank you
Derek  

f111th
Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Thu Jun 12, 2014 5:13 pm

Excellent OPP software - I am pleased to say that Reconnoitre has worked with C4ALL for about 18 months now (including the ability to easily resolve a graphic carved in a VSC back to the actual file within the VSC).
_________________
Paul Sanderson
Forensic Toolkit for SQLite
Like and share FB Page for a chance to win a licence
www.facebook.com/SQLiteToolkit 


Last edited by PaulSanderson on Thu Jan 15, 2015 2:33 am; edited 1 time in total

PaulSanderson
Senior Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Wed Jun 25, 2014 7:43 am

Thanks goes to Dennis for creating a C4All category for use with the "File Type Signature Search.txt' file.
Just append the contents of the linked file to the 'File Type Signature Search.txt' file in the X-Ways install directory and a new category to select all the C4All files in one click has been added.

Download link to 'c4all category for file header signature search.txt' 1drv.ms/1q9bMa6

Derek  

f111th
Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Mon Jul 07, 2014 2:19 pm

A separate file based on Dennis' C4All category for File type signature searching. copy this file to the install directory of X-Ways. 1drv.ms/TZ8Grl
This file does not get overwritten during updates and works the same, allowing one click to select all relevant C4All file types.

Derek  

f111th
Member
 
 
  

Re: X-Ways X-Tension for C4All users

Post Posted: Fri Aug 08, 2014 12:36 pm

MD5 hash file manipulator to be used with C4All X-Tension
www.forensicfocus.com/...c/t=12040/

This will help maintain your hash sets as well as removing duplicates or records that are wrong hash set.

Derek  

f111th
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 3
Go to page 1, 2, 3  Next