±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34981
New Yesterday: 2 Visitors: 152

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Forensic software flatfile reports?

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Forensic software flatfile reports?

Post Posted: Sat Jan 12, 2019 3:06 am

God morning!

Background:
I have worked as a computer forensic (LE) for 10 years and is now employed as an an analyst (also LE).
My main cases are white collar crimes and tax frauds. I work in one of the larger countries in Europe.
My prime headache is reports from forensic software. Our nearest computer forensic is a 3 hour drive away (4 h with train).
The main workload for our forensics is to "serve the information on a silver platter" and not so much digging for malware and other information.

Case description:
In one case we had 15 computers with roughly 2500 invoices and documents each. All of them more or less relevant to the case. This is not an uncommon case. The main focus is to follow the money and the "paper trail". When I get a report from a seized device it is usually produced from one of the bigger forensic software. It is either in html or pdf- format with clickable links. There is also no easy way to do a keyword or reg-ex search in the attached files.

Question/ wish:
I would like to receive a flat file report (pdf?) that contains metadata (ie path, md5, filename) followed by the actual document that is deemed relevant to the case.

Compare with UFED reader or XAMN spotlight. An easy GUI wich let me search an bookmark document/ spreedsheets which is then included in the report without the annoying clickable links or attached files. Is there such a forensic software?

Is there another method that let me easily sift thru a large amount of information and without much fuzz produce a readable report?

Please let me know if I have missed something or been unclear and I will try to explain further.

Best regards and have a good weekend
// Mort

PS. I have been a member of Forensic focus for a number of years. Because of old age, very selective memory and small kids my credentials for FF somehow disappeared. Hence the new account. DS  

Mortificating
Newbie
 
 
  

Re: Forensic software flatfile reports?

Post Posted: Sat Jan 12, 2019 8:27 am

- Mortificating
Our nearest computer forensic is a 3 hour drive away (4 h with train).


Sounds like somewhat of a challenge.

I would like to receive a flat file report (pdf?) that contains metadata (ie path, md5, filename) followed by the actual document that is deemed relevant to the case.


What format are those documents in to begin with? Some kind of internal format for 'insert invoicing program name here', and that need to be given a printed form? Or print-ready invoices ready to send off to a mass mailer every month, but without any intern structure so that hits for 'NameX' may be for the addresse, the street he lives on, or the city he lives in?

When you say flat file ... do you mean that the format is of no consequence? That is, you're not going to grep it or work on in as a single unit, but only use some reading program ? (I mean, creating a index text file with the information you ask + an internal file name, adding that to a zip file, followed by each document, under the new name would create a flat zip file, but it might not be useful.) And creating a HTML structure on the same lines would not be a flat file, but a directory hierarchy, but it may perhaps be more useful. (unless you wget -warc-file it, and it becomes a web.warc.gz file)

Compare with UFED reader or XAMN spotlight. An easy GUI wich let me search an bookmark document/ spreedsheets which is then included in the report without the annoying clickable links or attached files. Is there such a forensic software?


You mentioned PDF just then. Is that format suitable as input format to you, and for the final report that you deliver?

If it is, it seems that some kind of software that just walks over the input data you get, creating the metadata you mention and (probably) each invoice on a page of its own into PDF, and then merge everything.

Is there another method that let me easily sift thru a large amount of information and without much fuzz produce a readable report?


So what is 'sift'? Ignoring input reports that may not be relevant? Getting the input reports into a particular order? Or ... ?  

athulin
Senior Member
 
 
  

Re: Forensic software flatfile reports?

Post Posted: Tue Jan 15, 2019 2:47 am

Hello!
Thank You for the reply. English is not my native language so I appricate the questions.

I would like to receive a flat file report (pdf?) that contains metadata (ie path, md5, filename) followed by the actual document that is deemed relevant to the case.


What format are those documents in to begin with? Some kind of internal format for 'insert invoicing program name here', and that need to be given a printed form? Or print-ready invoices ready to send off to a mass mailer every month, but without any intern structure so that hits for 'NameX' may be for the addresse, the street he lives on, or the city he lives in?

Reply:
The documents are generally a mix of Excel spreadsheets, Word documents, PDF documents and sometimes OpenOffice documents (*odt) pops up. We have other means to take care of databases from accounting software.

----

When you say flat file ... do you mean that the format is of no consequence? That is, you're not going to grep it or work on in as a single unit, but only use some reading program ? (I mean, creating a index text file with the information you ask + an internal file name, adding that to a zip file, followed by each document, under the new name would create a flat zip file, but it might not be useful.) And creating a HTML structure on the same lines would not be a flat file, but a directory hierarchy, but it may perhaps be more useful. (unless you wget -warc-file it, and it becomes a web.warc.gz file)

Reply:
I guess "flat file" was not the right word. What I would like to have is one file (docx, pdf or something else easy printable) with all information. Keywords and serches are good and I use it a lot. But when it comes to it, a manully inspection of the information is often needed. Faulty OCR recogniton, strange scanning formats to name a few.

----

Compare with UFED reader or XAMN spotlight. An easy GUI wich let me search an bookmark document/ spreedsheets which is then included in the report without the annoying clickable links or attached files. Is there such a forensic software?


You mentioned PDF just then. Is that format suitable as input format to you, and for the final report that you deliver?

Reply:
PDF or docx is a suitable format. I import the report in an investigation system together with other reports and documents (DNA, surveillance photos, crime scene investigations to name a few). It is then compiled to an preliminary investigation report and send to the prosecutors office.

----

If it is, it seems that some kind of software that just walks over the input data you get, creating the metadata you mention and (probably) each invoice on a page of its own into PDF, and then merge everything.

Reply:
Yes. It is exactly what I was thinking about.

----

Is there another method that let me easily sift thru a large amount of information and without much fuzz produce a readable report?


So what is 'sift'? Ignoring input reports that may not be relevant? Getting the input reports into a particular order? Or ... ?[/quote]

Reply:
When I read your reply I noticed that I was very "muddy" in my question. There are a lot of bright people out there and my ideas is far away from the best or brightest. My thought was to be open for other ideas and methods that I have missed or did not think of. Very often there are already a solution hiding in plain sight. Very often a little help where to start look is all that is needed.  

Mortificating
Newbie
 
 

Page 1 of 1