Password Protecting XRY Files

Hello. My name is Greg Masterson. I’m a tech sales engineer with MSAB. Welcome to XRY in 5. So in today’s XRY in 5 video, we’re going to be talking about password protecting our evidence. The idea of password protecting evidence files is something that most examiners could benefit from, and examiners’ reasons for password protecting and encrypting their evidence vary greatly. But whether it’s to streamline your testimony on the stand, when evidence integrity questions arise, it’s for accreditation of your lab, or it’s just peace of mind when providing evidence to investigators on USB drives and external hard drives, you’ll have that peace of mind that prying eyes will be unable to see that evidence without the password and the proper software.

So now you’ve made the decision to protect those files and you want to implement, so XRY has you covered, in that it makes it very simple to password protect those evidence files, and we’re going to show you how.

So I have my version of XRY on the screen and I’m going to click “Extract” to begin an extraction. I will plug my phone in for auto-detection and keep it simple. It’s identified it as a Nokia 6 Dual SIM. You’ll get a familiar extraction setup screen, showing the expected actions for this examination and extraction. We also got some pre-scanned data about this device prior to extraction.

So we’re going to choose Logical to go on to the next step. We’re going to skip the “Specify time span” and “Specify category” screens. You could find information about both of those in a different XRY in 5 video. We’ll skip the Python scripts. We don’t need them for this purpose.

And finally, we come to the “File details” screen. So I will put my information — the operator’s information — in there, and maybe my exhibit ID. And you see here, “Protect with a password.” If I choose to protect this with a password, the next step will be then asking me what password I want to apply. I often keep the passwords the same for both, and we’ll make them XRY and XRY. Pressing on the “eye” allows you to see what your password is momentarily, to make sure they match. And for this particular file, I’m also going to add the same password and click “Next.”

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

You can see here that you have the ability to both choose a password for the case as a whole, a case containing multiple XRY files. We’re only doing one phone right now, and it may be added to a case. So we might want to password protect the whole case. However, we could also protect the individual XRY file. Why is this? Because if you have an XRY file from a old narcotics case, and now you’re working a more recent narcotics or homicide case, you may in fact want to add an XRY file from another case to cross reference it with information in this case. Maybe there’s some commonality of suspects or information. We can maintain evidence integrity by consistently applying passwords to individual files as well, for just this kind of occasion where it might be used in another case.

And the extraction will continue. And at the end, after attempting to open this file in XAMN to review it, I will be prompted for a password, which I’ll show you here in a minute. So before we open up XAMN and show you that prompt for the password, I just want to show you one other way that if you had decided that you wanted to use password protection by default, we can come up in here to “Options” under the menu and down to “File naming,” which is where you can set up automatic file naming based upon the model, the date of the exam and that type of thing. And this information further information about this can be found in our help file.

If you look at the bottom here, “Protect with a password”: by clicking that and hitting “Save from this point forward,” every time you do an extraction using XRY, you will get prompted to add a password every time, rather than choose it on a case by case basis, with the check mark that I showed you.

Okay, we’ll bring up XAMN, and this is the extraction we created, and we’ll go to open it. And again, we’ll be prompted with a password and it will open. So we hope that’s helpful both in your transportation of evidence concerns and of your general integrity concerns for evidence that may be used in trial or during a court case. If you have any questions, as always, reach out to us, and you could always visit for further information. Have a great day.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles