Jad, tell us a bit about OUTRIDER and how it came about?
We talk to officials in law enforcement from a variety of different backgrounds and the one constant for us is trying to find ways to help them do the important work they do. In the case of OUTRIDER, I had been speaking with police and parole officers who were looking for quick and easy ways to tell if their parolees — often child predators — were at risk of reoffending. They needed a way to be able to tell if they had been accessing illicit materials, and fast. We’ve had a triage tool for many years now but have been looking for the right time to re-imagine how triage tools work and build something new.We took that away and built OUTRIDER — a solution that not only helps them scan devices with lightning speed, but is easy enough for all levels of technical proficiency.
You also launched Magnet SHIELD this fall for Canadian law enforcement. Both are designed for use in the field, but SHIELD focuses on victims and witnesses, while OUTRIDER focuses on suspects and parolees. Why not just offer one field tool?
SHIELD and OUTRIDER — while used in the field by non-technical officers — serve very different needs. In the case of SHIELD, first responders can use it to help build public trust by collecting digital evidence from witnesses and victims with as little inconvenience as possible. We know that witnesses and victims can be reluctant to share potentially important evidence because there’s the possibility that their phones will be confiscated for months at a time, or that delays may result in second-guessing their decision to cooperate. With SHIELD, we’re working to minimize that burden on those who are helping law enforcement do their job. On top of this, SHIELD is served up on a custom tablet, making it a single and secure source.
OUTRIDER, on the other hand, is used on offenders’ devices, quickly checking for contraband, establishing a risk profile, and making sure that there is no wrongdoing on their part. It’s purely software driven and fulfils a different need than SHIELD.
How is OUTRIDER different from other field preview and triage tools?
With OUTRIDER, users really are benefitting from lightning speed and ease of use. With our tests, we’ve seen scans complete in less than 5 minutes – on an example system, over 1 million files were scanned in just 52 seconds. That includes apps related to encryption, the Dark Web, peer-to-peer file sharing, cloud storage, anti-forensics tools, virtual machines, and cryptocurrency. And, not only are the scans extremely fast, but they’re able to be run by users who are technical AND non-technical. OUTRIDER was designed to be as intuitive as possible for all audiences.
What defines "illicit material" – is child sexual abuse material a focus, or other forms of content too? And what does OUTRIDER rely on to detect it?
Illicit material can be defined by the user — whether that’s locating known apps or taking advantage of keyword searching in file names, encryption detection, and file collection for later processing.
Additionally, we recently announced a partnership with Child Rescue Coalition (CRC) utilizing their Neula technology to help quickly identify CSAM material. It does this by identifying fragmented pieces with block hashing technology as a core component.
The presence of encryption or cryptocurrency apps in themselves isn't suspicious. Does OUTRIDER's risk assessment approach mean that it scores or weights the evidence it identifies in any way?
While encryption or cryptocurrency apps aren’t suspicious, there are times when they’re a sign that someone is hiding something — particularly in the case of offenders on parole. Generally, part of the condition of their parole is to not hide digital files behind encryption or use untraceable cryptocurrency, so if their devices are being inspected, it would immediately cause suspicion if detected.
Is OUTRIDER able to find deleted evidence on a given device?
Because OUTRIDER was designed to be a high-level, very fast triage/preview tool, it does not “go deep” and look at deleted or unallocated areas of a drive.
How does OUTRIDER preserve contraband? Where is the evidence stored, and how does it support chain of custody?
If the officer using OUTRIDER elects to save copies of the identified files, they are stored in a standard ZIP file. A hash value is generated for each file being saved and a log is generated that includes all files and associated hash values. This makes it easy to preserve the evidence and load it into other forensic tools, such as Magnet AXIOM, for further processing and analysis.
Can you tell us more about what you're hoping to achieve or learn from users who take advantage of the OUTRIDER free trial?
We’re really hoping to make it fast and easy to assess potential risks of reoffending, and to detect those who have already reoffended. We also want to help in the prioritization of devices to be seized in search warrant scenarios or similar situations. We’re using the free trial period to learn as much as we can about these use cases and to understand if OUTRIDER is providing value in these scenarios, and what else we can add to the product to help even more.
In the probation and parole scenarios, those who are keeping an eye on these offenders have a lot on their plate already, so we want them to not have to use up their time waiting for scans on devices and potentially missing clues that there is a significant risk to the community. We’re always learning from our customers, so we want to keep homing in on what they need so we can make it as effective and timely as possible.
If you’re interested in trying Magnet OUTRIDER, we’re offering an extended free trial — so head over to www.magnetoutrider.com for more information.