Advance in data manipulation streamlines presentation of digital evidence

A development in complex data interpretation is set to significantly speed up digital forensic investigations – by enhancing the presentation of evidence from a range of commonly used devices. Researchers at CCL-Forensics have developed an innovative application for presenting the data held in XML format – a common data storage format, found on a wide range of digital devices and platforms including PCs, phones and SatNavs…Although XML is a text-based format, it’s not user-friendly in its raw format, meaning digital investigators often have to manually manipulate large amounts of data to locate evidence relevant to their enquiry. XML files can contain, for example, internet history, web searches, SatNav recent locations, social networking history – and more.

CCL-Forensics has developed “PIP” to eradicate this problem. PIP is a software tool which parses data from XML files, using the XPath query language and presents the investigator with a results in a user-friendly, easy-to-interpret form. This saves a considerable amount of time, and means costs to investigators are kept to a minimum.

In addition, PIP natively supports AppleTM’s property list (“plist”) file format, both in their XML and binary forms.

A regularly updated library of XPath queries is included within PIP and CCL-Forensics is constantly researching opportunities for new additions to the library, however, for the advanced practitioner, PIP allows bespoke queries to be written for new data types which may be uncovered during the course of an investigation.

The team behind PIP also recognised the need for investigators to process a number of similar files simultaneously, and therefore developed a batch processing capability.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

PIP was created in response to demand from Law Enforcement Agencies to streamline the presentation from the increasingly complex range of digital devices – for little additional cost to the taxpayer.

The final beta test is now underway, and practitioners wishing to be involved should register at www.ccl-forensics.com/pip.

Alex Caithness, the developer of PIP says “One of the biggest frustrations of any digital examiner is the fact that their tools extract data which they have to manually interpret to turn into a reportable format.

PIP is designed to eradicate this problem for XML and plist files.

These files are used in many different devices and applications – the iPhone to name just one. Investigators are seeing a great deal more of these devices, and without a tool like PIP, they may spending time manually processing them.

This is doubly unfortunate, because they have already carried out the first step – by extracting the data. They just now need to interpret it. PIP does this effortlessly.

PIP is a constantly evolving tool and the developers would welcome suggestions for future functionality. For more information e-mail [email protected]

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...