Paliscope Integrates New Tools For ICAC Investigators

By: Paliscope (peer company to Griffeye)

Today, we launch a new concept for ICAC (Internet Crimes Against Children) Investigators to search for data online. By integrating some of the most innovative online investigation tools into Paliscope, you will not only be able to work more efficiently, but also uncover more clues and evidence online.When we started to develop Paliscope, we had a clear picture of what we wanted it to be. A software that helps make online investigations more effective, structured and secure – regardless of type of investigation. Now, we want Paliscope to incorporate the knowledge and experience we’ve gathered from working with law enforcement – and especially child sexual abuse investigators. So, we came up with the ICAC Package.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.
The ICAC package

The ICAC Package is an integration of some of the most frequently used tools by investigators working with Internet Crimes Against Children. There are some really great tools for online investigations already out there, so we thought why not integrate them into Paliscope, and merge all the stages of having to use different stand-alone tools in order to find and collect evidence online? Well, we thought it, and we did it.

As a result, four new tools have been integrated into Paliscope: The Arachnid Web Crawler, CameraForensics, Web-IQ and PimEyes.

These tools in combination enable users to search for more clues online – no matter the type of clue. Let’s say you have a username that you want to investigate. By using Web-IQ you can now search for more information about this username on the dark web. Or, you might have a photo of the person you are looking for; now you can search for more photos of that person using PimEye’s Face recognition technology. With CameraForensics, it is also possible to use the EXIF data to search for other similar images online, based on location, camera serial number etc. You can also scan the web using Project Arachnid to find out if an image exists elsewhere online. By doing this you can find new places online where previously unknown material – and more clues – can be found.

The tools

Project Arachnid

Project Arachnid discovers child sexual abuse material (CSAM) by crawling URLs previously reported to Cybertip.ca, or directly into the Arachnid API. The integration with Paliscope facilitates the work to match already collected images against Arachnid’s database of known URLs to find the online locations of the image, which could lead to more associated images being found (e.g. from the same image series or taken by the same camera).

CameraForensics is a tool that indexes imagery across the web to match online and offline personas. Their growing database of over two billion images can link devices, similar images, locations, EXIF data and other metadata. Integrated into Paliscope, investigators will be able to match the collected data directly against the CameraForensics database to find more clues online.

Web-IQ searches through the Darknet to find active child sexual abuse forums. With the integration to Paliscope, investigators can simply cross-reference usernames and other intel with hundreds of thousands of forum profiles and millions of posts. The Web-IQ database is continuously updated, and together with a historical archive, it enables the investigator to find more information about victims and suspects and get a grip on what is happening on the Darknet.

PimEyes

PimEyes combines modern face recognition algorithms and the power of machine learning to detect images of the same person. The PimEyes database contains over 150 million unique faces and it can analyze over 300 million websites (TOR included). With this tool integrated into Paliscope, investigators can effortlessly scan for matching faces and find more information about the person that they are looking for.

The ICAC Package will be available at the beginning of next year.
You’re welcome to contact us if you want to know more.

Shortly we will also integrate tools for law enforcement and the private sector.

Visit Paliscope

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...