XEC Director From MSAB

Reviewed by Scar de Courcier, Forensic Focus.

MSAB was founded in 1984 and originally focused on helping the police to solve cases. Over the years the company has pioneered mobile forensics, with their flagship XRY product paving the way for new developments in the field.

The past decade has seen new challenges arising in digital forensics, not least of which is the question of triage. This is particularly pertinent in cases where several people are working on the same investigation, for example in law enforcement agencies or during collaborative efforts. And of course this isn’t just an issue for those who are doing the actual extraction and analysis; it’s also a management challenge. This is where XEC Director comes in.

What It Does

XEC Director runs on the same XRY engine as all of MSAB’s other products, so there’s no difference in its core capabilities. The main difference comes into play with permissions: in XEC Director, managers can define different permission levels for different groups. So for example, you may only want to allow your frontline officers to do logical, not physical, extractions; this is easy to set up.XEC Director allows you to manage any number of MSAB products at once, with updates automatically being pushed out to users when you add them to the system. Kiosk itself is an easy to use system with a straightforward GUI that’s perfect for frontline officers with limited forensic training.

Updates can be quite a challenge for forensic software in general; when a new update is rolled out, often a manager will have to physically go around visiting each machine, ensuring everything is correctly installed and running smoothly. XEC Director’s remote abilities mean that updates can be sent out to Kiosks without managers needing to be physically in the same location, making it far less of a challenge for agencies who have workers spread across several sites. This is also helpful when it comes to updating licenses; when a new annual license is issued, management can easily push out this update to their Kiosks, rather than having to physically add it.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

When a new update is available, the most sensible thing may be to download it first, put it on one unit, and test it there before rolling it out. Director makes this easy to do, and means you can view how the new update is being used even if you’re not in the same physical location as the device itself.

When you do come to roll out updates to all machines, it is possible to postpone the updates to certain Kiosks if necessary, for example if people are in the middle of working on a large case.

One advantage of this method is that it fits in very nicely with the recent ISO 17025 accreditation requirement. Since standardised procedures are now necessary across your whole forensic business, it is important to ensure that all of your teams are using the same software in the same way. XEC Director allows this to be done quickly and seamlessly.

The way permissions are set up also helps with accreditation. Each user can be allowed to do different things, so for example you can set up one team or individual to focus on physical extractions, while others perform logical imaging, and so on.

When a user first logs in to their Kiosk, they are shown a set of screens which take them through a step-by-step guide. Each step must be completed before they move on to the next one; this is another great help when it comes to accreditation, since you are able to verify that each user took each step in your standardised process, thus ensuring consistency throughout the organisation.

These screens are run by an XML script which MSAB provide free of charge with the product, so it’s possible to customise this to your own requirements.

Users identifying themselves when they log in is helpful for a number of reasons, the primary one being that it allows management to set different permission levels for different users, as we have already discussed. However using login credentials also allows for better audit log creation, which means management can see how often their Kiosks are being utilised, how the users are doing, which phones are most popular, and so on. It is also easy to see which team members may not be using the technology very effectively, and which of them may therefore need refresher training. Again this helps organisations to keep in line with ISO 17025 accreditation, which requires standardisation of methodology and usage across the board.

In terms of storing data once it’s been collected, this can be set up in any number of ways. Each forensic agency has a different way of doing things, and this is reflected in XEC Director’s setup. You can store data locally and archive it within a specified timeframe; you can download it locally to CDs or USBs; or you could push data back across the network, either to a central location which contains all your XRY files, or to different divisions that send data to different servers. Director and Kiosk can manage those uploads based either on global product configuration or on an individual contextual configuration.

One of the main advantages of XEC Director is how customisable it is; MSAB’s team are happy to help with setup and can make sure everything suits each customer’s unique needs. Storage is one such example: typically everything is stored on a server, which many organisations will already have in place. The modular nature of XEC Director means you can break this up: you don’t need to buy a dedicated server for XRY and store everything there, instead you can put it on different servers based on your own requirements.

Ultimately this is not just a piece of forensic software, but a solution that should be integrated into the overall organisational infrastructure, so when you’re first getting set up it’s worth sitting down with your forensic staff and your IT department, as well as a representative from MSAB, to make sure you create a solution that works for you. MSAB’s professional services department is specifically set up for this purpose and can help to smooth the partnership between forensics and IT.

How It Works

What you see on the front end is very simple. Project managers won’t need to use XEC Director all day every day; maybe once a week, depending on the project. In the meantime the software will be sitting in the background managing users and data all the time.

When you log in you’ll see a screen that shows all registered systems: Kiosks, Tablets, and XEC Express. In the next release XRY will also be supported, so all MSAB products will be able to be managed from Director.

The live status dashboard is a quick way to identify any potential problems, and also shows when the licenses are due to expire. Here you can see the status of individual users and of groups – for example, which hard drives are almost full – and it’s from this screen that you can push out updates either universally or to specific individuals or groups.

On the Users screen you can manage users within the groups you have set up. Most organisations have a minimum of two groups: Basic, whose users have one workflow that provides them with step-by-step reminders of what to do in each case; and Advanced, who see a reduced sequence that still shows critical information, but doesn’t have so many screens to click through. You can set up an unlimited number of groups within your organisation.

In terms of credentials, you can either use an MSAB login, which is proprietary to the system; or you can connect to an active directory, which will then synchronise with the system so that those details can be used to log into a Kiosk. If you manage your own organisation but also have guests who need to be able to work on certain cases, you can run both concurrently by creating visitor accounts – again, this gives a very granular level of control over users, workflows, permissions, data flows and more.

The Logs page gives you the ability to see logs for the entire estate; you can then drill down to a more granular level if required. The filter settings on the left-hand side give you the power to specify timelines, user groups and so on.

The logs include every single event, including successes and failures of reads, allowing you to see which devices have been successfully extracted and which still need to be worked on.

The forensic data itself isn’t included with the logs; instead the logs provide an overall picture of the project which can feed back to main management. You can see which kinds of phones are most commonly extracted, how much work is being done, and how much data is being processed at any given time. You will also be able to see how often the Kiosks are being used; so for example, if you have a limited number of Kiosks and several departments requesting them, you’ll be able to work out which departments aren’t using them very often, and you can use this data to make an executive decision about where your Kiosks are best deployed.

Most senior leaders don’t want to look all through the logs, as this is time-consuming and may seem complex; for this reason, Management Information Reports are available in PDF format, including pie charts and bar graphs that make data easy to interpret and analyse.

Custom reports can also be created if there are specific things you want to include. Typically this would include case references, ID numbers, region, crime type, examiner names, case statuses and case priorities, but you can customise it however you desire. Once you’ve created your reporting profile, you can set it up so that a report is automatically created and emailed to a department head, CEO or chief on a monthly basis, for example.

Should any of your users encounter difficulties, you can also set up remote assistance, which means you are able to see their desktop on your machine and talk them through what to do. You can also request permission to control their screen, thus limiting the likelihood of mistakes.

If your team members need to work offline in the field, there is an offline mode which saves the extraction to the local device, then when the users return they can upload data to the system and resync workflows if necessary. If the network goes down, systems will revert to local mode and pause extractions; when the network comes back up again they will automatically start resyncing.

Conclusion

XEC Director is an easy-to-use management tool that is fully integratable into an organisation’s unique workflow. It allows control at overall and granular levels, creates custom reporting options, and automates several aspects of management that are otherwise time-consuming and generally challenging. For large organisations, particularly those working within law enforcement and those who may need to collaborate often with outside agencies, XEC Director seems like the perfect all-in-one solution.

About XEC Director

XEC Director 2.0 is a centralized management solution that lets you connect your agency’s mobile forensics extraction tools into a single network so you can easily manage all teams and individuals from a central location.

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...