Cyacomb Examiner Product Demonstration

by
A software interface on a laptop screen provides color coded indications of content present on a scanned device

So we’re in this situation where a search warrant has been executed in relation to illegal images in a residential property. The search has recovered a number of items: we have a laptop from which I’ve removed the hard drive, we have an external USB drive and five USB thumb drives.

Now, normally if we wanted to establish if any of these devices contained our known illegal content, we need to examine them one at a time, examine every file on each device, convert them to a hash, and compare those to a high set of our known illegal images.

While this may be OK if we have just a small number of low capacity thumb drives, given that a 500 gig USB hard drive like this will take about three or four hours to run a full high scan, it’s not really practical to do this in a unseen situation, and it’s likely that we would have to seize all these devices, take them back to the lab, and given that many digital forensics units around the country have growing backlogs, that could be a matter of months before these get examined at all.

Cyacomb’s Fast Forensics Triage technology now gives investigators the ability to very quickly scan devices like this on scene in a triage scenario.

Let’s have a look at how quickly Cyacomb Examiner can scan all these devices. Cyacomb Examiner has the ability to scan multiple devices at once without a loss of performance. So we can connect all seven devices up at one time to our examination computer through our USB hub.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

With our devices connected, we only have three things to do in Cyacomb Examiner to start the scan. First we have to select each of our devices here on the left hand side, then we have to load a contraband filter. A contraband filter filters secure alternative to a traditional high set.

And today we’ll be using a contraband filter built from space travel images, and set of scan confidence. Confidence is basically a trade off between speed and fairness of the scan. In most operational scenarios, 99% confidence is suitable, so we’ll choose that.

Now all we have to do is start the scan. We can see here, we have a progress arc gives color coded result of the overall scan, of all the devices being scanned, where on the left hand side in the devices, we can see a color coded progress bar for each of the devices being scanned.

Now we can see already after just 19 seconds that all of our devices have a color coded result. We have four devices which have turned red, and three which have turned green. Red results mean that something has been found on this device that matches our known illegal content.

And if we want to confirm that on scene, we can just simply click “view results”. Click on one of the results to get a preview of a file. There we can see a preview of an astronaut, one of our space travel images.

Green results mean that nothing has been found on the device that matches known illegal content, and the decision can be made based on all the intelligence and all the information known about the devices, whether to seize them or leave them behind and exclude them from the examination.

So what we have in 19 seconds, we have seven devices scanned, four of which we know contain illegal content, and three which we can make an informed decision about to leave behind.

Cyacomb Offender Manager is based on Cyacomb’s award-winning fast forensic triage tool Cyacomb Examiner, but optimized for offender managers to use during offender visits. All the offender manager has to do is plug in the Cyacomb dongle and to the offender’s computer and run Cyacomb Offender Manager directly from the dongle.

In Cyacomb Offender Manager all the settings such as the devices to scan, the scan confidence, and the contraband filter to use are preconfigured back at the police station before the offender visit. All the offender manager has to do is press start and the software will scan every internal hard drive on the computer and any attached external hard drives.

So, where previously an offender manager may have had to rely on a manual exam of the offender’s computer, with Cyacom Offender Manager, we can perform a comprehensive scan of the computer very quickly and identify any known illegal content, including any deleted content that the offender may have tried to dispose of before the visit.

With Cyacomb Mobile Triage on the data pilot DP10, we now have the ability to use Cyacomb’s award-winning Fast Forensic Triage technology to scan devices such as mobile phones and tablets. Here, as you can see, we can choose to scan an Android device or an Apple device.

Here we have an Android phone connected up, so we’ll choose Android. Just like Cyacomb’s other fast forensic triage technology, all we have to do is select a contraband filter and scan confidence. Here we’ll choose 99% and press start.

As you can see, just like Cyacomb’s other Fast Forensic Triage technology, when illegal content is found on this phone, our progress arc turns red. At any point we can click to view the results. Here we can see an astronaut, one of our space travel images that we use as illegal images.

So, instead of seizing all the devices recovered during our search and putting them into a backlog for future examination, we know even before leaving the scene that an informed decision can be made at how to progress the investigation at this early stage.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Throughout the past few years, the way employees communicate with each other has changed forever. 69% of employees note that the number of business applications they use at work has increased during the pandemic. Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment. Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with. Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review. With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications. Join Monica Harris, Product Business Manager, as she showcases how investigators can: - Manage multiple cloud collections through a web interface - Cull data prior to collection to save time and money by gaining these valuable insights of the data available - Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box - Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee - Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 8 hours ago

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving.<br /><br />As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints.<br /><br />Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery.<br /><br />Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving.

As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints.

Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery.

Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_jVTDS1UTTtA

We’re Not in Document Land Anymore: Modern Data Collections for Litigation Technology Professionals

Forensic Focus 6th March 2023 10:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications. Show notes: Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/ Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/ Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny Midjourney - https://www.midjourney.org/ Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/ AIATSIS - https://aiatsis.gov.au/cultural-sensitivity Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/ Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102 Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share Forensic Focus events calendar - https://www.forensicfocus.com/events/ Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Tips And Tricks: Data Collection For Cloud Workplace Applications
Webinars

Tips And Tricks: Data Collection For Cloud Workplace Applications

ByCellebriteMar 20, 2023
ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd
News

ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd

ByadfsolutionsMar 16, 2023
Digital Forensics Round-Up, March 16 2023
News

Digital Forensics Round-Up, March 16 2023

ByForensic FocusMar 16, 2023
Magnet RESPONSE: New Free Tool For IR Investigations
News

Magnet RESPONSE: New Free Tool For IR Investigations

ByMagnetForensicsMar 15, 2023
UPCOMING WEBINAR – Video Evidence in 2023: Trends, Challenges, Potentials
News

UPCOMING WEBINAR – Video Evidence in 2023: Trends, Challenges, Potentials

ByAmpedSoftwareMar 14, 2023
Digital Forensics Round-Up, March 09 2023
News

Digital Forensics Round-Up, March 09 2023

ByForensic FocusMar 9, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly