Cyacomb Examiner Product Demonstration

So we’re in this situation where a search warrant has been executed in relation to illegal images in a residential property. The search has recovered a number of items: we have a laptop from which I’ve removed the hard drive, we have an external USB drive and five USB thumb drives.

Now, normally if we wanted to establish if any of these devices contained our known illegal content, we need to examine them one at a time, examine every file on each device, convert them to a hash, and compare those to a high set of our known illegal images.

While this may be OK if we have just a small number of low capacity thumb drives, given that a 500 gig USB hard drive like this will take about three or four hours to run a full high scan, it’s not really practical to do this in a unseen situation, and it’s likely that we would have to seize all these devices, take them back to the lab, and given that many digital forensics units around the country have growing backlogs, that could be a matter of months before these get examined at all.

Cyacomb’s Fast Forensics Triage technology now gives investigators the ability to very quickly scan devices like this on scene in a triage scenario.

Let’s have a look at how quickly Cyacomb Examiner can scan all these devices. Cyacomb Examiner has the ability to scan multiple devices at once without a loss of performance. So we can connect all seven devices up at one time to our examination computer through our USB hub.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

With our devices connected, we only have three things to do in Cyacomb Examiner to start the scan. First we have to select each of our devices here on the left hand side, then we have to load a contraband filter. A contraband filter filters secure alternative to a traditional high set.

And today we’ll be using a contraband filter built from space travel images, and set of scan confidence. Confidence is basically a trade off between speed and fairness of the scan. In most operational scenarios, 99% confidence is suitable, so we’ll choose that.

Now all we have to do is start the scan. We can see here, we have a progress arc gives color coded result of the overall scan, of all the devices being scanned, where on the left hand side in the devices, we can see a color coded progress bar for each of the devices being scanned.

Now we can see already after just 19 seconds that all of our devices have a color coded result. We have four devices which have turned red, and three which have turned green. Red results mean that something has been found on this device that matches our known illegal content.

And if we want to confirm that on scene, we can just simply click “view results”. Click on one of the results to get a preview of a file. There we can see a preview of an astronaut, one of our space travel images.

Green results mean that nothing has been found on the device that matches known illegal content, and the decision can be made based on all the intelligence and all the information known about the devices, whether to seize them or leave them behind and exclude them from the examination.

So what we have in 19 seconds, we have seven devices scanned, four of which we know contain illegal content, and three which we can make an informed decision about to leave behind.

Cyacomb Offender Manager is based on Cyacomb’s award-winning fast forensic triage tool Cyacomb Examiner, but optimized for offender managers to use during offender visits. All the offender manager has to do is plug in the Cyacomb dongle and to the offender’s computer and run Cyacomb Offender Manager directly from the dongle.

In Cyacomb Offender Manager all the settings such as the devices to scan, the scan confidence, and the contraband filter to use are preconfigured back at the police station before the offender visit. All the offender manager has to do is press start and the software will scan every internal hard drive on the computer and any attached external hard drives.

So, where previously an offender manager may have had to rely on a manual exam of the offender’s computer, with Cyacom Offender Manager, we can perform a comprehensive scan of the computer very quickly and identify any known illegal content, including any deleted content that the offender may have tried to dispose of before the visit.

With Cyacomb Mobile Triage on the data pilot DP10, we now have the ability to use Cyacomb’s award-winning Fast Forensic Triage technology to scan devices such as mobile phones and tablets. Here, as you can see, we can choose to scan an Android device or an Apple device.

Here we have an Android phone connected up, so we’ll choose Android. Just like Cyacomb’s other fast forensic triage technology, all we have to do is select a contraband filter and scan confidence. Here we’ll choose 99% and press start.

As you can see, just like Cyacomb’s other Fast Forensic Triage technology, when illegal content is found on this phone, our progress arc turns red. At any point we can click to view the results. Here we can see an astronaut, one of our space travel images that we use as illegal images.

So, instead of seizing all the devices recovered during our search and putting them into a backlog for future examination, we know even before leaving the scene that an informed decision can be made at how to progress the investigation at this early stage.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles