MSAB: Updates From The Frontline

Adam Firman: So good morning and welcome to today’s webinar from MSAB, which is on updates to the frontline. So myself and Simon, we’re going to take you on a journey today exploring the why and the how to implement a frontline solution that works. For those of you who have already implemented a frontline solution, we’re also going to be covering the latest advancements in our frontline solution.

Next slide, please, Simon. So we’re going to start off with introductions from myself and Simon so you at least have an idea of who we are and our backgrounds. We’re then going to move on to the why you should consider a frontline, along with the considerations that you need to have done to make it successful. We’re going to wrap things up, covering how to implement one and cover all of the advancements that have been made in this area.

So I’m Adam Firman. I’m a tech evangelist here at MSAB. Prior to that I had 15 years UK law enforcement experience where I worked the majority of my time in a digital forensic unit. Been with MSAB for four years and I’m a speaker at both national and international conferences and I’m a guest university lecturer. I also present a podcast called Forensic Fix where I have guests from the industry on, and it’s just a general chat about all things DFIR. So my role with MSAB is to help drive awareness of our technology to ensure you guys get the most out of your license fees. Mobile’s changed daily, our product has to do the same. So my job really is to keep you guys up to speed so you are getting the most value from your license.

Simon Crawley: Thank you, Adam. My name is Simon Crawley. I have 30 or had 30 years policing experience, the last 10 of which were in a specialist operations department. While serving in the med police, I helped design and build and manage an effective and efficient frontline system to improve the data collection and improve the data flow to our customers. And now I’ve had six years of MSAB and I work within professional services and primarily I consult on frontline deployments. I advise on how to the Kiosk, tablet and express processes and I helped develop the workflow that you hear so much about on our frontline clients. I also have an MSC in forensic computing and cyber crime investigations awarded by University College Dublin.

Adam Firman: Perfect. Thank you Simon. And just to back up what Simon said really, my time in law enforcement also involved deploying a frontline environment. So Simon and I have both come from a background where we’ve got experience of the why we needed a frontline and sort of the pain points that we met and went through in order to get it successfully working.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

So a survey among more than 2,700 law enforcement personnel showed that more than 85% of their investigations included some form of digital data. That’s hardly going to come as a shock to any of us. And for over 90% of law enforcement’s smartphones were a primary source of digital evidence. So the top data reviewed in those cases was images, text messages, video and location history. But the challenge doesn’t end with the dominance of digital evidence. We need to have a system in place to deal with this overload of devices that we’re all seeing, because we all know that every investigation potentially is going to have digital evidence.

Next slide please, Simon. So we just spoke about it. We all know that every case could possibly involve a mobile phone. So what are the options? We’ve got the option of not including that evidence due to backlogs, but we need to, we need a way to handle this overload of devices. So we are seeing a significant year-on-year increase from devices along with cryptocurrency, car infotainment systems and wearables and submitting jobs to forensic labs are taking longer to process the cases and this is getting worse with each year. So practitioners deemed digital evidence has more impact on cases than DNA, and due to the volume of work we now have investigators noting that even analysis of evidence can exceed two weeks, even for high profile cases. So we believe that frontline technology can help to alleviate those staffing strains.

So digital forensics is a great tool for solving more crimes and it ultimately in the end is making the world a safer place. Therefore, MSAB’s vision is that as many investigations as possible should be able to use digital forensic solutions to empower them. So with this in mind, we designed our products and platforms and solutions to meet those challenges.

So how does frontline assist? Simon and I, we see, and we hear the pushback from experienced examiners that they’ve got concerns around it. And the concerns are that if you introduce a frontline, it potentially diminishes the work that’s done in a lab. It makes it appear simplistic and therefore the bosses do not understand or appreciate how complex and challenging digital forensics can be. And we’ve been there, we completely understand that. And with frontline we are not trying to do that. What we’re trying to do is give the highly skilled forensic practitioners more time to work on the more serious cases by allowing the simple investigations to be dealt with on area.

Now it is a fine line to get it right. Simon and I have both walked these painful journeys. We don’t want cases going to testimony that an experienced DFU member wouldn’t have taken to that process. So for that to be avoided, we need to ensure the frontline process is set up correctly to prevent that from happening. For example, just allowing the inexperienced users only the capability to report on evidence that they understand, such as a Google search or messages for example.

Next slide please, Simon. So here at MSAB, we have been the leaders when it comes to frontline. We’ve listened and we’ve worked with law enforcement across the globe to get this right. Standard digital forensic tools enables a small set of users to address most problems. Our frontline solution empowers all users to proficiently tackle this array of challenges. So we deem that to cope with the ever grown number of digital devices. A good distribution model is for the 80/20 rule. And you can see in the picture a frontline model allows devices to be handled in more places, whereas 80% of the devices are handled quickly at the outset in order to free up capacity for the more experienced staff, to deal with the challenging devices.

So workflow, this is the reason that our solution leads. It’s fully customizable. It helps to align with your processes and ensures that evidence is acquired correctly. Doing this allows it to comply with all your legal obligations. Like it says on screen, the workflow is our secret power. It’s fully customizable, aligns with your department’s standard operating procedures. And because we work in law enforcement, we know duplication is a big thing. The frontline workflow can automate the creation of documentation, type it once and it can be duplicated into whatever forms you’ve got.

Another great feature that we offer in our solution is the ability to set levels for the user base. So we know that departments have to comply and ensure staff are fully trained to complete the work. This is built into the tool and can be refined to suit your standards. For example, there was a user who hasn’t extracted a device for a set period. They can be logged out of the system and informed that they need to be trained again in order to extract devices once again. Helping to keep the proficiency of your frontline working and not having users who complete an extraction every two years and potentially then damaging the evidence so it can’t be used.

This is another great feature, live hash matching. So what this does is your extraction is taking place and the decoding is happening, we will inform you if you have a hash match. So this is going to support and protect frontline personnel. Then they may not be used to seeing child sexual abuse material. With this system in place, you can load a Project VIC database and have live hits. And if the user receives a hit, the workflow could then advise them to stop and submit it to the forensic lab. It can also work for counter-terrorism databases. It makes it possible to know if there’s material of concern on the device even before you’ve started your analysis. And with XRY you can upload any hash list which not only checks the extraction for matches, but it notifies you in real time, even before you’ve opened it in an analytical tool.

And Simon, with your experience from counter terrorism, how much would that have saved your guys when triaging devices?

Simon Crawley: An enormous amount. It would’ve saved having to open up the analysis tool, go through and look at millions of pictures to try and find if you’ve had something that a hash had already said, that’s already on there. That’s simple. You are immediately telling the investigating officers. There you go. Here’s a phone. That person’s got something on there.

Adam Firman: Yeah. And that’s in the counter terrorism realm, but it’s also for the protection of users. If we’re expecting them to do extractions of devices, we also need to think about their mental health. If they’re not used to dealing with these images, this system allows prevention of that. So we’ve reached a part now, where Simon is going to go through some of the latest advancements to frontline, and this is where you can really see the value of the workflow.

Simon Crawley: Okay, cheers, Adam. Just to say in my role, be it when I was in the police, we needed to get data from our location to the central investigating teams quickly. And when we first started, it just wasn’t the process in place. So we invented sort of our own frontline way of doing things. And when the Kiosks came along, that was a really big step for our organization because it meant that users followed the process on the screen. They didn’t have to think for themselves. The naming of the files, the location of the files, where it was all stored, what was happening in the background, it was all taken care of. They didn’t have to worry about it. And it saved our organization a huge amount of time and money and networking everything just meant that we didn’t have to trudge around all our locations, grabbing data off computers. So networking the Kiosks, managing them with XEC was a huge time saver, and meant that we could get the data to who needed it quickly.

Adam Firman: Yeah. And I think that’s a good point, Simon, because when we first implemented a frontline solution back in my police sort of force, we started off by deploying XRY onto laptops. And it was myself and a colleague. We deployed 16 laptops and it was ultimately, it ended up being our job to make sure the laptops had enough hard drive space to make sure that users were following processes of saving their cases onto external drives. We also were responsible for updating the systems. After six months, my colleague and I grew tired of doing that and it actually wasn’t saving us time, because we were having to physically spend time going round and sorting out, as you can imagine, the mess. The laptops were not looked after, they had other programs installed on them. And generally it created quite a big problem.

So when the Kiosk was brought out from MSAB, we were extremely interested because we knew A, it was locked down, people couldn’t play solitaire on it on a night shift. So that suited us and it also, our IT department were happy about it because they didn’t have any malware concerns or people downloading content onto it. But again, because we had an un-networked environment, it was still up to my colleague and I to drive around and update all these systems. So then eventually working with MSAB, XEC director was created, which is the central management system to manage your frontline environment, whether it’s Kiosk, tablet or Express.

And then what that allowed us to do is to monitor and push updates from our lab. So my colleague and I no longer had to spend time driving around. It was a simple push of a button. And over time working with law enforcement, it’s been improved and improved. We now have full auditing capabilities so we can prove which users logged onto which system, which systems are busier, which system is hardly being used so we can repurpose it at another location. All of these sorts of things we had as pain points, but eventually MSAB listened and helped implement them changes. And it’s exactly like Simon said, it’s all about saving time. And our extractions used to, somebody could extract a device in one part of the country and it could then be shared instantly with another officer in another part of the country. But yeah, back to you Simon.

Simon Crawley: Yeah, no, my story is very similar to yourselves in that even though we had a smaller geographical area to trudge around, we had to update the laptops and take data off, then find data that users had lost and misnamed. So networking was a big key factor. And implementing Exec Director to push out updates as part of my business case for the system, I calculated it was costing us a hundred thousand pounds a year just to maintain these five laptops in terms of trudging around, in terms of officer time, because it would take an hour to get there. So that’s hour’s salary, an hour to fix the laptop, bring it up to date, and then an hour to come back again. All of that adds up. And so as part of my business case for buying the Kiosks and buying XEC Director, it was the amount of money it saved and the time it saved. And in my world it was all about time, getting that data quickly to those that needed it to make informed decisions quickly.

Adam Firman: Yeah. And-

Simon Crawley: Sorry.

Adam Firman: Yeah. And also another requirement that hit Simon and myself in the UK was that the big umbrella of ISO 17025. Even our labs had to be compliant and so did our frontline environments. So we needed a way to ensure, like Simon said earlier, of making sure that a user took a photo of the back of a device, of the front of the device, of the IMEI number, the SIM card. So those certain processes that, for those of you who work in forensic labs that you do every day and you could do blindfolded, we needed a way of teaching a user who hasn’t done an extraction for a month, we had to remind them this is the process we want you to follow. And that is how working with our professional services department, you can customize your workflow to suit your work in practice. So in essence, any extraction that’s done on area has had the same process as it would do in a forensic lab.

Simon Crawley: And that brings me on nicely really to what I got very interested in with the MSAB ecosystem or the MSB solution or whatever you want to call it, was this workflow business and what does it mean and how could I customize it and how could I work with MSAB to build it exactly as I wanted it? Because the role that I played in my policing days wasn’t a forensic criminal lab, it was a specialist operational lab. It had certain powers and it did things in a certain way. And so I wanted to build the screens that the user saw in a different way. And that’s really what drove home the benefits of the MSA Kiosk and tablet, because we could make it fit our process, which was different from most peoples in the country, and in the world really because we had specialist powers.

And so that’s what I really got into was customizing the as MSAB likes to call it the workflow, which is actually a collection of files sitting in the background. And sorry, go on.

Adam Firman: I was just going to add this. The technology has advanced so much since Simon and I sort of left law enforcement, where you even have the capability to have selective extraction now for frontline environments. So if a user’s warrant only allows them to extract a one-month period and only allows them to extract WhatsApp, that technology is now available in frontline as well.

Simon Crawley: Yeah, absolutely. And that’s one of my roles is when I’m consulting with customers is about what, is your process, what do you want to do, how do you want to do it, and what do you want the users to extract and advise them? Well, I’d say, well, targeted extraction is the best way for you, perhaps combining with file selection if you’re doing SD cards or USB’s so you can pinpoint and get the exact data and artifacts within the timeframe that you’re after.

But as Adam was saying there, the engine that runs our workflow has improved enormously over the past two years. We’ve been driving that forward primarily from suggestions from our main customers about what they want to see on a Kiosk. And as it says on the screen there, it says, what we’ve updated in the past two years, 18 months, is we now can produce a set of contemporaneous notes. And we can do a signature capture, and there are recovery documents that sit behind that are captured automatically. And I’ll show you about some of those. And then there’s some miscellaneous little things, little nuggets being brought in to make the whole process a lot better and fit in with the processes that people have. Because every lab is different, every customer has different needs and requirements and we don’t just give you a one size fits all and say, there you go, get on with it. We sit down and say, well, what do you want it to do?

So in that sense it really is adaptable. So just to go back 18 months or so, two years, when I was talking to a customer about the workflow and their processes and they sort of said to me, well, wouldn’t it be good if? Now that’s not a phrase we like to hear, because it usually leads to a lot of development work, but actually what they were asking for actually made sense ,and it was actually really good requests that came in.

And so they said, “Well, wouldn’t it be good if the Kiosk produced, contemporaneously, made a record of contemporaneously all the data entered by the user?” And I said, “Well, we can sort of do that.” And they said, “Yes, but what about all the photographs? What about all the extraction summaries?” I said, “Yeah, that’s a really good idea. We’ll push to get that one done.” They said, “Well, what if the Kiosk had an abrupt stop? Because you’re now entering the continuity chain. What happens if we’ve lost those pictures.” I said, “Well, that’s a really good idea. We should be able to recover that.” And then they said, “Well, how about doing signature capture because it is just a touch screen, so why can’t we just signature capture? Because then we could sign, could ask victims and witnesses to sign, and you can have officers signing a statement on the screen.” I said, “Yeah. Those are all really good, useful ideas and very helpful.”

So where we are now. We can capture all the photographs taken in the contemporaneous notes, and any user notes that the user enters and the file name. Capture user entered system, well yes. And that includes the date and time, which seems obvious, and also XLY version, the computer name, the Kiosk name, the workflow version. Extraction summary. Yes, we can now capture extraction summary. So we can capture if you did one Zoom, one memory card, one device, all of those three extraction summaries can go into the contemporaneous notes, and more importantly in the correct order. We can produce them in a DOCX or PDF format, entirely up to you, or both if you like. And then another request was, can we hash that PDF or that DOCX? Yes, we can. And can we do signature capture? Yes, we can.

So what I’d like to do now is take you through some slides just to show you some of these things that we can do. So the first one was case data. So here is a screen, the date and time has been captured, and various bits of information are being entered by the user. And furthermore, there’s more data being entered by the user. So an exhibit reference number, who it belongs to, seal number, all good stuff. And we put that into a document. And so it captures all of that data. So the time, the date it started, the op name, all the information about the XOI version, what Kiosk is being used, what workflow is being used, whether they’ve entered a Faraday box or not. So I built it. So if they don’t use a Faraday box and everything gets filled with NA, if they had entered the data, then the data would be there. And we have all the pictures that they’ve taken, the date and time and the name and the user notes are all captured.

Adam Firman: And I think the importance of this is, I made the point earlier that those of us who work sort of in law enforcement and these processes know there is so much duplication, and the user is entering this content as they go, which they should because they should obviously keep a detailed log of every action they take it. And what this does is it saves a duplication. They’ve entered it so the document is created, and this has saved this respective police force so much time.

Simon Crawley: Well absolutely, because when I was talking with this customer, they were saying, yeah, they’re having to sit and they do one screen on the Kiosk and they move over, and type in a load of data. And so they’re typing data twice and double keying is the scourge of any DFR lab, get rid of it. And so that’s really what we’ve done here.

One of the little additional benefits when we were developing this sort of background functionality was to do with photographs. So now we can force the user to take a minimum required number of photographs. So here they have to take two photographs, and it could be every time you launch the camera. So if you launch the camera for your case photography, for a SIM, for a memory card, for a device, your photographing, that set number, that minimum number of photographs can be different every single time. So when you are photographing the closed exhibit bag, you can make them take four photographs. When you’re doing a SIM, two photographs. Front and back. Device, well you might want five or six photographs for that. So it can all be different. So we can force the user to take a minimum number of photographs and they have to take it.

Just really some more examples of data entered. So here on the screen, they enter the number of SIMS that they’ve got and the printed ICCID, and the vendor. And what this customer wanted was every time you start a particular process, then the time is recorded. So they started SIM one process on that day at that time. And so, here we have the successful extraction, it’s successfully done, and it’s bringing up the ICCID and the MZ and all that good sort of stuff. And there we have SIM one data, the total number of SIM’s, two, the day and time started, recovered IMZ and ICCID, photographs of it. I must admit I didn’t take very good photographs, but there we go. And then the extraction summary, it’s all there. What the user saw on the screen was being processed and put into the extraction summary and the content notes for them.

And just to labor the point, the device data was the same. So enter all your data, get your extraction summary, and then it all goes into the… Excuse me. Into the contemporaneous notes. And here you can see there’s an opportunity to add any additional notes, which is a file of workflow. You can go to the next screen and extraction is complete, and the time it all ended. So that’s all sorts of really good useful stuff that courts and labs like recorded.

Talking about the hashing of the document, this customer wanted the hashing of the document, because they wanted to prove that document was not altered in any way. So they have a hash. And so that’s the information that’s contained in the hash, the name of the PDF, the user, the case number, and the MD5 of the hash, which they were very pleased about.

Some additional sort of processes that I built for this customer is that during their workflow, I now name the extractions. So SIM one, SIM two, memory card, device. And so you can see the PDF and the content notes. And if you’re using XYL Express, well okay, you may or may not need that because you’ve got a lot of information there, and you might be able to work out which is. But on a Kiosk it looks like this, which is good. But if you decide to do another feature of the Kiosk is to encrypt your XLY files, which you can do, no problem at all. And it’s just a setting in the Kiosk admin. But if you do that, you don’t get those lovely icons by the side, which helps the non lab user identify which is their extraction. So what they see is that, and so that’s why I introduced putting in the name of the extraction, so the mem card one, SIM two, SIM one, exhibit photos, and for other customers I do case photos, and resealing photographs, and it’s all named there.

So the user can see very easily without having to look at the date and timestamp, and then look at the size, work out which is which, and open up the one they want to get. So a lot of customers find that really quite useful. And signature capture. So that’s now entirely possible on a Kiosk or a tablet to do signature capture. And this is for a customer that wanted the officers to sign at the end of the extraction that they’re not 17025 compliant at the moment, they are working towards it, but they’re currently not. And so the UK court system means that they have to declare that. And so the way that they wanted it implement it, was to actually have the statement on the screen so the officer can see what they’re signing. The date and time is captured. Then the officer signs. And then it goes into the contemporaneous notes as the last part of their notes.

There I sort of see an even bigger application for this, is for victims and witnesses and on a tablet. So if you take an MSAB workflow on a tablet, that is for any of your investigators, say you have a victim of a serious sexual assault, you can then give them that tablet. They can then go to the victim. Because the victim says, well, I’ve got evidence on my phone, but I don’t want to hand my phone in, because there’s other personal data on that phone. I don’t want to hand it to the police, because I know it takes you three months to get through your backlog. I want to support the police, I want to help you. So how much better would it be that you go with a tablet, the investigator goes to that victim’s address, or they go to wherever that victim feels safe, they open up the workflow and so the victim can see what’s happening. And you can say, well, my warrant or my authorization allows me to take calls, contacts, SMS.

And so, the victim signs on the screen. That’s captured. That’s what you’re taking. And you go through the process and you use targeted extraction as a profile and you go, calls, contact, SMS, and you do the extraction, which should only take a few minutes, and you open it up in front of them and say, this is what I’ve got. You can see what I’ve got. I’ve only taken what you said I could get and you signed, and they can go away. So to my way of thinking, that provides a really good service for victims and witnesses in particular. And I think that’s a way forward that these should be looking to implement this type of process. We don’t have to send you… Go on, sorry.

Adam Firman: Yeah, sorry. We’ve got a question in the chat. Can hash algorithm be selected? I.E. MD5, SHA1, SHA256.

Simon Crawley: On the Kiosk you have to have MD5 enabled. The Kiosk hash is SHA1 by default, but it is the MD5 hash match that is used for certainly Project VIC and CADE. I don’t know about others. If you had a hash list that was using SHA256, then that is a hash set that you can select on the Kiosk or tablet to match against. So yes, you could use others, but CADE and VIC uses MD5.

Adam Firman: Yeah, so you can select those hashes, but for the live hash matching it has to be SHA1 or MD5. Perfect.

Simon Crawley: So having built all this great stuff for the customer, capturing all these photographs, they then said, yes. But what about in the event of a sudden end? What happened to those photographs? Where have they gone? Because they’re not in an XLY file yet. What’s happened to them? Right. We’ll build you a recovery doc. So on a Kiosk, and I’m showing XLY Express here, but it’s the same screen for a tablet or for a Kiosk.

When you log in as Kiosk admin, if you go to system administration, you’re presented with a number of options, one of which is called workflow data recovery. When you select that, you’re presented with this screen, which tells you quite a bit of information. So the last extraction, this last sequence was extraction, status was okay, and the date and time, and the user.

But here we see that somebody did a sequence called extraction, the Kiosk crashed, and here the person was doing extraction and the user aborted. So they chose to end the process, as up there. But if you tick where I’ve ticked okay there, and then click export, you end up with a Word document that contains every single variable that was inside that XML workflow and the date and time that it was changed. So when it first loads up, it loads them all up, and there’s a date and time. And it also includes the case reference and the exhibit ID, and the operator.

But it goes through and it sets everything, which makes the document and a little bit hard to read. However, it means that you can rebuild and you know exactly what the user was doing, because you can follow these variables as you go through. But more importantly, you get all the photographs and any notes that they’ve taken. So if you’ve just opened your… You’ve taken a photograph of your sealed exhibit bag, you take a photograph of the open exhibit bag, and then for whatever reason, because computers are computers, the Kiosk decides it’s not going to play any longer. You haven’t lost those photographs, you still have them. You still see-

Adam Firman: Simon, you should have warned people that, that scary image was going to come up on screen, and we should have had to hash it for that, really.

Simon Crawley: I know. I regret being on that note. But at least I’ve got an MSAB Kiosk open in the background. So yeah, you’ve not lost, not all is lost. I’ll get rid of those, because they’re too scary. So one of the side benefits of building that recovery document, was that it actually helped those people doing custom variable reporting, in XEC Director. So this is the only time I’m going to show a bit of our our XML.

So we now have a section called variables, and these variables are the ones that are populated and shoved into that recovery document. But the benefit was, when you’re in XEC Director and you’re looking at reporting, when it comes to a variable, it shows anything that’s been declared public in the XML. So if for example, I selected case type here, it would then show all of the cases, all of the values in that dropdown menu that the user saw on the Kiosk. The person and the XEC Director, the admin producing your monthly, weekly, yearly reports can then also see that same dropdown.

So in theory you could say, right, I want to produce a report of how many assault police I’ve had in the past three months, and it just makes it so much easier for the XEC Director to produce that type of report, because the dropdown is there, so everything is spelt the same. The person in XEC director isn’t typing something and mistypes assault or mistypes of police. So actually producing reports in XEC Director was simplified by some of this work.

Another little thing that some users we’re questioning was, we call this a dialogue screen, on a screen on the Kiosk. You always have this little X here, and on occasions you’d get users not wanting to go through the whole process and then press that little X to finish, because we’re used to pressing X for windows, close down a window and everything ends, and everything’s good, and everything works fine. Where in a workflow you don’t really want that, or you may want that, but most of the times you don’t want that. So we built in the additional functionality was that you can now change that button from an X to the word abort, which sounds a bit more serious. So users sort of hover their finger over it and go, should I press it, should I not? I can’t remember my training.

You could if you wanted, have it to say, don’t press this. And of course, if you’re really concerned about users not pressing that button, you can get rid of it completely. So the option is yours. What works best for your system, your policies, your processes that we built for you. It’s entirely up to you what you do and how you do it. I would suggest that not having any option may cause some operational difficulties, but if that’s the way you want to go, then that’s the way you want to go. But abort tends to be the way that most people go. And that’s sort of where most people are working towards these days.

If you did press that button, you used to just get a dialogue box like this, a popup screen saying, but now I can change the title, I can change the wording that you want, so you can make it say whatever you like, because I can change that. And additionally, if you wanted, you could then have a second popup that gives the user the choice to create that recovery document that you saw earlier in the slides. It’s entirely up to you whether you produce that document. It’s not really a contemporaneous note, but it does record everything contemporaneously. It’s not laid out nicely, but it will produce a Word document with all the pictures in, but it doesn’t have the extraction summaries and it doesn’t have, and the pictures aren’t in the right order. So it’s entirely up to yourselves whether you have that or not. You don’t have to have the screen, you can turn it off.

But hopefully there’s still people with me. So just to finish up from my side of it, we now have some enhanced reporting from Kiosk and XEC Director with their contemporaneous notes and the much easier way of producing the reports in XEC Director.

We’ve got some new controls as you saw. We can turn the abort button on and off. We can make it say whatever you like, the buttons on the screens. If you’re used to our workflows, we can make the screens, now we can change the buttons on every single screen, so they don’t have to say next or back. They can say, press this one to go forward if that’s what you’d like. Make it say anything you like now. And we have a disaster recovery, should it ever be needed. So as you can see, that is a new one that spells, end of my section and hand back over to you, Adam.

Adam Firman: Nicely done Simon. You can clearly tell you’ve been in law enforcement, because you ended on an acronym. But if you just want to pop our details up on screen, Simon.

So this wraps up today’s webinar. On the screen you can see the contact details for professional services. So that’s the department who Simon works for. So if you’ve got any inquiries as to if there was something that wasn’t covered today that you think I would really like that in a workflow, we probably would be able to work with you, and meet at some point of implementing that potentially, if it’s doable. We certainly will explore most options. But you’ve also got me and Simon’s email address there.

So if there’s any questions that you think of later today that you haven’t asked today, please feel free to reach out to myself and Simon.

Like we covered, we’ve both trodden this path. We’ve both walked this painful journey, but the rewards are there. Both Simon and myself saw the rewards, saw the less, saw burner devices, brick devices being done on area and not coming into our lab anymore, which ultimately allowed us to spend longer on the more urgent cases, the more complex devices, and we actually got to spend more time doing the actual analysis, so the data deep dives and we reduced the backlog. That’s the main point of a Frontline solution. But hopefully you have all enjoyed today’s webinar and like I say, if there’s any other questions, please feel free to reach out to Simon or myself. But thank you very much for attending.

Simon Crawley: Thank you.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles