Oxygen Forensic Jet Engine with Facial Recognition

by


Join the forum discussion here.

View the webinar on YouTube here.

Read a full transcript of the webinar here.Lee Reiber: Welcome to another webinar from Oxygen Forensics. I’m Lee Reiber, and we’re going to walk through Oxygen Forensic JetEngine and talk a little bit about JetEngine and then get into some of the facial recognition as we walk through this.

Anyway, any questions that you guys might have, please put them into the question box, and after the webinar, I’ll try to get those answered for you, either … most by email … since we have so many attendees, it’ll be difficult to have a back-and-forth. But I appreciate everyone attending. So, we’ll go through some of this.

First talk about … if you’re not familiar with Oxygen Forensics, we’re based out of Alexander, Virginia, and developing software to extract data from mobile devices, cloud services, drones, IoT devices as well. If you don’t have the software, obviously, you could pick that up. But let’s go and get a little bit about this as we’re moving on. What we’re going to cover is really talk about JetEngine and just really what is it. How can it help you in your investigations? And if you’re utilizing Detective currently and you didn’t know about JetEngine that’s included in there, that’s not uncommon. So, hopefully, this webinar is going to bring that to light, why you might want to be using it for today’s investigation.

Then we’ll walk through some of the navigation, really, how do you find JetEngine, what are some of the things that I should be looking for as part of that, and then we’ll get into the interface. We don’t have as much time, obviously needed, to go through every nook and cranny of this. But we’ll talk about the interface in itself, how you can at least navigate bringing things in, importing items as well as [even] cloud extractions. Then, as part of JetEngine as well, we’ll look at a little bit … in today’s investigations, really, what we should be doing is not looking at a device … you know, a single device or a single evidence store, but really, how can I go in and bolster my investigations with multiple devices? Because we’re going in and … as part of an investigation, it’s not just a single device, but it’s obviously multiple devices.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

And then, really, how do I put this together? How can I use some of these filters, how can I use some of these tags? How can I go in and use some of these labels? And then, obviously, exporting this, putting it into a format that … as part of the process of the investigation, exporting it as a report, and then bringing that to … obviously, to those who need to [review] the investigation.

So, let’s just … we’ll talk about it again, and don’t worry, we’ll get into the interface itself, but let’s just talk about really what is it. JetEngine is built into Oxygen Forensic Detective. So, if you do have a current license of Detective, it’s built in. It’s part of that, it’s not a … you don’t have to pay for it. And it’s … the reason why, really, we wanted to put this into our software is because the cases that we’re seeing today … I mean hundreds of thousands, if not millions, of pieces or artefacts from multiple sources, multiple devices. And being able to process through that. Because as I say, forensics, the four-letter word is time. So being able to really process the information …

But I’m sure you guys have noticed in some of your collections that you have or even other tools … you run out of memory, you get a memory error. And the program crashes or it cannot go in and process that information. So it’s really built for not only speed but allow us now to go through that information, be able to utilize the resources of the computer. Now we’re talking about the hardware. So, how many cores that it has, the memory that’s being utilized. So now we’re able to utilize all this, again, hardware to process through that information. So we start talking about today’s datasets.

I kind of alluded to it or spoke to it a little bit, is that just a single device … if you start talking about iOS devices, and just the size of the information … not only images and pictures, but now the storages, all the database, all the different applications, those chat and the messengers that are built into that. So we look at single devices. But now we have to think about really how do I do an investigation over not only multiple devices, but really multiple sources. And what I mean by multiple sources is saying I have four devices, iOS, Android, but then, the users also have cloud services. So I want to make sure that I can bring all of that information within a single interface, being able to say, “Okay, now I can go and I can process and decode this information, collectively.”

Because I’m sure you guys are all aware, but you might have some information that’s in a cloud service, say WhatsApp cloud service, that’s not available, or Telegram, that’s not available on the actual device itself. So now you have to have two areas to really process that information again, under one case. Again, it’s no longer really dealing with those individual devices, but now we have the multiple devices, as well as … now you might have hundreds of thousands of images, actual pictures or videos throughout this, and then the cloud service [and] the devices. A lot of tools … I mean the majority of tools that are running into 32-bit is just going to run into memory errors. And I mean even Oxygen Forensic Detective, you might see that. So that’s why we built JetEngine to be part of the product itself.

Really, also, if you’re users of Detective as well, exporting, say creating that report … when you have 30,000 pages of information, that takes a long time. And again, you might run into issues in export, say crashing, not able to produce that. Again, bringing this type of tool within our product now helps eliminate that. So now you’re able to go in and export … again, 30,000, 40,000 pages of data throughout … say PDF that you might want to create, to give out. Now, granted, 30,000 pages is probably not good for an investigation, but hey, you know what, you still can do that within this product itself. So again, it allows you, as the investigator, to not have to worry about the processing, because again, time is definitely not on your side.

If we look at some of these little features, it’ll talk about imports and parsing. Because with JetEngine, you’re able to import these files, say, an [07:32] file that’s created from Oxygen Forensic Detective. You’re able to import full file systems from Android, iTunes backups from iOS devices. You’re able to bring in UFED files, to be able to process that information, [GrayKey] images, you’re able to bring that in. So I just have some stats if you want to look at it. Because really, the processing, and just seeing this is really believing it. Because if we look at this … we like to say three times faster than even our own Oxygen Forensic Detective. But also, to other tools, we’ll say three times. But you’ll notice as we go into some of these other types of datasets, it’s actually … you can get up to nine times, as part of the speed. But look at this.

As we go through, even with an iTunes backup, almost a couple gigabytes, being able to process that, in almost half the time, which again, helps you as an investigator. And looking at the file system, just standard zip or a [tar] that you bring into that. Again, now even that’s even better … if you look at it as the events start piling up and you have more events, it seems to do better in the processing and decoding of this.

Now, some people say, “Well, great, it’s going to extract the device itself, being able to process that, or extract them in the cloud side of it …” No, we’re looking at the processing and decoding of the data. Because the extraction can be limited by the device itself, can be limited by the cloud service itself. We’re only basing this on the process and decoding. So, when you get it, don’t say, “Hey, it’s not attracting the mobile device quick enough.” It’s again just on the other side, as we have that.

If we look at here, with the Android, with the ADB backup, that’s looking at … again, with the importing, you’ll notice that it stays pretty consistent, as you have that. But again, as we move up in gigabytes, as well as files, the performance continues to do better and advance, as part of that. Again, the input/output is really what we want to look at in that hardware side of it, of being able to process this information from you. Again, taking the time down, being able to process that information for you is what we are looking to do.

If we look here at some of the physical importing of this as well, you’ll also notice the times … it’s pretty considerable, as you’re bringing in some of these Android file systems that you might have, as well as on, say, the [10:20] side, as well as the video. If you’re looking at the different types of file systems itself … again, and we’re just pairing this up against our own Detective, Oxygen Forensic Detective, but as I mentioned before, with the other tools that might be out and available or that you do have, you will notice also considerable amount of speed differences, as well as the decoding and parsing sides of that.

If we look at this … I’m just going to break this down too, because we’re really dealing with a lot of third-party applications and messaging. If we look at some of these as well. So, in pulling this down from a cloud extraction, from Telegram, that’s a lot of messages, right? If we’re look at that, that number. And bringing that in and actually importing that and processing that time … that is a lot of messages. And now we’re looking at the import time. It’s considerably less than any other tool that is going to conduct some of these extractions for you.

If we look here again, another cloud extraction that we have through Telegram as well. Now we’re talking over three million messages that you have here, as well as the processing and decoding of that information as well, is again saving you time, to be able to process this information. And also, looking at the different types of memory or, say, the hardware resources that you have listed out here below. Because again, it’s all about saving you time, and obviously, being accurate in the processing of this information.

So what we’re going to do is we’re going to kind of go jump into this a bit, to talk about really and break this down for you as part of the navigation itself. What I’m going to do is I’m just going to go ahead and see if I can go and share this for you. We’ll talk about how to get there, and then, be able to go through some of this …

So, great … so if we look at this as part of the interface itself, again, this is … if you’re familiar with it, this is Oxygen Forensic Detective. If you, I’m sure, all have utilized the tool.

Let’s talk a little bit about how do I go in and how do I access it from Detective itself? Here, you’ll notice right here that we have the interface itself, and I’m just going to put a little magnifier right here. One of two ways that you have over … we can go right over here into the Tools menu, and I can just launch the JetEngine right from here, from our Tools menu. If you wanted to launch that as well. Also, here, I have on the Toolbar … also, being able to go in and launch JetEngine, right here from the Toolbar as well.

Now, something that should be of note is if I go in and say I do a collection … say I have … and I’m using our extractor, directly from Detective itself. If I go in and I’m processing a device … say I connect an iOS device or an Android device to that. And I begin the collection, with our Oxygen Forensic extractor. At the end of the collection, it’s going to ask if you would like to import that into JetEngine itself, or into Detective. You can select there, and it’ll import that directly into JetEngine and be able to process that information for you as well. Another way to, say, access that is simply coming over to your Start button, clicking on your Start button, and then just typing in “JetEngine”. You could just type in “JetEngine”, and you’ll see it pop up. You can now go in and select that, and be able to jump directly from that as well, and launch the tool itself. So again, there’s many ways that you can get to it.

Also, you’ll notice here as part of our cases … any of these cases here as well … I can select any of the cases itself. And I’m able to go in and right-click on that and export that device directly to Oxygen Forensic JetEngine. So that’s another way that you can go in and process that directly, instead of just, say, importing [OFB]. I can go and export that directly from Detective itself. So, you have those options. Those options are available to you.

So hey, sort of like a cooking show, I have already launched JetEngine, and I’ll just bring that up. Here’s the interface. This is the interface that we have here, and the first thing that we’re going to do is you’ll notice we have several items over here. We’ll talk about these here shortly. But once you launch or you have JetEngine, let me point out a couple of items that … how do I go in and how should I set this up?

Over in the right-hand corner, you’ll notice that we have … or you’re available to go in and just pull this down as part of the setting. You’ll notice that we have a couple of items over here, as part of this. We’re going to go directly into where it says “Options”. Once I select Options, it’s now going to launch the Options screen, and what you want to do is you’ll notice here there’s General, Search, Import, Contacts, and a Project VIC.

So, right here, as part of the General, once you select General, you’ll notice … this is pretty important, guys, because it allows me to now select where I want the database to be, and obviously, I can go in and select that, to different areas. It also allows me to select a temporary file location. Again, that’s very important, especially when we start talking about putting my temporary files on to some sort of flash media or SSD, on another drive. Being able to go and utilize that resource, instead of having it on, say, the same as the OS, or the same that the application is running. And as well as with the temporary files, that’s very important, to have that not on your operating system or your machine, simply because obviously, if you’re doing a sensitive investigation, you do the extractions, and it goes to Temporary.

All the work is … it can go to a temporary space. And you don’t want to have, say, explicit images, you don’t want to have that as part of that case and … obviously, you want to be able to get rid of that information so it’s not stored within your investigative computer. So you can go in and place that with your temporary files, so not only speed, but being able to maintain that type of information.

Right here is, again, like I mentioned with the extraction of the database itself, that’s very important for you as well, because again, now, you could put that on a fast storage medium, to be able to have it at … operating at full potential. So, again, that’s very good for you guys as investigators. So it allows us to … the same thing, if we have with our different search as well as the import.

So if we look at the import, what it allows you to do here guys, as well, as on the import, is it allows you to select the hash calculations. You can do multiples as part of this as well, at the same time. It also gives us the options … because if you want to go as part of the import process and say you don’t want to recover your deleted data, because you want it to be faster … now, I don’t advise that, obviously, I want to leave these. But it gives you the ability to do that if you need for it to process any faster. So again, it gives you all of those.

If you remember, in Detective, as part of Extractor, you’re able to obviously select these items. Now, this is where you go in JetEngine, as part of that selection. Also, look at here, as part of Archives, being able to go in and, say, unpack these, as part of the processing … it allows you to select these items. Again, this is just obviously a matter of time, but understand, if you’re unpacking these, you’re then able to search across all of those, especially if you had a compressed file that contained some evidence on there. It allows you to go in and unpack these types of archives. But you could go in and select those as part of the examinations, or as part of your settings upon import.

It also gives it here as well, as part of the imports, type of items as well … as part of any of these processings as well, of other types of files to ignore … as well as has the additional, with the drones, as well as what we’ll talk about later, as with the advanced analysis, as part of the facial recognition. And I’ll just mention really quickly, as part of this, as the processing, once it’s processed into coding, it then goes in and processes the faces as part of this. Now, if you wanted to speed it up or you’re not working on, say, the images, to utilize the facial recognition, you could go ahead and switch that off as part of the import process, and again, that will allow you to speed up the process of the decoding, if you were not utilizing … the investigation that has to do with that as well.

But again, some great settings that allow us to bring that in … once you’re going in, once you’re processing that information on there. So, very good. Excellent. Let’s go ahead and look at the main dashboard right now. Just simply hitting the Home or the little house icon that you have here. It’s broken down into a couple of items, our common tasks, which you are pretty familiar with I’m sure, with Detective, is that you can create a new case. Identifying that, creating that new case, so that you can begin importing data into that as well, as part of that. So, adding a new case is as simple as just going in and creating a new case. You can then go ahead and import direct backups or go directly to our cloud extractor. Now, as we progress, obviously, we’ll be adding … being able to have, say, a live collection, as part of that as well. But it gives you that ability to set it directly into here.

Let’s go back to the Home as well. As well as backup import, this is … obviously, if you’re familiar with our Oxygen Forensic Extractor … able to go in and import, say, an [OP] file, into the product itself … I can simply select this. It can walk me through. Just selecting … obviously, it has all the different types of support that you can go in and select. I’m sure you guys are familiar with that importing as part of Oxygen Forensic Detective. So, again, that’s how we can import that.

Now again, we have our … in the Import menu as well … allowing us to import different Apple types. Obviously, having the iTunes backup, being able to import, say, the file system [tar balls] or compressed zips that you would have, as well as [GrayKey] extraction. Being able to … after you have performed a [GrayKey] extraction on that iOS device, being able to now import that directly. And I will tell you guys, if you’re utilizing [GrayKey], just please bring it into JetEngine and process that. You’ll be amazed at not only the speed, but now the process and decoding and the OS artefacts that can now be shown to you in here. It’s amazing.

And then moving over here to Android, these are the current supported import functions. Being able to bring in, say, a physical extraction of that, aka like [g-tag], chip-off, ISP, those types of binaries, bringing that information in as well as the same as we had with iOS device, with file systems … [say if you get] another tool, you’re able to zip that up into an archive file. You can then import that information directly into JetEngine as well.

The standard [ABV], like a .AB, you could bring that in here as well. As some additional third-party tools, as part of their backups as well, that you’re able to, again, import these. And again, we keep on adding additional import types, within … to our tool, every release.

If we look at this right here, these are just our proprietary formats that we would have with our cloud backup, it just comes from Cloud Extractor as well. Our OFB file, again, which is our proprietary format … and then we have, with our ODB … if you’re not familiar with that and didn’t see some of the other webinars, that would be those that are produced with our Oxygen Forensic KeyScout.

KeyScout, really quickly, is a tool that allows us to extract data off a Windows desktop, to get credentials, tokens, as well as some artefacts, some internet artefacts. So, you’re able to go in and now import … so that [ODB] file, and be able to process that stuff directly into JetEngine as well.

Also, with the support of our drones, being able to process that information as part of the drones itself … and again, just bringing in the log files itself. We have both [DGI] and [24:35] that are you’re able to bring in, as well as desktop for [DGI]. So again, very versatile on part of the importing. You’ll be pleased to note as well that Oxygen Forensic Cloud Extractor is also built into here with high performance, that you’re able to go in and run Cloud Extractor directly from the interface here. And like I mentioned before, you could go right here to KeyScout and be able to add that to a removable media, and then go in and run that agent on a Windows desktop, to now extract the cloud tokens, passwords, as well as application data, as well as internet artefacts. You can go in and launch that, and put it on to removable media.

Also, Oxygen Forensic Maps, you can go in and launch that directly from JetEngine as well. You can obviously start a case in Maps, be able to import KML files that you might have exported from other tools, as well as bring in, say, your [DGI], your logs, as well as additional information. Also, Oxygen Forensic SQLite Viewer will be new and improved here, in the next release, but it’s also included here within JetEngine. Being able to launch this directly from here, as well as our Plist Viewer. So we have all of that information directly from the interface, being able to parse through Plist, our property list from iOS devices, as well as the SQLite from those unsupported apps that you might run into from iOS, Android, or other sources.

So that’s the main dashboard, really easy to navigate through that. So let’s take a look at the devices and the device tree. You’ll notice right here a little [hamburger]. It allows me to select that, and it’ll slide out. You’ll notice that we have quite a few cases that are listed out over here, that are listed. Obviously, here is where the GrayKey extraction as well. As well as I’m just going to go … we have our human trafficking case. So obviously, like Detective, we have multiple cases that are located in here. Just like selecting before, the navigation is part of the device tree. If I go to the cases level, the same thing. Now it’s a little bit different, right? It gives me the three extractions that you might have, a little bit of details about the extraction.

But now again, it gives us the ability to do the analytics across the case, just like you guys are familiar with in Oxygen Forensic Detective, with our Timeline, our Social Graph, searching, key evidence. The contacts in itself is a new and improved … say, really aggregated contacts. Being able to take all of the contacts, showing all of the different types of applications that they might have across those. Being able to go and merge, and un-merge or show merged contacts within that. Just like you’re familiar with as part of that. As well as being able to show all the files as part of that case itself. So, very, very powerful, bringing all this information together. And I will … we’ll kind of walk through a little bit of that as part of the analytics here shortly.

As you guys are all familiar with as well, as part of these cases themselves, say this GrayKey, it’s an individual extraction. You’ll notice, kind of like Detective that you would have, or other tools, indicating … obviously, [we have] a logical … or we have a file … or excuse me, some evidence. That’s in green, that’s good, right? In red, showing that’s deleted. As part of this, as part of the extraction itself. As we go through. As well as this OS artefacts. The OS artefacts contains great information. If I simply select that … now we’re talking about all these different types of categories that you have.

Applications. Hey, you know what? Tell me about the applications. [When have they] been installed. Simply selecting that … Now I’m getting all of these items, with the installation that you might have as part of this as well. As well as additional phone information that’s completely built out for you, as an investigator. So again, very, very good, fantastic details that we have as part of these sections. Again, bringing that information in to you, or in for you, is extremely important as we go through that.

You’ll notice also that we might have … or as part of these same messages … our Messages section has changed a bit, that you would have with JetEngine. Simply selecting, say, the Messages area, you now have … you’ll notice, we have all of these other different types that [could be] located directly into the filters. JetEngine, like Detective, is built on a lot of filters. So it allows us to come right into these different filters, be able to select different accounts, be able to now go and say, “Hey, only show me …” as part of these, with the Apple messages … “Only show me the email. Only show me Facebook Messenger [online].”

So again, it allows you to filter that. If you were a [29:55] a detective … you know, [images as part of this] … say, iMessage, or SMS and MMS … but now we’re bringing in, obviously, third-party messaging tools, directly into our Messages view. Which again allows you now to create threads, be able to go in and show communication between multiple people using multiple types or sources. So now we’re able to go in and filter out a lot of this information, right? We have all of this information that’s [filled] out, all of this as part of this section. So again, very powerful.

Again, bring that into JetEngine, because we know you might have thousands and thousands of messages, or hundreds of thousands of messages, from multiple sources, and now you have them in one area, one place where you can go ahead and be able to grab this information in one view. So, again, very important that we bring that to you guys, to allow for … obviously, being able to gather this information, whether to put this together as part of the reporting features that you might want to look into. The application section is obviously similar, that we have here as well, as bringing in all the applications that might be on or extracted from this particular device itself. You’re familiar with those, I’m sure of that as well.

You’ll notice also, as part of that, we have this search function, it’s still here and available. And the best part about the search, guys, it is incredibly fast. Incredibly fast, being able to search as part of, say … you might want to search as … this is search as part of hash sets. You can do and build the keyword searches that you have as well. Being able, again, to search within parsed data, which in the files, as well as file content, throughout all this information. And because of the architecture that’s built within JetEngine, your searches, which is the most important part of an investigation or how you should start it, is extremely fast, and it allows you to do so many great things as part of searching across the case or searching across just an individual device itself.

Again, very good. Very good information that you might have here as well. But again, you’ll be familiar with a lot of these items. Obviously, the views have changed a little bit, so it might take a little bit to get used to some of it, and some of the navigation. But hey guys, it’s built in. You should be utilizing this as much as possible for all of your investigations. As you go through, as we bring some of these things together for you. Again, the accounts and passwords, all this additional information that you guys might have, and might need, as part of that.

Let’s take a look at some other items, say, collectively, that we might have. I’m going to go ahead and I’m going to minimize this one right here. Take a look at, say, this human trafficking, the case that we have listed out over here. I open up the human trafficking case. I simply want to select that. Let’s take a look – what are the analytics? What are some of the things that I need to really have some speed? Because we’re talking about multiple devices. And if you guys [have ran], say, the Social Graph, within Oxygen Forensic Detective, you’re like, “Wow, man, I have a lot of devices in there, but it seems to be … it kind of works well.”

But now, if we come over here directly to the Social Graph as part of this, select Social Graph … now if we start looking at this, look at how quick that is as part of this investigation. So now, as we’re going through, we have all this information that’s listed out. I have all this information that’s listed out, with obviously the device owners themselves, that are all listed. But you’ll notice here, as well, it’s a lot easier to now go in and show … obviously, I have the common contacts, as well as now I say … have unique contacts, that might be listed here as well. So, common contacts that are listed. I now have, you’ll notice, different sources. So I can get rid of all the sources. Say I only want to do the investigation, as part of say a WhatsApp or a line investigation. I can go and unselect all these different sources, simply unselect all the sources, I can go directly into a line investigation, as part of that. As well as any other messages.

So now you’re really dialing in at what you need to know. So now, I can come down … I’ve really brought this stuff down, and now I have an individual. I have an individual that I can go in and select this individual. So I have this individual, and now we have all the event info that you guys are familiar with I’m sure. And telling you what types of devices that it came from. This contact, obviously, through all of these different types of messages. You’ll notice you can immediately identify this as key evidence or bookmark this as well. And I’ll talk a little bit more about some of these tags here shortly.

So again, you have all the information available to you. You also have any of this type of … say, from the messages. And I can go directly to the source of that. Remember, guys, that’s probably one of the best things that Oxygen can do for you, is it takes you to the information, so that, one, you can verify that information, you can have that information available to you. I can still go ahead and select the contact card. Just like we did before. I now have the contact card … or that’s listed out over here. It has all the different types of information. And you’ll notice, it now gives me all of the data that’s needed for this individual right from here.

You’ll also notice, we go and create tabs for you. So you can go directly back to where we were in this Social Graph. So now we have that information. No need to hit the Back arrow. All that information is available for you, and opened up as part of this tool. So again, taking the information for you as an investigator, and taking it down and giving you the information quickly and in a way that you can obviously make sense of that.

Now, again … now look at this. All the different sources that we have is tied to this one individual. Immediately, we get that information, guys. So that’s what we try to do for you at Oxygen, is again, obviously trying to make the world a safer place, but giving you tools that are going to help you to gather that.

Let’s take a look at some of the additional information that you might have. Because I mentioned kind of like we have bookmarks and we have the tags. So, as part of this, guys, we have … obviously, I explained bookmarks. But we also have tags. You can come right here, and you can mark these immediately, as say, important or of interest for this individual right here. You can go in and create tags as well that you might have. And once I apply that, what’s nice is you’ll notice now we have these different tags.

And I can go now and filter, as part of that, within the views, as part of the tags that you might have. Just like if I came in here to this additional … say this GrayKey extraction. I can come directly to, obviously a lot of these. I can say, “Okay, fantastic. You know what? If I’m going to come over here and I’m going to add a tag, because hey, that’s private.” Perfect, excellent, I have that. Now, see … You’ll notice I have a tag as part of that. You can go … like everything else, guys. I can go in and filter and only show those … and now only report on that information. So now, if you’re adding tags, you can go and export that information directly from here, creating reports directly from any of these sections or any of these views, by being able to now go in and create that important information. So not only bookmarks, but now again, with the tags itself.

Now, the tags will allow you to … especially if you identify … or you created a tag of an event, or a case, or a report. You want to identify all of those that are associated to, say, this crime. We call them DR numbers. Department Report numbers. You want to go and associate that as part of that. Okay, [that’s involved there]. Now you can go in and completely filter, as part of that. Just by the tags that you’ve added to it as well. So again, bookmarking and reporting. Extremely important for you as an investigator.

So let’s talk quickly about kind of the reports. How do I go create reports? Well, just like you had before as well … say if you had an individual device itself. You’ll notice right here, I can come directly over here and export the information, by simply selecting Export. You’ll notice that we have now, with the export selections … just kind of familiar, that you might have, with that as well. It gives us the ability to go in and export that, where I can select all the different items that I want.

You’ll also notice that we have the same thing with our common sections, allowing you to go in and create these as well. You’ll also notice that we have here date filters. Being able to select a date range … and now I only want to create a report within that date range that you might have. Or multiple date ranges. Because you can add a new filter. So I can have … say you had a crime that occurred this date, this … or, say, this month, this month, this month … and it’s separated. You can go and create those as part of the filter itself. So now you’re not just going in and saying, “Hey, now I need to filter out all this data. I need to export these individuals.” I can do this at the case level that you have, as part of this … to only export that information as part of the date filter itself. Right?

So again, very powerful, allows you to filter out the information. The different formats [you’ll save] that we currently support in JetEngine. You’ll look at it, kind of the same ones. But you’ll notice a new one that’s coming here in this next release, as part of the plug-in, with Relativity. So if you’re in and utilizing Relativity or Export, you can now export it into that format. And you’ll also, in part of the settings, be able to kind of put the settings that you need, delimiters and things like that, as part of the export. Once we have that, everything’s pretty much the same as exporting these items that you might have here, exporting it as a separate file, export all of the files themselves, and you are ready to go. So, again, very powerful, guys, as you might have.

But let’s talk about the addition of our facial recognition. And it’s only going to be included or it’s only within JetEngine. So you’ll have to utilize JetEngine as part of that. But again, it’s included, guys. So if you do own Oxygen Forensic Detective, it’s part of your license. So it’s not anything extra. You do not have to pay extra for that. Which, again, is extremely important.

If we look at all of these, you’ll notice there’s a new section that’s added. So when you process the data, you get a new section called Faces. And the faces that are listed out over here … right here, that’s the section that is listed out over. So I’m just going to click on, say, the faces. And that’s part of the processing that you have there. You’ll notice right here, we have different sources. We have different sources … So, it’s not just from the media, guys. It’s not from the media that’s … videos or images that might be on the DCIM area. But this is going through all the files. It’s going through now all the applications and looking for those images as well as anything else.

Let me talk a little bit about that. These are all of our filters. We have the different sources that are listed out. We also … now we’re talking about gender. Being able to now … and say, “Hey, only show me those identified as females. Only show me identified as males.” Also, now we can filter by race. Being able to say, “Hey, see if the crime that occurred …” You’re looking for a particular race. You’re able to go in and select these as part of the extraction, to be able to say, “Hey, only identify that,” to show you that data.

Again, filtering out the information. It also gives you age. Being able to filter out a certain age. Now, granted, guys, you want to go a couple ahead and a couple below if you’re looking at a specific age, just to make sure the confidence level is going to be able to grab that information out. You’ll also notice here, as it gives us our confidence level, as well as the quality of it, and it identifies an age or guesstimates an age, and gives you these types of filters, as well as an emotion. How cool is that? As part of the filter, to show “Hey, only show me those angry pictures.” Only show me those joy pictures. Sadness. And all of those can be listed out for you as well. So let me jump into another image, and we’ll talk about some of those pictures that you might have, or that you’re looking at as part of your investigation.

I’m just going to jump down here towards the bottom that I have with some unassigned extractions that are listed. I have right here two things. I have just an imported DCIM folder, and faces. So let’s select these. And we’ll talk a little bit more about what this means to you. You’ll notice right here, identified, and listed as per the details. Here’s an identified picture. [43:32] 64 images.

So we’re going to talk about templates. As part of your license, you get 20,000 templates. And that’s really faces. And that can be the same face but just a different profile that you would have as part of your license. As well as [one core, two threads], being able to process that. So as part of this and identifying it, we have this particular picture. If you select it, it gives you the entire picture that’s listed out, that’s listed out right here, and the identified face itself, and another identified face. If we look at this now, we have now the identified faces. And you’re going to be able to set the threshold. Saying, “Hey, show me with the confidence level …”

Obviously, if this tells me this is identical, the identical picture that it was taken from … but now we have additional ones that say, hey, 99 – that’s pretty darn good. To identifying … and completely a different picture. And different pictures as we have with the identification, multiple pictures that you have. Also with headgear. Also with pictures that are kind of pixelated. We’re still at 99% confidence level, or 99 … looking at that. You’ll notice that we have here … these are [all] identified faces. Those will be with a threshold that is set for you. Here we have it set relatively high, at 99. Obviously we have some at 98 that are identified. We have glasses that are listed out over here. We have low light that’s still … we’re looking at a pretty high confidence level. As well as another image that’s listed out over here.

We also have, again … again, a smaller picture that’s listed out over here. Even at low light, that you might look … so we’re not talking about full-on pictures, we’re just talking about profiles that might be listed in here as well. Now we also have what’s called similar images. And those would be the images that are based on a threshold that are under what you set as [45:29] identified faces. Still at 87, being a profile that’s listed out over here as well. Also again, with sunglasses, still a 70%. Very, very high. On that as well.

So you’re able to go now in and tailor and look at some of these images that might be close to, obviously, the threshold … it still allows you to look and say, “Boom! Yeah! That is the same person that’s listed out over here. I can select it. But it also gives you … you’ll notice right here. The file path. You can go directly to where that image was located, as part of that as well. So you can go directly into that. Again, very, very important for you as an investigator. A couple of other items. If we look at some of these similar images, as part of this as well … we have all of these others. So let’s look at another one.

If I select this … 13 images that are listed over here. We have 13 identified faces that … a pretty high confidence level. As part of our filter. That’s listed out over here. Now you’ll notice, we have additional items down here. Look at completely … it’s still 88%. Even with some partial faces, with costume, that’s obviously … that’s [46:47] over here. You’ll also notice here … check this one out, this one here. It might be low confidence. But if we check this out, this entire picture, you’ll notice this is actually 15 or 16 years old, still identifying the individual. That was a while ago. Still giving you … I mean it’s not quite 50%, but still, you’re able, as an investigator … you’re saying, “Wow, that’s an older picture!” You can still do some more investigation as part of that.

Also, the last one I’m going to point out here is this. It allows me here … right here … this is actually a picture. It’s actually a reflection. A reflection in a mirror, and it still has almost a 50% confidence level, as part of that. Very, very low light, and it’s a reflection in a mirror. So, very powerful, very fast as part of the processing … and again, what I meant by templates, as part of that … if you have multiple individuals in an image. If I have this image here, this would count as one, two templates, and three, identified as part of this picture. It’s part of the product. Again, you get 20,000 of those, which is pretty high. As part of that … as well as, again, two threads.

You can obtain additional templates as well as threads, if, say, your case desires or you do need that as part of it. But again, this is available for free within our product, for you guys to actually be able to utilize. So, make sure that you get on … if you do not have Detective, please get on and look for that, and test this product out as well.

I’m going to jump back into the PowerPoint really quick, just to kind of talk about some use cases that we might be talking about as part of the investigation. If we look at that … I talked about some of these other items. But let’s talk about the use cases. Because that’s pretty important. Let’s think about this, guys.

Obviously, the easier one is … say, you have multiple suspects as part of this investigation, and I’m utilizing the facial recognition to identify, as part of that … say, yeah, the group of subjects … and the guy says, “Hey, I don’t know what you’re talking about. Never met this person before.” You have extractions for multiple devices, you’re able to say, “Boom, okay, here’s this picture right here. Yep, I’m confident that it’s this person, but they said they never met this other individual.” So that’s actually pretty easy, right, to think about that as part of your investigation.

But let’s start talking about, say, witnesses. Say it’s a large event, a terrorist attack. Say something that bad has happened, and you’re now taking all of these phones from these … I mean, think of phones, right? They’re just a walking … CCTVs all over the place. So, now, you, now as an investigator, is … this large police force … you’re dumping all these devices. You have to run it through a product. And now you’re going through all of these pictures, trying to find this individual. Now look at this. You’re able to actually add and look at a picture. I can find that individual … and now run that across multiple devices to identify that. Again, [on a witness phone]. So we’re not just talking about …

So now, with 400 phones, you’re able to process that down … the information, to find out the individual within those videos that you’re looking for in … I mean, we’re talking minutes. Instead of going in and going through and looking frame by frame by frame, or looking through each of these. This is extremely powerful. That goes … the same thing with bystanders, that I just kind of put the witnesses and bystanders in together. All this information is there as part of the processing. Again, like I said, people are walking around with video cameras in their pockets, and their videos … even though maybe the crime hasn’t occurred, but they come back to this … and the event happens. And now they’re seizing or they’re saying, “Hey, anybody in the area, bring your phone to us, so that we can extract it.” Now, that saves time, right? You can extract that information directly into Oxygen Forensic Detective, being able to process that information here, give them the phone back, directly as part of the media …

You don’t have to do a full extraction. Especially if it’s only the images and the videos that you’re looking for as, say, a witness or a bystander. You can dump that directly in as part of just a media folder, DCIM-type folder, be able to process that information directly into Detective, and now you have the evidence that you need as part of this collection.

So really, the use cases for this type of technology is really endless, that … you guys might even think of ones that I haven’t mentioned. I’m sure that you will. But being able to go in and … even a CCTV feed, bring in a CCTV feed. That’s obviously a video. Break those down frame by frame. And 12 hours of video, you’re able to identify that person in every single one of the frames. You don’t have to sit and watch the 12 hours of video, to go in and grab it. So again, I’m really excited about this feature that we have. Along with additional features that are coming out in 11.5, which this week, early next week that we will have that out to you guys, who are obviously current users, that are utilizing Oxygen Forensic Detective.

One thing that I wanted, obviously … I want to thank every one of you for attending this webinar. Thank you for what you do for making this world a safer place. And if you do have questions, guys, please put them in the question box. I’m going to leave this open just for a little while longer, if you have placed some questions into that. I’ll make sure that we can get to those, get you an email response to those. But like I said, if you do have questions, go ahead and feel free to ask those, and I’ll make sure that we can get those answered. Again, I thank you guys for your time, and have a good rest of your day.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_AfSiWHngSnw

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 4:55 pm

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Mqq8XgKvup4

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 3:58 pm

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image. From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case. Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice. Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability. Useful links: Amped FIVE - https://ampedsoftware.com/five Video Evidence Principles - https://blog.ampedsoftware.com/2023/0... CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image.

From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case.

Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice.

Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability.

Useful links:

Amped FIVE - https://ampedsoftware.com/five
Video Evidence Principles - https://blog.ampedsoftware.com/2023/0...
CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_dnSPwNdMn5M

Investigating Video: The Vital First Steps

Forensic Focus 13th May 2024 10:09 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global
News

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global

ByDetego Digital ForensicsMay 16, 2024
The Differences Between Full Disk And Triage Acquisition
News

The Differences Between Full Disk And Triage Acquisition

ByCado SecurityMay 16, 2024
Digital Forensics Round-Up, May 15 2024
News

Digital Forensics Round-Up, May 15 2024

ByForensic FocusMay 15, 2024
Investigating Video: The Vital First Steps
Webinars

Investigating Video: The Vital First Steps

ByAmpedSoftwareMay 13, 2024
Forensic Focus Digest, May 10 2024
News

Forensic Focus Digest, May 10 2024

ByForensic FocusMay 10, 2024
Oxygen Forensic® KeyDiver
Webinars

Oxygen Forensic® KeyDiver

ByOxygenForensicsMay 9, 2024