1 / 8

Collaboration Model for Law Enforcement X-Ways Investigator

Collaboration Model for Law Enforcement X-Ways Investigator.

estelle
Download Presentation

Collaboration Model for Law Enforcement X-Ways Investigator

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Collaboration Modelfor Law EnforcementX-Ways Investigator X-Ways Investigator is a simplified and reduced version of X-Ways Forensics, and part of a certain philosophy: Splitting up the workload into preparatory work done by computer specialists with X-Ways Forensics and investigative work done by other specialists (investigators, analysts, agents, internal auditors, prosecutors, lawyers) can be a pivotal change and greatly accelerate the forensic process. It reduces the computer specialists' workload and allows to start the investigators to take over much earlier.

  2. (competitors) cost X-Ways Forensics normalprice (simplified interface) X-WaysInvestigator half theprice additional administrative precautionsand further simplifications possible functional range/ complexity for investigators specialized in areas other than IT, e.g. accounting, building laws, money laundering, corruption, child pornography, ... for computer specialists Overview of User Interfaces

  3. X-Ways Investigator: Important Features • ability to create cases, assign evidence objects (media, images with any supported file system); optionally solely open containers, and also optionally only containers classified as secure (i.e. virus-free) • differently specialized investigators may examine the same containers simultaneously, in their own cases, or write-protected in the case of another investigator • logical search, search in index • listing files from all evidence objects simultaneously, dynamic filters, sorting files, marking/selecting files • viewing files, printing documents • adding files to report tables, entering commentsabout files, evaluating files in one’s area ofexpertise; report creation

  4. X-Ways Forensics Collaboration Model Preparatory work performed with X-Ways Forensics, like • imaging media, verify image integrity, assembleRAID systems, search deleted partitions, ... • run thorough search for deleted files,file signature check, include contents ofarchives and pictures embedded in documents,specially deal with encrypted files, ... • roughly filter out irrelevant data, like knownignorable files based on hash, exact duplicate files,with case-specific filters, ... • roughly select potentially relevant files based onsearch hits (resulting e.g. from keywords providedby specialized investigators), based on file typefilters or special hash sets of incriminating files, ... • roughly copy out relevant text from large binaryfiles such as free space, swap files, etc. if found tobe relevant because of search hits • create a search index with adequate settings

  5. container Evidence File Container Preparatory work with X-Ways Forensics results in a with all potentially relevant files An evidence file container retains the following for each file: • file contents, file size • filename in Unicode • complete original path (optionally including evidence object name) • deletion state (existent, deleted, renamed, moved, ...) • all original timestamps as available (creation, contents change, metadata change, last access, deletion) • DOS/Windows attributes, Unix/Linux permissions/filemode • compression and encryption state • if applicable, classification as alternative data stream, resource, slack • if applicable, classification as fictitious file (for “free space”, embedded pictures, thumbnails, partition gaps etc.) Arbitrary free-text comments for each individual file can also be passed on, e.g. the real name of a file owner, preliminary findings, ...

  6. prosecutor X-Ways Forensics report container “containers-onlyversion” X-WaysInvestigator cleared ofviruses protected internal network for investigators specialized in areas other than IT, e.g. accounting, building laws, money laundering, corruption, child pornography, .... Collaboration Model for computer specialists

  7. Installation Options • Each investigator has an individual installation and configuration. Somewhat more administrative effort. Required e.g. for child pornography investigators who need to review CDs and DVDs without preparatory work by others. • Several investigators share an installation on a server, optionally with an individual configuration. The network traffic is high when searching or hashing data. • Several investigators share an installation on a terminal server, optionally with an individual configuration. The network traffic is reduced to screen data. Administrators are in charge of the installations, user accounts, and the assignment of access rights to case data and container files. Computer specialists provide the investigators with containers and search indexes.

  8. Customizable User Interface The user interface of X-Ways Investigator can be partially tailored to individual needs, i.e. further simplified, or reduced for security reasons. • Prevent media from being opened directly • Prevent conventional images from being opened directy • Prevent containers from being opened that are not classified as secure • Disable functions to create containers • Prevent non-picture files from being copied to the hard disk as part off the case report • Disable functions work with the hash database • Disable advanced options • Prevent more complex commands from being invoked • ...

More Related