4 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
5 Photo Recovery - Active Adroit Photo Forensics provides Active recovery for the following file systems:FAT12/16/32NTFSHFSHFS+All other file systems are carved.
6 Photo Recovery - Carving APF can recover photo evidence that no other forensic product can!Validated Carving: Verifies that the photos follow the rules of the formatNTFS/FAT Log Carving: Uses NTFS logs to validate and carve deleted photosSmartCarving™: Automatic recovery of fragmented photos.GuidedCarving™: Manual assisted recovery of fragmented photos.Size Carving: Specialized recovery of BMPs, TIFFs and RAWs.
7 Importance of complete carving On average 16-20% of photos are fragmented.Every additional picture recovered can contain:Potential SuspectsPotential LeadsPotential VictimsPotential LocationsMissing timeline informationFragmented Recovery Traditional Forensic ToolsFragmented Recovery Adroit Photo Forensics
8 Embedded Carving Specialized Embedded Validated Carving for: MS OfficePK-ZIPThumbnail Cache (XP, Vista & Windows 7)Generic Embedded Validated Carving for:All other filesSector Carving/Byte Carving:After carving and active recovery at the cluster level, APF removes all validated files. Remaining clusters are carved at the sector or byte levels.
9 Recovery ProfilesA Recovery Profile contains a set of carving and analysis options.Can be quickly selected before starting a case.Built-in profiles for triage and detailed analysis built in.Create, Edit & Delete profiles.Profiles can be copied from one user to another.
10 Photo Formats Recovered Adroit Photo Forensics recovers photos taken by digital cameras:JPEGRAW – Canon, Sony, Olympus, Nikon etc.Adobe DNGTIFFAlso recovers:PNGGIFBMP
11 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
12 OrganizationAPF allows faster organization and processing of cases involving photosTraditional forensic applications are focused on text and files.APF has a dedicated and streamlined UI for photos.Forensic Photo Gallery provides the fastest and most powerful way to view and organize photos.Sort/Group/Filter based on important photo specific properties
13 Organization – Forensic Photo Gallery APF has a unique and powerful forensic photo gallery:Identify with one clickCameras usedImage Manipulation Software (ex. Photoshop)EXIF Date/Times (Day, Month or Year)File name, folder and much much moreFilter PhotosBy Photo FormatResolution (include/exclude thumbnails etc.)Ignore Status
14 Photo Gallery – Camera Grouping Filtering out thumbnailsGrouping By CameraCategoryBookmarked(4 Photos)Apple iPhone 4User selected! Hash Alert(2 Photos)Nikon D100Possible actions for selected photos
15 Custom Gallery APF contains a custom gallery: View and sort user selected pictures.View and sort location or type specific photos like:Windows Thumbnail CacheRecycle Bin/TrashesExtension MismatchHash AlertsBookmarksIgnored
16 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
17 Content AnalysisThere can be hundreds of thousands of photos in a single disk image.Analyzing them manually is just not efficient.Viewing photos by their thumbnails can still take a huge amount of time.Thumbnails are subject to anti-forensic attacks.So how do we save time and show an examiner only forensically important photos?SmartFiltering™
18 SmartFiltering™SmartFilters™ present the most forensically relevant photos:Explicit Image Detection (Fast/Best)Face DetectionThumbnail MismatchSmartHash™MD5 Hash AlertsSmartHash™ Alerts
19 Explicit Image Detection 2 Modes of EIDBest for detailed analysisFast for triage (does not slow down recovery)Experimental Child Explicit Image Detector includedDynamic slider for reducing or increasing explicit images shown.Sort by skin percentageEID uses much more than skin analysis to reduce false positives and false negatives
20 Thumbnail MismatchCriminals know that investigators maybe reviewing evidence via thumbnails.Investigators rarely have the time to view each photo in full detail.Illicit images can be hidden behind “safe” thumbnails!Easy to doManuallyPhoto applications like PhotoshopThumbnail Mismatch identifies those photos where the full image does not match with it’s thumbnail
21 MD5 Hash Alerts, SmartHashing™ Finding known illicit images, examiners normally use MD5 hashesAPF has full support for MD5 hash alertsBut what if the photo is slightly changed?MD5 Hash will not work.APF incorporates SmartHashing™ that finds photos even if:ResizedColor changedBrightness changedSlightly Cropped/RotatedTouched up/Logo Insertion/Logo Removal
22 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
23 Photo DetailsAPF has the most powerful forensic photo viewer on the market:Full ImagePreview/Thumbnail ImagesPhoto Header DetailsEXIF MetadataFile System InformationCategorization & Bookmark InfoSummaryCluster/Fragment Linking
24 Photo Details - Timelines Generate zoomable time lines based onFile Access DatesFile Creation DatesFile Modification DatesEXIF Date/TimeUse EXIF Date/Times to get date time information even if files are deleted.Filter based on dates
25 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
26 Classification/Categorization Categorization is an important part of a forensic analyst’s work.APF categorization was built from the ground up to be FAST and powerful.APF includes built-in category profilesUK CPNorth American CPAPF allows creation of custom profiles.Create rules to automatically categorize based on SmartFilters™Use hot keys to efficiently categorize from any screen.Use categories to view/report/export/save/timeline photos.AdultCPPlayNudity
27 Categorization Flow MD5 DB Check SmartHash DB Check Lookup Lookup RecoveredPhotoMatchCategorizeEID Rules CheckManualMatchOtherCPAdultNudity
28 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
29 Verify Integrity Full Viewable Logs Generate MD5/SHA1/SHA256 hashes of photosDo MD5/SHA1/SHA256 hashes of evidence before and after recoveryCompare evidence hashes prior to recovery against current hashes and stored hashes (Encase Only)
30 Photo Forensic Case Stages Evidence AcquisitionPhoto RecoveryOrganizationContent AnalysisReporting and ExportingVerify IntegrityClassification/CategorizationPhoto DetailsAdultCPObscenityNudity
31 Reporting and Exporting Customizable reportsFile System DataPhoto DetailsEXIF DetailsThumbnailsCSV ExportingFTK KFF Exporting
32 Additional FeaturesBatch Analysis for running multiple cases over night or over the weekendAbility to quickly blur thumbnails to prevent others from viewing photos.Full hotkey support for all major features.Built-in context sensitive helpCertified Adroit Forensic Examiner (CAFE) training available
33 Adroit photo Forensics Contact Digital Assembly or an authorized reseller to provide you with a demo or additional information.Website:Phone:Adroit photo Forensics
Your consent to our cookies if you continue to use this website.