Posted on: November 8, 2016
In the last five years the number of digital devices available to the public has increased exponentially in both quantity and capability. Computers are now available in everything from desktop systems to phones to coffee pots. And because anything available to consumers is available to criminals, a great deal of contemporary crime evidence is digital evidence. Collecting, reading, and analyzing that evidence has become a major law enforcement headache.
The Swedish high-tech company MSAB believes it has the treatment for that headache. MSAB has long been involved in cellular communications systems and mobile device forensics. The company now has created what it calls an ecosystem of digital forensic tools built around its XRY software. MSAB’s ecosystem includes a kiosk for capturing and disseminating data; a desktop or field forensic software tool; and an analysis tool that helps investigators piece together who was using the digital device, when it was used, and for what purpose.
Rey Navarro, MSAB’s director, says the purpose of the MSAB Kiosk is to allow detectives and other authorized law enforcement personnel to download data from devices consensually turned over by their owners to the investigators. “No witness turning over a phone video to the police wants to hear we’ll get that back to you in a week,” Navarro explains. “The kiosk lets authorized personnel dump that data into the system and return the phone to the witness very quickly.”
The MSAB Kiosk is a hardware solution that an agency can set up in a central secure location for downloading digital evidence. Little to no training is required to use the system, as it has an intuitive touch screen interface that walks the user through the process. Navarro says the Kiosk is managed by a central administrator who can ensure that only the right people such as investigators and prosecutors have access to the data. And because authorized parties can access the data from the central storage, users don’t have to share CDs or memory sticks, saving time and money.
While the MSAB Kiosk is designed to be used by any law enforcement officer granted access, the next element in the MSAB ecosystem was designed specifically for cyber forensic specialists. Available for desktops, laptops, and tablets running the Windows operating system, XRY is a software tool that allows specialists to extract data from mobile devices under warrant but without assistance from the owners. Navarro says the latest version of XRY Office allows users to connect up to three devices at a time. XRY can extract a wide variety of document, database, image, and video file types. It can also extract data from apps and parse call logs, address books, emails, messages, and GPS data.
Navarro says that even though there are millions of apps available for mobile devices, XRY can extract data from the ones most commonly used in criminal activities. MSAB is also constantly adding app data extraction capabilities to the software through regular updates.
The final element in the MSAB forensic ecosystem is XAMN, a tool that helps analysts find the evidentiary value of the data extracted from digital devices. “XAMN allows you to put all the pieces together when it comes to mobile device dumps,” Navarro says. “You can use it to reveal contacts between the suspect and the victim or the suspect and associates based on messages, GPS information, and other data.”
XRY Office and the other MSAB software products are available on an annual subscription basis per license. Users can learn to use the software and how to testify about the examination in a five-day certification program. For particularly tough data extraction problems, MSAB specialists are available to consult on site.