MSAB XAMN – Collecting evidence: Tags and Notes
From crime to court room: Create credible reports in customized formats
Investigators know that one of the crucial parts of the analysis process is that all evidence must be handled in such a way as to ensure a secure chain of custody of digital data for use in a judicial setting.
In this blog, we will look into how XAMN, the best digital forensic analysis solution, will give you a complete crime to courtroom solution allowing you to present your findings with confidence.
Imagine you are using a mobile forensic tool to generate a report to present in court only to discover that the court has not accepted your evidence. Investigation reports are vital to success. XAMN functionality will help digital investigators organize their findings, create accurate and relevant reports with all the necessary and acceptable evidence, in accordance with a court of law.
Tags create the big picture
While investigating your case, you will find evidence that you consider of interest but not conclusive. In most cases, the amount of evidence tends to be large and a bit unwieldy. So being able to tag evidence easily is crucial to seeing the crime as a whole and getting a clear overview of what is key.
To help you succeed in this part of the investigation, XAMN is equipped with functions such as Tagging and Examiner Notes.
This is how you effectively organize your findings in XAMN
- Use tags to label artifacts of interest
- Use the “Tags filter” to go back to artifacts you have tagged. You can also search for artifacts based on multiple tags, such as “Suspect A”, “Include in report A” and “Important”
- Use the Examiner Notes field to provide any relevant additional information for an artifact.
With Tagging, you can work with the program’s standard tags or create your own. The tags also quickly let you know if you need to backtrack in the investigation to gather missing evidence, or if you actually have everything you need for a prosecutor to be able to bring charges or rule out any of the people being investigated.
Examiner Notes explain the objects
In order for the tags to help create an overall picture of how a crime was committed you also need to use the Examiner Notes function. This helps not only you but also other officers involved in the investigation.
5 tips on Tags and Examiner Notes in XAMN
- XAMN provides two tags out of the box for simplicity – Important and Unimportant.
- You can add your own tags to categorize or label findings according to any system that makes sense for you and your investigation.
- Using tags is an easy was to prepare artifacts for inclusion in a report (tag now, create a report later)
- Tags can be used to exclude artifacts you consider to be irrelevant, allowing you to focus your attention on the things that matter.
- An examiner note can be added to any artifact.
Your tags will tell you what a prosecutor should look at, while your Examiner Notes will explain what it is they are looking at. Typically, a forensic report would be created separately and in parallel to the examination – but with the Examiner Notes function, contemporaneous notes can be made that will be incorporated into the report created within XAMN, leading to less work for the investigator.
By using Tags and Notes, you can minimize the risk of missing something important while at the same time, allowing for an extremely streamlined working process for the whole team. It will also allow additional members to the team get up to speed in a very short time.
In the next and final part of our blog series on XAMN, we take a closer look at how to export your tagged findings into a user-friendly report.