Uncover evidence in pictures and messages easily

Any investigator trying to survey and identify evidence of a crime by searching through data knows it is increasingly complicated. There is an unbelievable amount of digital evidence on the mobile devices we carry with us everywhere. Our phone can reveal our movements and contain a myriad of other kinds of information such as pictures, positional information and messages. In the hunt for digital criminals, technology such as artificial intelligence (AI) and picture analysis are important tools.

Today we communicate digitally almost exclusively through videos, images and text messages. Evidence of this type is becoming increasingly important to connect a suspect to a crime. Seized devices often contain tens of thousands of images and messages. With the time pressure to investigate a crime quickly, it has become essential to use digital tools that allow you to speedily, securely and efficiently analyze and sort images and messages.

In this blog post, we will dig deep into XAMN, the best digital forensic analysis solution, and show how XAMN can help you quickly analyze pictures and conversations.

Hide duplicates and highlight digital evidence in pictures

When a crime is committed, many mobile devices are seized and their data extracted. Thousands of images and conversations are scattered over several devices. Only when they are paired can you understand the meaning of the images and the content of the conversations.

5 ways to effectively find evidence from pictures in XAMN

• XAMN provides invaluable assistance by intelligently hiding duplicates across multiple data sources and devices when the amount of data can feel impossible to handle.
• When viewing images and videos use the Gallery view to get a quick overview of the pictures on a device.
• Enable image content recognition in XRY when performing extraction – this speeds up your review in XAMN as images containing items like weapons, drugs, and vehicles are classified automatically and will be quickly found in XAMN.
• If you have found a picture of interest, you can quickly find similar pictures by using the “Show similar pictures” option, available in the details panel.
• XAMN is integrated with Project VIC and CAID. This is useful if you’re working on a CSAM (Child Sex Abuse Material) investigation as you can compare images in an extraction against known hashes from an official dataset.
  Bonus Tip:
  XAMN takes advantage of Apple facial recognition to identify faces in iOS pictures, providing categorization and matching within extracted data, enabling you to search for a specific face in a cluster of pictures when analyzing the data in XAMN. Faces identified in iOS can also be linked to persons in XAMN. This feature has proven to be an invaluable tool by being able to link suspects to other ongoing criminal investigations, organized crime or cold cases.

All data presented as conversations

As we have mentioned in a previous blog post, given the vast amounts of information to process and the added complexity when individuals communicate by using more than one device or by using multiple apps, this can be both challenging and time consuming.

XAMN can create an ID with the help of images and conversations that are specific to one person. All communications tracked – calls and messages independent of operator, technology or messaging app – are aggregated in XAMN as complete conversations.

Here is an example of how you can effectively follow an entire conversation in XAMN, regardless of the digital environment in which it took place:

Case: You are investigating two individuals who are suspected of being involved in a network that deals in the theft of luxury cars. At the time of arrest, the persons had multiple devices in their possession. Also, additional devices were found in the residence of one of the suspects.

Solution: By reviewing data from all devices simultaneously in the context of a single case in XAMN, you can determine that the two individuals communicate with each other through using burner phone SMS messages, WhatsApp messages and occasional phone calls. By linking the phone numbers used for SMS messages, WhatsApp aliases used for chat, and phone numbers used for voice calls to Person (A) and Person (B) respectively, XAMN allows you to read through all messages between the individuals chronology, even though the messages have been exchanged using multiple devices and identities.

Bonus Tip:
XAMN not only enables you to immediately filter the relevant persons in your case and view the relationships between them, you can also select specific identities and view their communication.

Prepare your review of conversations by expanding your “Persons” directory. The more identities you can link to a particular person, the easier it will be to review conversations involving the individual.

In the next part of our blog series on XAMN, we take a closer look at how easily you can organize your evidence using unique notes and tagging techniques