Fundamental concepts
In the table below, you'll find a list of some of the central concepts in XAMN. A basic understanding of these will make using XAMN much easier.
| Concept | Description | Learn more |
|---|---|---|
| Artifact | The artifacts are the result of the decoding of the data source where data is joined together to a meaningful unit, such as a WhatsApp message, a picture, or a calendar event. | |
| Case | A case can contain multiple data sources, which means XAMN can help you find correlations between data from different devices. | |
| Data source | Files of data that could contain evidence and are used in an investigation, such as extracted data from a mobile phone, warrant return data, or vehicle data. | Manage data sources |
| Exclusion | Reduce the noise by excluding data that is irrelevant to the case, such as system and application files that do not contain any user-generated data. It's also possible to exclude artifacts based on tags. | Exclude artifacts |
| Filter | Apply different filters to narrow down the number of artifacts shown to the ones that are relevant to the investigation. XAMN has several built-in filters, and you can also create your own. | Work with the filters in the Filter pane |
| Language detection | The Language detection tool analyzes texts and identifies the languages used. The tool analyzes texts in properties that normally hold user-created data, like message texts, calendar events, and emails. | Language detection |
| Pattern analysis | The Pattern analysis tool finds artifacts that match with defined regular expressions provided in a .csv file. It is useful to find items that follow a specific pattern or format, like credit card numbers, bitcoin addresses, vehicle registration numbers, and phone numbers. | Pattern analysis (Regular expressions) |
| Person | One individual that is connected to one or more phone numbers, accounts, or other identifiers. This is useful to see communication between people across devices and accounts. | Persons |
| Project VIC | Project VIC is a hash data sharing initiative that permits automatic scanning and detection of sensitive image and video content, without having to expose visual content to forensic examiners. | Project VIC |
| Property | Detailed information that defines the artifact, such as the message text, WhatsApp ID, and time of a WhatsApp message. When you select an artifact, its properties are shown in the Details pane. | |
| Quick views | A saved, preset work tab with a specific setup of filters, the preferred artifact view selected, and the chosen sorting applied. Quick views save you time by not having to make these settings again and again. | Manage quick views |
| Redaction | Redaction is the same as masking data. It is useful when there's a case with sensitive data or data that for legal purposes cannot be visible, for example communication between a suspect and their lawyer. The redaction is done for individual properties of an artifact. | Redact sensitive data |
| Smart processing | A group of time-saving tools that scan through and analyze all artifacts in the case or .xry file. The tools aim to identify or categorize artifacts and make it quicker and easier for you to find the artifacts that are relevant to the investigation. See Language detection, Pattern analysis, and Text analysis. | Smart processing |
| Tag | Tags are useful to highlight, organize, and find artifacts of specific interest. Any tag can be used as a filter to quickly find artifacts that have a tag. You can use the built-in tags or create your own tags. | Tags |
| Text analysis | The Text analysis tool finds artifacts with text content related to suspected criminal activity and other types of abuse. | Text analysis |
| Timestamp | Timestamps are available as metadata for most artifacts. They can tell you when the artifact has been for example created, modified, or accessed. It's important to understand how timestamps should be interpreted in different contexts. | Interpretation of timestamps |