In the left pane, you can see all data sources contained in the case. Click a data source to display details for a data source in the pane to the right.

The details include:

• Categories - Statistics about the artifact categories identified for the selected data source and the number of artifacts in each category.
• General information - General information about the extracted device, including manufacturer, model, revision, serial number, SIM status, and device time data.
• Additional exhibit data photos - Add your own picture of the device.
• Exhibit data - Extraction file information added by the XRY operator at the time of extraction, including custom file properties.
• Summary - Extraction summary, including information about XRY version, hash values, encryption, and statistics
• Device overview - Includes the information from XRY Device Manual that is relevant for the specified extraction method and device.

You can choose to open a category in a new tab. You can always change or refine your search by filtering.

When a new data source is added to a case, it must be activated for you to be able to review its artifacts.

1. On the Data sources page, expand the data source to activate.
2. Click Activate.

Deactivate a data source to keep the data in the case, but not view the artifacts during your investigation.

1. On the Data sources page, expand the data source to deactivate.
2. Click Deactivate.

You can always activate the data source again.

You can check the integrity of a file by performing an integrity check. This helps you check if for example a copy of a file is broken.

1. On the Data sources page, right-click a Data source.
2. Select Check integrity. The .xry file is tested. If the integrity check fails, you can contact MSAB Support for assistance in repairing the file.

In XRY, there is an optional feature to calculate the hash sum. To validate an individual data source, you can calculate its hash sum in XAMN and compare it to the value shown in the XRY log.

The calculations in both XRY and XAMN are done using the SHA256 cryptographic hash function.

1. On the Data sources page, right-click a Data source.
2. Select Calculate hash (SHA256). This opens a window showing the progress of the calculation.
3. When the calculation is done, the hash value is shown. Click the Copy to clipboard icon next to the hash value to copy it.
4. Click OK to close the window.

This export creates a binary file that contains the extracted device data in its encrypted form, if applicable. The purpose is to be able to run this file in a third-party checksum tool and compare the resulting checksum to the checksum from the XRY extraction log, to prove the integrity of the data.

1. On the Data sources page, right-click a Data source.
2. Select Export persistent data.
3. In the window that opens, enter a name for the file, select where to store it and click Save.

Use data source display names to provide your own friendly names for data sources. This makes it possible for you to set short and relatable names that can make it easier to understand of the source of an artifact. The data source display names are shown for artifacts across all views in XAMN and are persisted in the case file. Adding a display name does not affect the data source file name or, where applicable, the Exhibit ID.

Add or edit a display name

1. On the Data sources page, in the left pane, select Edit display name... for the data source to name.
2. Enter a display name for the selected data source and click OK.

Remove a display name

1. On the Data sources page, in the left pane, select Edit display name... for the data source.
2. Remove the name in the text box and click OK.

You can set a specific person as the owner of the case by clicking Set owner.

In XAMN Pro, the Persons page is available, showing you automatically discovered user identities of all your .xry files contained in the case. If available, you can also discover persons data and user identities in the Details pane.

For more information about working with Persons in XAMN, see Persons.