A new release of Image Analyzer is now available on App Central that now supports the scanning of images for pornographic content in both entries and records. This means investigators can analyze images in the records tab that have been extracted from email archives and compounded files.
Let’s take a look at how an investigator might use Image Analyzer as part of an investigation involving email misuse in a large corporate environment.
Human Resources receives a complaint that a named employee has allegedly been distributing pornographic material via the corporate email system. HR requests an immediate investigation into the reported allegations of misuse by this employee. The investigator is using EnCase Forensic v7 and has purchased a copy of Image Analyzer from App Central. The employee’s email evidence is added to Encase and is prepared using the evidence processor to extract the emails into records tab. The suspect has been an employee of the company for a number of years and has a significant number of email records containing image attachments. The investigator is looking for evidence of sexually explicit image attachments, however rather than manually reviewing each image the investigator selects Image Analyzer from the Enscript menu and starts a scan.
Minutes later, the scan has completed and there are 65 images bookmarked to the “Highly Suspect” folder. The investigator manually reviews the 65 highly suspect images using the thumbnail gallery view in Encase and identifies 20 pornographic images that are pertinent to the case.
While there is clear evidence that the suspect has breached the company email policy, upon closer investigation the investigator notices that the suspect has been sent the offending images by another employee of the company in a management position.
The investigator acquires the new suspect’s email evidence and runs Image Analyzer on that data. This time the misuse is prolific and the new suspect has clearly been distributing large quantities of pornographic material both internally and externally via the corporate email system.
The investigator informs HR of the discovery and they are able to take the appropriate disciplinary actions required for each employee involved.
In this hypothetical case, by using Image Analyzer, the investigator was able to significantly reduce the time required to review the image evidence and was able to quickly follow the evidence trail to its source. While manual review would have eventually lead to the same conclusions, it certainly would have taken significantly longer and other pressing tasks may have required attention causing the investigation to be postponed until more resources were available to continue. In addition to pornographic image detection, a future release of Image Analyzer will support pornographic video detection allowing investigators to extract frames from videos for analysis. This feature will be made available to existing Image Analyzer customers free of charge.
No comments :
Post a Comment