Engaging with visual data is second nature for many people these days as the growth of visual media across platforms such as Instagram, Facebook, and Pinterest has skyrocketed.

With this in mind, let’s take a closer look at how this common user experience affects digital investigations worldwide.

The Scenario

Let’s say you have a suspected drug-dealers phone in custody. The suspect was detained for 48 hours, and it took 24 hours to get the phone to the digital forensics lab, unlock it, and extract the data. The phone had just over 100,000 images and videos on it. Within those 100K files, there are 100 incriminating images of a hydroponic set up for the manufacturing of marijuana plants.

It would take about 10 to 20 hours to review all the data manually given an average review rate of approximately 5000-10,000 images per hour.

With this new engine, you can now locate evidence faster by surfacing actionable insights automatically with advanced capabilities to dig deeper into the data where needed. Cutting down time-wasting activity is key to the success of any digital data investigation.

When investigating massive amounts of data, the Image Classification engine can flag suspicious images and find photos of a person or an object of interest with just a push of a button.

The Image Classification capability uses machine learning to automatically detect and categorize images related to key categories such as child exploitation, weapons, money, drugs, nudity, and others. Digital investigators can quickly identify persons of interest with advanced person-recognition and categorization capabilities.

This new capability is a great addition to Cellebrite Physical Analyzer and demonstrates our continued focus on applying tools and capabilities necessary to help investigators surface actionable insights and focus initial examination efforts quickly.

Image Classification Powered by AI

The Image-Classification engine leverages machine learning and artificial intelligence (AI) technology to recognize attributes within an image. This empowers image classification to review images, categorize them, and assign a confidence score (0-1).

The new installation of Cellebrite Physical Analyzer includes the image-classification engine and is compatible with the currently recommended system requirements. However, it may require extra processing time.

How To Enable This New Capability In Cellebrite Physical Analyzer?

In the Case Wizard, in the “Examination Tools” window, you can turn this capability “on” or “off” (it is not selected by default).

You can also select the categories of interest by clicking the “Select categories” button.

There are 14 supported categories:

  • Cars
  • Credit cards
  • Documents
  • Drugs
  • Face
  • Photo ID
  • Flags
  • Handwriting
  • Maps
  • Money
  • Nudity
  • Tattoos
  • Weapons
  • Suspected CSA (Child Sexual Abuse)

 

As the consensus feedback from users is that the Suspected CSA category is a sensitive topic, that category is always unselected by default. To run this category, actively select its checkbox.

In the next release of Physical Analyzer, we will support additional categories like Screenshots, food, Jewelry, Invoices, Smartphones, and more.

Note: this specific category, “Suspected CSA,” usually increases process time and memory consumption, so using a GPU card can boost processing time.

If you have a GPU card (NVIDIA® GPU card with CUDA© compute capability 3.5 or higher), make sure the latest GPU driver (version 419 and up) is installed and install the GPU package from MyCellebrite.

In this version, the Image classification engine is available only in the case creation flow. In the next Physical Analyzer version, you will be able to decode and process a device, perform an initial examination, and then run the image classification engine.

Image Examination

Once the decoding phase is completed and the case is ready for examination, navigate to “Insights”.

Image Classification results are presented under the “Image Classification” tree node.

On the main screen, you will be able to see the total number of images per category and you can click each one of the boxes to view a list of images in the selected category.

In this view, images without a matching category will be shown under “Unclassified.” Keep in mind that an image may have more than one match classification.

Under “Images View,” you can see all images sorted by category score. The images are ordered by score (highest to lowest). When you want to focus on images with the highest confidence score, use the slider to filter them.

Image Data Reports

The insights data can be included in all report formats by making sure the “Include Enrichments” checkbox is selected.

Investigation teams will benefit from the advanced functionality of Image Classification, which can help analyze the variety and volume of data that investigations typically produce. Using Cellebrite Reader, investigators can view the Image Classification results inside a UFDR report.

In Summary

Cellebrite’s Image Classification engine in Cellebrite Physical Analyzer helps overcome the challenge of examining and reviewing large volumes of images in mobile devices, cloud data, and other digital forensics data. Moreover, it automatically surfaces leads and actionable insights during the early hours of an examination.

I know what you’re probably going to ask next – What about video files?

Stay tuned, coming soon!

Share this post