Top 3 Features to Try in Cellebrite Inspector
Cellebrite is excited for customers to experience the powerful new features added to Cellebrite Inspector.
Are you ready to dive into the improvements in the latest release? We think these top three features will have you reaching for Cellebrite on your next case.
1. Image Categorization
Image categorization reduces review time by revealing images and videos that may contain categories of interest. Cellebrite Inspector now includes Image Analyzer’s latest technology for machine-learning-based image analysis. Image Analyzer is a proven solution with years of service to examiners in categorizing images.
With Image Analyzer technology built in, users can run image categorization across pictures and videos with no Internet connection.
Cellebrite Inspector now looks for the following categories:
All available threat categories run when using Image Categorization in Inspector. Improvements to image categorization, including new threat categories, are provided with new releases of Cellebrite Inspector.
To run image categorization during ingestion, check the “Classify Threat Categories” options under ‘Picture Analysis” or “Video Analysis.”
Threat category scores are displayed in the “File Information” pane, or the under the Metadata tab in “File Content Viewer.”
Cellebrite Inspector: Viewing the threat category scores
Navigate to the ‘Media’ view to sort content by Threat Category.
Cellebrite Inspector users can navigate to the ‘Media’ view to sort content by Threat Category.
For additional information on using Image Analyzer see the User Guide “What’s New” Section.
2. Smart Indexing
Creating an index of text documents on a device allows an examiner to quickly discover whether a particular topic is mentioned within the evidence set. The process of creating an index has historically been time-consuming and resulted in bloated case sizes.
However, new advancements around indexing allow Cellebrite Inspector to provide users with a quick and efficient index. Once built, investigators can follow where the leads take them. Make fast sequential queries of the index for words without waiting for a traditional search of the drive contents.
For the initial release, Cellebrite Inspector provides index capabilities only for allocated files on the file system. These are the files most relevant and likely to be useful for prosecution. Data extracted by Cellebrite Inspector from inside of container files as a result of processing, like the Internet, e-mail, or archives, are not included but will follow shortly.
First, users choose to index a volume either when adding evidence or after processing.
Next, after the index is created, choose to add a new Index Search to create a new query.
Cellebrite Inspector: adding a new Index Search to create a new query
An Index Search allows the examiner to search for:
- Specific words
- Combinations of words in the same documents
- File size
Finally, Cellebrite Inspector’s index search uses options like proximity and Boolean logic (AND OR and NOT), to further define which files are most relevant. Each file with hits is seen in the top table. Below the files that were found with the query, users view a preview of hits for the highlighted file(s).
Users can highlight multiple files to see hits across files in the preview area. Finally, highlighting a specific hit will display it in the file in the tabs below. For more information about how to search, including a cheat sheet of operators, see the release notes.
3. Export Files to Logical Evidence Files (.L01)
The EnCase® Logical Evidence File Format (L01) is widely supported by Forensic and eDiscovery tools and preserves file content, metadata, and folder structure. Cellebrite Inspector now allows you to create Logical Evidence Files directly as an export option.
Logical evidence files are created using the [Export] menu. Metadata and folder structure are maintained for files and folders exported in logical evidence files. Select the files and folder to include in the logical evidence file. Access the [Export] by right (contextual) clicking, or from the [Action] menu.
Cellebrite Inspector 2019 R1: Export selected files as Logical Evidence File Format (.L01)
In addition to the functionality highlighted above, this latest release includes several improvements to our Windows 10 and Apple macOS Mojave support. Check out the Actionable Intel tabs for additional supported operating systems artifacts.
Learn more about Cellebrite Inspector here.