Written by Amira Zubairi
After a year of radiation and chemotherapy, Saliba returned to work and found himself in the digital forensics department examining evidence stored on computers, devices, and cloud-based applications.
When he realized that gathering data from devices and applications was a challenging task, Saliba set out to develop his own Internet Evidence Finder (IEF), a software solution that allows investigators to find, analyze, and present digital evidence found on multiple devices.
“He saw a gap in what he was doing in his investigations for the police, and basically, he built a tool to automatically get Internet activity on a computer,” said Jamie McQuaid, a forensics consultant at Magnet Forensics.
While IEF wasn’t meant to be much more than a helpful tool for Saliba’s job, it quickly gained traction from Saliba’s colleagues and other agencies. Finding a place that combines his technical and policing skills, Saliba left the police service in 2011 to launch Magnet Forensics (formerly known as JADsoftware) to help investigators and examiners fight crime, protect assets, and guard national security around the world.
Since its launch, Magnet Forensics has come a long way, especially with the development of its flagship product Magnet AXIOM, a digital investigations platform that allows examiners to acquire and examine relevant data from smartphones and computers, and visualize it for better analysis.
This month, Magnet AXIOM, which was built on the foundation of IEF in early 2016, received a robust update that brings machine learning into the forensics space.
“We have built Magnet AXIOM very thoughtfully to find ways to help our customers deal with the exponential increase in data volumes and resource constraints that are contributing to case backlogs,” said Adam Belsher, CEO of Magnet Forensics. “This latest release of AXIOM showcases our commitment to helping forensics professionals with innovative new technology and makes AXIOM a powerful solution for our customers’ digital forensics toolbox.”
Applying machine learning to forensic investigations
Magnet AXIOM 1.1 features Magnet.AI, a contextual content analysis tool that uses machine learning to search through conversations on smartphones, computers, and chat apps. Magnet Forensics said the tool is specifically designed to help investigators tackle child exploitation cases, which often involve “luring,” a process where a child predator gains his or her victim’s trust.
Since luring frequently occurs in chat and gaming apps, Magnet.AI aims to cut the time investigators spend reviewing terabytes of data to find relevant evidence and use it during interviews and arrests, ultimately helping them get “to the truth faster and more intuitively.”
According to McQuaid, Magnet.AI’s ability to provide contextual content differs from existing analytics tools. He says that while other tools pinpoint data based on dates, a time range, or a set of keywords, such tools don’t always provide the necessary context to determine whether a message “is” or “isn’t” illicit. Where other analytic applications look at individual messages, McQuaid says Magnet.AI looks at conversations as a whole, providing a deeper and useful analysis.
“What we’ve done here is that we don’t look at it at a per-message level. We look at the entire conversation,” said McQuaid. “A single message might be important, but the five or six messages stacked on top of each other, if you have the additional context and you look at the bigger picture with it, [it] might actually give you a better clue about what’s actually going on.”
“If you have the additional context and you look at the bigger picture with it, [it] might actually give you a better clue about what’s actually going on.”
McQuaid believes the key benefit of Magnet.AI is its ability to save investigators large amounts of time when searching for evidence, especially in the early stages of an investigation. The platform will find the most common things or “artifacts” investigators need from a computer or a phone quickly, which can be used to deeply analyze and report what a user did on a computer or understand how a crime or incident might have occurred. This allows examiners to focus their efforts more accurately and reduce the risk of human error in missing messages.
“That time factor is really a major piece…and that’s what we try to focus on,” said McQuaid. “The examiner is still going to go through every single message because you don’t want to leave a stone unturned, but if we can point something to the first few, the most important ones first, that’s going to help them a lot in the long run.”
Along with adding machine learning to its capabilities, Magnet AXIOM 1.1.’s features also include chat analysis, which allows examiners to filter through and tag messages within a conversation. Magnet Forensics also announced a partnership with Passware, a software company that develops password recovery, decryption, and electronic evidence discovery software, to allow examiners to recover data and decrypt a full disk within Magnet AXIOM.
McQuaid says that while Magnet.AI has an initial focus is on child luring investigations — particularly because the company has access to real data related to such cases — its potential applications are not limited to child exploitation cases.
“Child luring was one avenue to start with but there’s certainly a lot of different routes to take with it for sure,” said McQuaid. “Really in the context of chat, you could expand this to terrorism type cases where you’ve got certain actions or activities that would trigger off a potential terrorist threat. There’s also other ones around drug cases or any sort of homicide.”
Changing how people investigate
Magnet Forensics believes this type of technology will ultimately change the way people work in the forensics field by helping investigators save time, make quicker decisions, and find contextual, relevant pieces of information.
“Saving lives and catching criminals is all in the timing, and our team will continue to build upon and refine the algorithms that Magnet.AI is based on,” the company wrote in a blog post. “When thousands or even millions of hits are possible, making use of the lessons learned in the big data industry helps to separate wheat from chaff—helping forensic examiners complete their work much sooner than they could otherwise.”
Magnet Forensics IEF and AXIOM solutions have been applied in a variety of investigations including fraud, hacking intrusions, and policy violations. While the company currently focuses on helping investigators find, analyze, and report relevant data and evidence, Magnet Forensics also plans on building tech to tackle other issues in the forensics space like case backlogs and simplifying the collaboration process between legal teams, police officers, and investigators.
“One of the things in Magnet AXIOM that might get interesting is how you use automation technology,” said Victoria Berry, senior communications professional at Magnet Forensics. “We automatically bring together things that used to be separate stages in a process into a single stage and so thinking along those lines…how do you make those easily consumable by every person that has to read them whether its the legal team, whether its the chief of police, how do you make that more collaboraive and simplify it? We know it’s what keeps the industry up at night.”
StartUp HERE Toronto is a publishing partner of Betakit and this article was originally published on their site.