Forensic Analysis

The Sintelix Forensic Analysis Tool can collate metadata and extract a file-set ready to be ingested and analysed by Sintelix.

Forensic Data Analysis

Forensic analysts collect data for analysis from devices and other sources, such as Apple devices (iPhone, iPad), android devices or computers.

Forensic data files tend to be images of hard disks or systems memory that are large and contain large amount of binary data, not suitable for text analysis.

The Forensic Analysis Tool supports analysis of the following formats

  • Raw Disk Images (*.img, *.dd, *.001, *.aa, *.raw, *.bin)

  • Encase Images (*.E01, *.L01)

  • Virtual Machine Drives (*.vmdk, *.vhd)

  • Local Disk (disk mounted on the local system)

  • Logical Files (files in a folder)

Sintelix Forensic Analysis Tool

Sintelix has a Forensic Analysis Tool designed to collate metadata (for example, phone logs) and extract the files for ingestion and analysis in Sintelix.

Operating System

The Sintelix Forensic Analysis Tool is a Windows only tool.

Project File

The Sintelix Forensic Analysis Tool installation includes a Sintelix Project which is configured to:

  • Ingest the JSON report extracted from the Sintelix Forensic Analysis Tool

  • Create a Network of entities and nodes extracted from the JSON report, for example, the phone log.

Instructions

The instructions for using the Sintelix Forensic Analysis Tool are provided in the pre-configured Sintelix Project file included in the installation.

Import the Forensic Analysis Project into Sintelix from the install directory of the Forensic Analysis Tool.

Process

To perform forensic analysis:

  • In the Sintelix Forensic Analysis Tool:

    1. Configure the Sintelix Forensic Analysis Tool, for example, set up keywords to identify and index and configure the ingestion profile.

    2. Ingest forensic data file(s) by selecting data source, output location, and ingestion profile.

    3. Export the forensic JSON report.

    4. Filter and Extract the required file types.
      Note: There will be many system files that may not be required for analysis.

  • In Sintelix:

    1. Ingest the forensic JSON report into a Sintelix Network using a Structured Import.

    2. Ingest extracted files into a Sintelix Collection.

Access

The Sintelix Forensic Analysis Tool is available for download from MySintelix. Please contact support to request access to the Sintelix Forensic Analysis Tool installer.