Investigate Media More Efficiently with Smarter Tools: From Magnet.AI to OCR

Working through large-scale media collections can be challenging and we’ve heard from the community that it would be great if we could do more to support the reduction of immaterial media during an investigation. We’ve heard you loud and clear! We’ve taken three steps to improve the efficiency of analyzing media in AXIOM: classifying icons and systems graphics via Magnet.AI, Optical Character Recognition (OCR) scanning for email attachments, and more filter options in media explorer.  

If you haven’t tried AXIOM or AXIOM Cyber yet, request a free trial here.   

Cut Through the Noise 

Unpacking media collections can not only be a time-consuming task, but also a daunting one. It certainly doesn’t help that there’s a significant number of immaterial media items such as system and app icons and other system related graphics. In one of the real datasets that we tested (Windows 450GB image), there was over 600,000 media items on the drive. Even with smart filtering, key-word searches, etc., that’s still a lot of ground to cover and a lot of immaterial media or “noise”.  

To help cut through the noise, we’ve leveraged the power of Magnet.AI with some impressive results. In our test of a Windows image, Magnet.AI tagged over 300,000 icons, effectively reducing the number of media items requiring review by ~50%. Examiner review time, instead of being spent disqualifying non-relevant media, can now be better focused on more meaningful action, such as categorizing pertinent media and reviewing more case-relevant material.  

In our second internal test analyzing a GrayKey full-file system image (21.3GB), there were over 48,000 media files of which ~31,000 were flagged as icons and system related graphics. That’s almost 2/3rds of the media on the device, which translates to a lot of time saved, and more importantly, a lot of immaterial media that can be disqualified.   

For more on Magnet.AI, check out these Tips & Tricks with Trey Amick to save time in your investigations. 

Scan Email Attachments for Keywords 

Picture files and .pdfs are common email attachments that can benefit from OCR scanning to extract text for keyword searching, while reducing manual review effort. OCR scanning of email attachments has benefits across the board, whether it’s pulling keyword hits from images of playlists emailed between users in ICAC investigations, or images of customer contact information emailed from a business to a personal account. Being able to extract keywords from email attachments, however, can be of particular value during a fraud and identity theft investigations. Now keywords can potentially be pulled from emailed pictures, screen shots, and .pdfs of stolen IDs, hacked user accounts, and even doctored contracts and/or insurance forms.    

In AXIOM and AXIOM Cyber, examiners can filter for files that have OCR output, so all OCR related material can be reviewed quickly in the Artifacts view. Now, email attachments with OCR output will also be included in this view. The text extracted from OCR can then inform global keyword searches for both the processed artifacts (using the search bar in AXIOM) or for more intensive byte-for-byte searches via keyword post-processing.    

Regardless of the case type, examiners will have more information at their fingertips to inform keyword searches, and to do it all in one case with greater ease.  

Read more about OCR and check out the how-to video with Tarah Melton in “Using Optical Character Recognition (OCR) with AXIOM”. 

Filter More with Media Explorer 

Even though the new media explorer for AXIOM was just released last month, there’s some new updates to help filter media, review media items quickly, and be more targeted during an investigation.  

Enhanced filtering is available for media explorer: the improved “social media patterns” filter will provide more detail to the examiner on which social media platform the image potentially matches. This filter could help inform an examiners cloud investigation strategy by inferring which social media platforms a user may be most commonly using/frequenting.  

Another improvement for media explorer is a quick image and video viewer. In media explorer, examiners already have the ability to hover over images and videos for quick scrubbing, but now we’ve added additional enhancements for viewing the data. Users can preview content in media explorer by double clicking on any item to see a high-resolution preview. When double clicking on videos, the users will see a larger preview window where examiners can view the video at full screen resolution. When double clicking on pictures, the picture will appear in a brand-new image viewer that includes simple editing and image manipulation tools to view and enhance images. Users can also export snapshots of the image without changing the original evidence.  

The improvements to media explorer offer examiners more flexibility and better abilities to quickly target the relevant information they are searching for, with new tools to review surfaced media efficiently.   

Read more about media explorer and check out the how-to video with Trey Amick in his blog, “The All-New Media Explorer in Magnet AXIOM 5.0“.  

Streamline Your Media Investigations with AXIOM 

With AXIOM, we’re always working to optimize the workflow and the ability to efficiently examine more evidence in one case. In this case, these improvements really aim to reduce the amount of noise and frustration examiners face when slogging through immaterial and irrelevant media or manually reviewing email attachments for text-based information.  

Make sure you’re upgrading to the latest version of AXIOM to take advantage of all the recent updates and releases. You can upgrade to the latest version of AXIOM & AXIOM Cyber within AXIOM & AXIOM Cyber or over at the Customer Portal.