In this short 5 minute video, you'll learn how to filter digital forensic scan results in ADF software. Filtering is available in any table while analyzing any of your scan results. In this how-to video, we'll look at:
- Browsing History
- Pictures and Video
- Photo Probability
- Visual Class
ADF software is built for front-line field investigators and for forensic lab examiners who want to quickly triage digital devices (iOS, Android, Mac, Linux, Windows and computer devices such as USB devices, SD cards, etc.). Filtering enables investigators to quickly view and document evidence and make informed decisions.
Browsing History
Filtering is achieved by selecting the Filter button on the function toolbar. This will open the filter pane and present filters for the current view. After selecting a filter click the Apply button on the bottom of the Filter Pane.
To remove the filter, click the icon on the filter above the table view or click the icon next to the filter in the filter pane. Each table view will have its own set of filters depending on the type of records displayed. Some fields can be filtered by pre-set values or by entering text. If text is entered into the “Enter text” field the magnifying glass button within the field must be clicked, and then click Apply.
Active Filters are shown next to the column name that has been filtered (represented by the icon). The filter can be removed by clicking on that icon. Active filters are also shown on the top of the columns with the icon. These filters can be removed by clicking on that icon.
Clicking the Path option allows the results to be filtered by path. A selected folder indicates that all the items within that folder and any sub folders are selected. A black check box indicates a partial selection. Clicking the > icon will display sub folders. When the desired folders have been selected click on Apply.
Enhanced Filtering Pictures & Videos
Within the Pictures view or Capture view it is possible to filter within a Picture Width and Picture Height range. EXIF data such as Make, Model, Camera Serial Number, Date/Time and GPS Coordinates can also be filtered here.
Photo Probability
Photo Probability filtering is applicable to all pictures within the Picture File Types group. The Photo Probability score indicates how likely it is that the file is a photograph. Files with a score of 70% or more are highly likely to be a photograph as opposed to other graphic file types such as icons and ClipArt or similar. The Picture and Capture views can be sorted based on the Photo Probability score, allowing non-photographic graphic files to be quickly removed from the displayed results.
Visual Class
If the scan results have been partially or entirely processed by the Classifier, picture file types may be filtered by one or more of 11 visual classes. The visual classes are:
- Bestiality
- Child Abuse
- Others (various innocuous class types)
- People
- Pornography
- Portrait
- Scanned Doc
- US Currency
- Vehicle
- Weapon
- Upskirting
Each picture is processed by the Visual Classifier in order to determine how likely it is to appear within a particular class and is given a probability score. A high visual class probability score indicates that the picture concerned is more likely to fall within that visual class.
Assigning a visual class score is not an exact science and some pictures may appear to be mis-classified. However if the scan results include pictures that would correctly fall within a particular class, in most tests, filtering that class to show the top 15% would result in the filter displaying pictures belonging to that class. Visual class scores can be adjusted in 5% increments.
The Classifier automatically commences in the background as soon as the scan completes. Classifier progress is signified by the Yellow line around the Classifier icon. The classifier will use system resources and can be paused if classification is not required for your specific investigation.It can also be resumed at any time.
