Photo Forensics as a term will typically refer either to the profession dedicated to authenticating digital images to determine authenticity, or, it may refer to the capability of digital forensics software to find and identify photos.
ADF software does the later and offers investigators the ability to find digital photos on a computer or electronic device thereby quickly helping identify victims, suspects, or additional evidence.
In addition to simply finding photos, Digital Evidence Investigator® performs Photo Probability filtering to identify and score photos with a percentage probability score. This capability enables investigators to quickly filter out non-photographic graphic files such as icons or clip art.
Digital Evidence Investigator® (DEI) also provides a fast classifier which parses picture file types and filters them into one or more of eleven (11) visual classes which include:
- Bestiality
- Child Abuse
- People
- Pornography
- Portrait
- Scanned Document
- US Currency
- Upskirting
- Vehicle
- Weapon
- Others (various innocuous class types)
In a typical child exploitation case, for instance, each picture is processed by the Classifier in order to determine how likely it is to feature within a particular class and is given a probability score. A high visual class probability score indicates that the picture concerned is more likely to fall within that visual class. The ADF Classifier classifies automatically in the background as soon as the scan completes.
When ICAC Task Force professionals use ADF DEI or Triage-Investigator® to solve investigations on-scene or in the lab, they typically start by running a scan for Indecent Pictures of Children (IPOC) using one of eleven out-of-the-box Search Profiles. The four IPOC forensic scans are:
- Indecent Pictures of Children [ a.k.a. IPOC] (Quick): Runs all artifact Captures, except Email, collects pictures and video frames in web browser caches, and searches for common child exploitation keywords in file names and artifacts. Searches for P2P traces and files in the Skype caches.
- IPOC (Intermediate): Runs all artifact Captures, collects pictures and video frames in user folders, searches for common child exploitation keywords in user folders, and searches user folders for known has values. Searches for anti-forensic traces, remote access traces, and files in Skype caches. Collects protected files and more.
- IPOC (Comprehensive Speed Optimized): Runs all artifact Captures, collects allocated, embedded, and deleted pictures and videos using the Thorough Identification for Files Without Extension option. Searches for common child exploitation keywords, and searches for known hash values (Project VIC, CAID).
- IPOC (Comprehensive): Runs all artifact Captures, collects allocated, embedded, and deleted pictures and videos. Searches for common child exploitation keywords, and searches for known hash values (Project VIC, CAID). Searches for anti-forensics traces, remote access traces, P2P traces and files from Skype caches, and more.
Other articles related to Photo Forensics.