Learn what inspired the development of ArtifactIQ by Grayshift and how it can help you get access to actionable intelligence within minutes.
Director, Digital Forensics
Time is of the essence. You may have heard our Digital Forensic Specialist team say those five words repeatedly, through other blog posts, or even during live presentations. Digital Forensic Examiners and Investigators alike have experienced extended wait times during investigations, especially when they involve technology – and to be even more specific, digital forensics processes. It should not be this way, especially since smartphones are easily the most critical part of our investigations.
My team focuses on providing you with information with the end goal of making you aware of mobile forensic challenges and how to overcome them with as little resistance as possible. As previous law enforcement professionals, we know that every bit of information helps. As such, we have had the pleasure of traveling globally and meeting with investigators and examiners from all around the world, discovering their workflows, and uncovering the similarities of technical inefficiencies they all experience daily.
It’s Time To Move On From Slow Legacy Systems
Digital forensic units are plagued by the same challenges, whether your unit is large or small, and they are tough to overcome. Many, if not all of them, are systematic and thought of as – “just the way things are.” Why can’t we adapt and overcome in the digital forensics space like the rest of the divisions within our agencies? I tend to believe that we depend heavily on the tools provided to us for mobile device extraction and analysis because most of us do not have the time or the energy to develop custom scripts and programs. This workflow has pushed us to use legacy systems that help provide answers but take their time in doing so.
What if I told you there was a better way to get the vital data you need to move forward for faster case resolution? If I were still in law enforcement, this would be music to my ears.
Don’t Settle For Anything Less Than Speedy Time To First Fact (TTFF)
Before we dive into what we have been developing, let’s talk about Time to First Fact (TTFF) and how important this concept is. To put it simply, this is the amount of time it takes between the start of a device data extraction and when the data is available for review. The traditional digital forensics workflow despises the TTFF concept, requiring you to first extract the contents of a device in their entirety, which can take hours – sometimes days – to complete, depending on the size of the extraction. After the extraction, the data needs to be imported into an analysis tool and parsed, which can take an additional day, or two, depending on the hardware used and a few other variables. We are talking days and, in some cases, weeks before investigators can leverage the data they need to move forward in a case. None of this may be of a surprise to you, especially if you have been in the industry for a long time.
ArtifactIQ by Grayshift: It’s All About Speed And Collaboration
Let’s get to it. We plan to get you access to actionable intelligence within minutes through ground-breaking investigative technology. ArtifactIQ by Grayshift is our newest product, designed by law enforcement and a brilliant team of technologists who support your mission and want you to succeed. When my team and I initially met with the Grayshift team responsible for building this revolutionary product, we walked them through a laundry list of problems impacting the traditional digital forensics workflow. They quickly understood the need for ArtifactIQ and focused heavily on speedy turnaround times; thus, quick TTFF was born. ArtifactIQ is built around speed, really homing in on the importance of quickly obtaining actionable intelligence, with a current average of just under five minutes. We accomplish this through our existing GrayKey hardware and a seamless connection to ArtifactIQ.
The development team’s focus behind ArtifactIQ did not stop there – they wanted to learn more about collaboration and the entire process of handling a smartphone extraction after it was acquired. When my team and I walked them through the workflow from start to finish, it was clear to everyone in the room that collaboration and sharing were other priorities for ArtifactIQ. I am excited to say that they listened to our struggles surrounding team collaboration and implemented something extraordinary into the product: the ability to invite other individuals into the experience, allowing them to review important artifacts together and tag items of interest – as a team. You have heard the saying, “one man’s trash is another man’s treasure,” and this is all too true in digital investigations. As examiners, we would like to think that we know everything about a particular case and what a requesting investigator is looking for. Unfortunately, this is not always the case, and we risk overlooking key evidence during our analysis. So, we decided it was best that all involved parties have immediate access to the data.
We hope that you get to experience ArtifactIQ by Grayshift and discover the new digital forensics workflow, designed to overcome the challenges that have interrupted technical investigations since the beginning. Remember, time is of the essence.
© 2022. Grayshift, LLC. All rights reserved. Proprietary and confidential.
