Exploring Inspector 10.2: Timeline, OCR, and Tagging
Cellebrite Inspector 10.2 introduces a wealth of new features to help investigators with their cases. Some key features to note include: timeline, optical character recognition, and tagging. After many years of conducting corporate digital intelligence examinations, I am excited to highlight these new features and review them from a corporate-case perspective.
The timeline view is a huge addition to Cellebrite Inspector. When investigating most employment cases, the first thing I would do is start examining activity as far back as six months before the employee was terminated or left the company.
Timeline view allows you to easily focus on all activities during a certain time period. You can see and sort by all timestamps for each artifact, and with the timeline view, you can narrow down activity for specific dates and times.
The timeline view also displays the file path, so you can easily view the file in the File Browser and investigate further. Not only can you view all activities, but you can also focus on certain artifacts.
For example, if you were interested in a specific file and wanted to see the activity for those files, I can narrow the timeline view for files only. It’s our job as digital investigators to connect the dots and verify our tool. The timeline view allows us to access more information in one place to help us kick start our investigations.
Optical Character Recognition
Optical character recognition (OCR) is used to recognize text rendered in an image-type format, in scanned documents (PDFs), and in photos. It is a powerful tool for converting unsearchable documents into a searchable format.
For corporations, PDFs are common, whether a person finalized a document or scanned a letter and saved it as a PDF. Without OCR, the data in these documents may be missed while running a content search, which only queries plain text data.
OCR is useful in reviewing tools for examining search hit results and running keywords against documents that do not render in plain text. In employment cases, OCR is essential for identifying proprietary and important documents that a former employee may have copied or taken prior to leaving employment. After working years of corporate digital intelligence investigations, I have seen OCR make the review process quicker than ever.
Upon adding your evidence using Cellebrite Inspector 10.2, you can choose to process OCR. This converts recognized text data from PDFs, photos, and scanned documents, allowing it to be queried by index search or content search with the selected deep search option. In addition, you can filter for entries with OCR image text within the file filter view.
After you process, search, and filter for files containing OCR image text, you can then export those files to Cellebrite BlackBag Portable Case to share with your client for offline legal review.
When tagging items within Cellebrite Inspector, you were presented with the File Metadata window, where you can choose which metadata you would like to report on for the selected item.
With Cellebrite Inspector 10.2, you can now edit tags to choose the metadata you would like to include for all files under each tag. In my experience, when investigating hacking cases, you need a simple way to easily tag malicious software to include important metadata like the MD5 hashes, the date and time the software was added, the last run date, file path, and much more.
With Cellebrite Inspector 10.2, updating a tag’s content to apply immediately to each item using that tag makes it faster and easier to edit your reporting and compare files.
Learn more about Cellebrite Inspector here. To download the latest version of Inspector 10.2, visit the My Cellebrite Community portal.
About The Author:
Alexi Michaels brings experience to BlackBag, a Cellebrite Company, as a digital forensic examiner at a consulting company in Philadelphia. She worked for years collecting, imaging, and analyzing digital evidence in internal investigations, intellectual property theft, employment litigation, and hacking cases. Lexi’s skills have been utilized in high-profile cases involving public figures.
As Lexi developed her field experience, it built her desire to teach in the digital intelligence community to serve examiners by increasing their case-analysis expertise. She holds a bachelor’s degree in Digital Forensics from the Bloomsburg University of Pennsylvania.