07 June 2022 - Mike Burridge VP Sales (North America) Announcement
29 March 2021 - Series A Funding Press Release
Cyacomb Examiner Plus
Mobile Device Triage
Cyacomb Examiner Plus (US)
Mobile Device Triage (US)
Cyacomb Forensics Benefits
Cyacomb Forensics Benefits (US)
Q&As - Cyacomb Forensics
What makes Cyacomb Forensics tools different?
Our cutting-edge block-level hashing technology is what makes Cyacomb tools different. This technology is incredibly Fast, extremely Simple to use, and very Thorough. We use our unique Contraband Filter Technology to rapidly scan digital devices for known illegal content. Our scan process is up to 100 times faster than traditional MD5 hash scans used by other tools. In addition, our scans also detect deleted files, in minutes, a process that takes hours and requires extensive digital forensic training with other tools.
What about mobile devices?
Cyacomb Mobile Triage in conjunction with the DataPilot DP10 brings our unique technology to mobile devices. Discover known illegal content on both Android and iOS devices in minutes. Cyacomb Mobile Triage is as simple and easy to use as our desktop applications and combined with the ruggedised DP10 is ideal for use in the field.
Why are Cyacomb Forensics tools so quick?
Our technology scans a computer hard drive for known data very quickly. It does up to 100 times faster than traditional methods. These traditional methods are known as ‘hashing’ or ‘hash-based searches’ because they use a ‘hash list’ as a reference data set.
Our technology uses a combination of block level hashing, the use of a Contraband Filter, and statistical sampling (along with a number of other novel, unique, and patented computer science techniques) to achieve such rapid scan speeds.
What’s Block Level Hashing ?
A hash is a digital fingerprint for a file stored on a digital device. Most traditional digital forensic software tools generate the hash (or digital fingerprint) for the entire file.
Our technology does something that sounds similar but is in fact very different, we break each individual file down into its component parts and give each part (or block) it’s own digital fingerprint. As we are hashing individual blocks the technique is called Block Level Hashing.
This methodology gives us huge advantages over the traditional methods both in terms of speed (up to 100 times faster than traditional methods) and the ability to detect illegal content that has been deleted.
What’s a Contraband Filter?
Instead of generating a hash list to use as a reference data set for searching, our technology uses an equivalent, proprietary format called a ‘Contraband Filter’. Contraband Filters are inherently secure and cannot be reverse engineered (on the dark web) to find the associated data which represents an additional attractive security benefit. They contain no personally identifiable information and can be shared freely amongst the law enforcement community.
What if the content is encrypted?
We are currently unable to scan encrypted content, few tools are able to do this. However as part of our scanning process, we automatically check for encrypted content and warn the user if we detect it. The user can then choose to either decrypt the content and re run the scan or seize the device for a more comprehensive examination.
How accurate are Cyacomb Forensics’ tools?
Our tools are incredibly thorough and accurate. But there is always a trade off between speed and thoroughness. That’s why we allow users to set the ‘Confidence Level’ of the scan. Choose between 95%, 99% and 99.9% confidence. The higher the confidence the slower the scan, but remember our scans run up to 100 times faster than anything else so you can afford to be even more thorough.
Can I scan multiple computers?
Cyacomb Forensics licences allow one instance of the licenced software to run on one computer during the time that the dongle is inserted. If the dongle is removed the current operation will be paused until the dongle is reinserted.
If you need to support scanning multiple computers, and a dongle-per-computer is inconvenient, please contact us to discuss your use case.
Why do I get different matches on every scan? (Different number of matches)
Cyacomb Forensics’ triage technique uses a statistical sampling method.
If you run the same scan on the same device, it’s expected that you may get a different number of matches on each scan.
Importantly the overall red/amber/green result will remain the same.
Can Cyacomb Examiner scan macOS devices?
Cyacomb Examiner will scan any drive that can be connected to a Windows PC as a physical drive.
This means that if you can mount APFS or HFS+ drives as physical devices on Windows, they can be scanned. Cyacomb Examiner can read the data even though Windows itself can’t interpret the file system.
However, if the mounted drive is encrypted, the underlying data cannot be read.
With HFS+ drives the file path of any hit will be recovered. The file paths for APFS drives cannot be recovered.
Cyacomb Examiner only shows 1,000 results in preview and in the report. Is it possible to show all results?
Cyacomb Examiner is designed for triage, and after 1,000 matching blocks, we assume that this device is a positive result and that additional details don’t provide additional value.
Will a bigger Contraband Filter slow the search?
The amount of content used to build a Contraband Filter has no effect on the speed of scans using the Contraband Filter.
This is the result of the mathematics used in the Contraband Filter format. A scan using a national database sized Contraband Filter will run at the same speed as a case-specific filter or a filter used for testing.
In some cases, you may notice a slowdown if the Contraband Filter does not fit into RAM.
How are blocks generated for different files? Is block size is fixed?
Multiple blocks per file are used when the Contraband Filter is built. The block size is fixed.
When large files (e.g. videos) are used to build a Contraband Filter, it is expected that Cyacomb Examiner may on occasion detect more than one block per file.
Cyacomb Safety Info
Cyacomb Safety Leaflet US
Cyacomb Safety Leaflet UK
23 August 2022 - Cyacomb Safety Launch
Cyacomb response to Dr Ian Levy Report
Ian Stevenson Bio
Safety Tech Challenge Fund Announcement
06 August 2021 - Gavin Cowie VP Engineering Announcement
29 March 2021 - Series A Funding Press Release
Cyacomb Safety Whitepaper
Q&As - Cyacomb Safety
What makes Cyacomb Forensics tools different?
Our cutting-edge block-level hashing technology is what makes Cyacomb tools different. This technology is incredibly Fast, extremely Simple to use, and very Thorough. We use our unique Contraband Filter Technology to rapidly scan digital devices for known illegal content. Our scan process is up to 100 times faster than traditional MD5 hash scans used by other tools. In addition, our scans also detect deleted files, in minutes, a process that takes hours and requires extensive digital forensic training with other tools.
What about mobile devices?
Cyacomb Mobile Triage in conjunction with the DataPilot DP10 brings our unique technology to mobile devices. Discover known illegal content on both Android and iOS devices in minutes. Cyacomb Mobile Triage is as simple and easy to use as our desktop applications and combined with the ruggedised DP10 is ideal for use in the field.
Why are Cyacomb Forensics tools so quick?
Our technology scans a computer hard drive for known data very quickly. It does up to 100 times faster than traditional methods. These traditional methods are known as ‘hashing’ or ‘hash-based searches’ because they use a ‘hash list’ as a reference data set.
Our technology uses a combination of block level hashing, the use of a Contraband Filter, and statistical sampling (along with a number of other novel, unique, and patented computer science techniques) to achieve such rapid scan speeds.
Didn't find what you were looking for? Ask the Expert
Please enter your details below to download your resource
