The Digital Forensic Expert is a specialist in forensic acquisition, processing, and analysis of digital evidence within EDT. Their daily work centres on maintaining chain of custody, verifying data integrity through hash values, processing forensic images and electronic evidence containers, and extracting metadata to support investigations. They ensure that evidence is handled in a forensically sound manner from ingestion through to production.
| EDT Feature | How Do I... |
|---|---|
| Login & Authentication | Log in to the platform to begin a forensic examination session? |
| Terms & Conditions | Accept the platform terms of use required before accessing case evidence? |
| Site Home Page | Navigate to the platform landing page and locate my assigned forensic cases? |
| Case List | Find a specific forensic case by case number or exhibit reference? |
| My Cases View | Quickly access the forensic cases I am currently working on? |
| Case Home Page | Navigate within a forensic case to locate the Import tab and evidence views? |
| Tabs | Switch between Import, Prepare, and Analysis tabs during forensic processing? |
| Workspaces | Set up a workspace tailored to forensic triage with hash fields, file type views, and metadata panels? |
| Views | Open multiple views to compare forensic image contents against original source inventories? |
| Filters Panel | Filter records by file type, hash value, or custodian to isolate specific evidence? |
| Layout Panel | View metadata fields such as MD5 hash, file path, and creation date for an individual record? |
| User Profile Settings | Configure my display preferences for working with large forensic data sets? |
| Case Profile Settings | Set case-specific preferences such as auto-run search and date format for this examination? |
| Keyboard Shortcuts | Use keyboard shortcuts to navigate quickly through large volumes of forensic evidence? |
| Share via Email | Email a link to a specific evidence record to a colleague for forensic consultation? |
| Notifications | Monitor the progress of a large forensic image import or processing job? |
| About Dialog | Review case summary details including disclosure dates and case reference numbers? |
| Help & Links | Access the online help documentation for forensic processing features? |
| EDT Feature | How Do I... |
|---|---|
| Staging Tab | Upload a forensic image (E01/AD1) to the staging area for processing? |
| Itemisation Logs | Profile the contents of a forensic container before importing to understand its structure? |
| Item Kinds & Types | Assess the file type composition of a forensic image to identify expected and unexpected file types? |
| Assign Custodian | Assign a custodian to a forensic image to maintain chain of custody attribution? |
| Import Unprocessed Files | Process a forensic image through EDT's full extraction pipeline with metadata and text extraction? |
| Import Load Files | Import a load file from a third-party forensic tool into EDT for further analysis? |
| Simplified Load File Import | Use a streamlined import for pre-processed forensic exports with an import template? |
| Import Cellebrite | Import mobile device forensic data from a Cellebrite UFDR extraction? |
| Import QA (Reimport) | Reimport specific records that failed initial processing to resolve extraction errors? |
| Create Record | Manually add a single piece of evidence such as a forensic report or chain of custody document? |
| Import Templates | Save an import configuration for a standard forensic image processing workflow? |
| Container Expansion | Ensure all nested containers within a forensic image are fully expanded and extracted? |
| Full-Text Extraction | Extract searchable text from all files within a forensic image for keyword searching? |
| Metadata Extraction | Extract and verify document metadata including dates, authors, and file system properties? |
| EXIF Data Extraction | Extract geolocation and camera metadata from photographs found in a forensic image? |
| File Type Detection | Verify that file type detection has correctly identified files regardless of their extension? |
| DeNISTing | Remove known system and application files from the evidence set using NIST NSRL hash matching? |
| Password Handling | Attempt decryption of password-protected files found during forensic processing? |
| Hard Deleted Recovery | Recover permanently deleted emails from PST and OST files in the forensic image? |
| Malware Scanning | Confirm that imported evidence has been scanned and any malware-infected files quarantined? |
| Automated Import via API | Set up automated ingestion of forensic data packages via the EDT API? |
| EDT Feature | How Do I... |
|---|---|
| QA Tab | Review all processing issues from a forensic image import organised by error category? |
| QA Status Error Messages | Diagnose why specific files from a forensic image failed to process correctly? |
| QA Tab Actions | Remediate individual records that encountered errors during forensic processing? |
| QA Reports | Generate a report documenting all processing issues and resolutions for the forensic examination record? |
| Duplicate Detection | Identify and manage duplicate files found across multiple forensic images from the same custodian? |
| Duplicates View | Investigate MD5 hash-based duplicates to determine which copy is the original evidence source? |
| OCR | Run OCR on scanned documents recovered from a forensic image to make them searchable? |
| Noisy Text Detection | Identify and suppress repeated email disclaimers that clutter forensic search results? |
| Logo Detection | Flag logo images in emails as irrelevant to reduce noise in the forensic evidence set? |
| Spam Detection | Identify spam emails within a forensic image to separate them from substantive evidence? |
| Alias Detection (Name Normalisation) | Normalise name variants across email headers to accurately map a suspect's communication activity? |
| Language Detection | Identify the languages present in evidence to determine if foreign language translation is needed? |
| PII Detection | Detect personal identifiable information in evidence for regulatory compliance awareness? |
| Named Entity Recognition (NER) | Extract names of people, places, and identification numbers from evidence documents? |
| Pattern Recognition | Apply regex patterns to detect phone numbers, financial account numbers, or other structured data across evidence? |
| Flagrant Image Detection | Identify violent or prohibited image content within a forensic image to protect reviewers? |
| Object Detection in Images | Classify objects detected in photographs recovered from a forensic image? |
| Container Management | Track which forensic containers have been expanded and ensure containers are suppressed from exports? |
| Suppression | Suppress irrelevant system files from the evidence set without permanently deleting them? |
| Move to Folder | Segregate forensically significant records into a dedicated evidence folder? |
| EDT Feature | How Do I... |
|---|---|
| Search Bar | Search for all files from a specific forensic image by hash value or source path? |
| Filters Panel | Filter evidence records by file type, date range, and custodian to isolate relevant artefacts? |
| Advanced Search | Build a complex Boolean query combining hash values, date ranges, and file types for forensic analysis? |
| Saved Searches | Save a forensic search query for reuse across multiple examination sessions? |
| Search History | Review my previous forensic search queries to document the examination methodology? |
| Word Variations | Expand a keyword search to include linguistic variations of a forensic search term? |
| Document ID Filter | Look up a specific evidence record by its EDT Document ID or original file path? |
| Document ID Lists | Upload a list of document IDs from an external forensic tool to locate matching records in EDT? |
| MD5 Lists | Upload a list of known hash values to identify matching files across the entire case? |
| Location Filter | Navigate the hierarchical folder structure of a forensic image to explore source data by original location? |
| Alias Recipient "Only" | Find private communications between two specific individuals identified during the forensic examination? |
| Sample from Saved Search | Take a random sample from forensic search results to verify processing accuracy? |
| EDT Feature | How Do I... |
|---|---|
| Case Creation | Create a new forensic examination case with appropriate naming, reference number, and time zone? |
| Case Templates | Start a forensic case from a template that includes standard forensic processing configurations? |
| Case Lifecycle | Understand the lifecycle stages a forensic case goes through from creation to archival? |
| Custom Tabs | Request a custom tab layout that supports the forensic examination workflow? |
| Workspaces | Configure a forensic triage workspace with views for hash values, metadata, and file types? |
| Fields | Understand the system and custom fields available for recording forensic metadata? |
| Tags | Use the tag hierarchy to classify evidence by forensic category (e.g., relevant, privileged, encrypted)? |
| Layouts | Review the coding layout used to record forensic findings against individual records? |
| Folders | Organise evidence into folders that reflect the forensic image source structure? |
| Quarantine Folders | Isolate legally privileged records discovered during forensic processing into a quarantine folder? |
| Document Sets | Create a document set grouping key forensic exhibits for presentation? |
| Groups & Permissions | Understand which permission groups control access to forensic evidence and processing functions? |
| Case Settings | Review case settings relevant to forensic processing such as time zone and date format? |
| Coding Rules | Understand how coding rules automatically populate forensic classification fields? |
| Case Rules | Understand how case-level rules reflect the overall status of the forensic examination? |
| Import Rules | Review the import validation rules that enforce forensic data quality during ingestion? |
| Export Rules | Understand the rules that prevent accidental export of privileged forensic evidence? |
| EDT Feature | How Do I... |
|---|---|
| Concepts View | Discover the dominant themes and topics present in the forensic evidence set? |
| Clusters Tab | Identify groups of textually similar documents within the forensic evidence for targeted review? |
| Communications View | Map communication patterns between individuals identified in the forensic examination? |
| Timeline View | Visualise the date distribution of evidence to identify periods of heightened activity or data gaps? |
| Chronology View | Build a chronology of key events identified during the forensic examination? |
| Custodians View | Assess how evidence is distributed across custodians to understand data volumes per source? |
| File Types View | Analyse the file type composition of forensic evidence to identify unusual or unexpected formats? |
| Detected Languages View | Review the languages detected across the forensic evidence set? |
| File Size View | Identify unusually large or small files that may warrant closer forensic examination? |
| Named Entities View | Discover key people, places, and identifiers mentioned across the forensic evidence? |
| Detect Sentiment | Identify emotionally charged communications that may be forensically significant? |
| Record Clustering | Group forensic evidence by textual similarity to identify related document clusters? |
| Similar Content View | Find near-duplicate documents across the forensic evidence set? |
| Compare Records View | Compare two versions of a document side-by-side to identify alterations or tampering? |
| Email Threading | Trace the complete thread of an email conversation recovered during forensic processing? |
| Detect Concepts | Extract key concepts from the forensic evidence for thematic understanding? |
| EDT Feature | How Do I... |
|---|---|
| Generate Summaries | Generate AI summaries of lengthy evidence documents to accelerate forensic triage? |
| Continuous Active Learning (CAL) | Leverage machine learning to prioritise forensically relevant records in a large evidence set? |
| Detect Concepts | Use NLP to identify key themes across evidence extracted from a forensic image? |
| Detect Sentiment | Detect the emotional tone of communications recovered during forensic processing? |
| Detect Languages | Identify all languages present in evidence from a forensic image? |
| Named Entity Recognition | Automatically extract names, places, and identification numbers from forensic evidence? |
| Detect Logos | Identify and suppress logo images found in email evidence from a forensic image? |
| Detect Flagrant Images | Flag violent or prohibited image content found within forensic evidence? |
| Detect Objects in Images | Classify objects in photographs recovered during forensic acquisition? |
| Record Clustering | Group forensic evidence by textual similarity to support thematic analysis? |
| Transcription | Transcribe audio and video evidence files recovered from a forensic image? |
| Translation | Translate foreign-language evidence documents identified during forensic processing? |
| Pattern Recognition | Apply pattern recognition to detect structured data such as financial identifiers across evidence? |
| Alias Detection | Automatically group name variants to accurately identify individuals across forensic evidence? |
| Spam Detection | Identify spam emails within forensic data to separate substantive from non-substantive evidence? |
| Intelligent Processing | Enable all AI and NLP detection capabilities during forensic image import? |
| OCR | Convert image-based documents from a forensic image into searchable text? |
| EDT Feature | How Do I... |
|---|---|
| Export Wizard | Configure an export of forensic evidence for disclosure or inter-agency sharing? |
| Export Types | Select the appropriate export format for sharing forensic evidence with external parties? |
| Export Templates | Save an export configuration for a standard forensic evidence production? |
| Native Export | Export original native files from the forensic evidence set? |
| Text Export | Export the extracted text of forensic evidence for external keyword analysis? |
| PDF Export | Generate PDFs of forensic evidence records for inclusion in court bundles? |
| TIFF/JPEG Export | Export image-based productions of forensic evidence at the required resolution? |
| Production IDs | Assign production numbers to forensic evidence records for formal disclosure? |
| ID Stamping | Stamp document identifiers onto forensic evidence productions? |
| Page Number Stamping | Add page numbers to multi-page forensic evidence productions? |
| Endorsement Stamping | Apply classification stamps such as "Exhibit" or "Confidential" to forensic productions? |
| Markup in Export | Include or exclude redactions and annotations when exporting forensic evidence? |
| MS Office Settings | Configure how tracked changes and hidden content in Office documents are rendered in forensic exports? |
| Field Selection | Select which metadata fields to include in the forensic evidence load file? |
| Placeholders | Handle exceptions in forensic productions such as encrypted or corrupted files? |
| Cover Letters | Generate a cover letter for a forensic evidence disclosure package? |
| Manual Order | Reorder forensic evidence records in a specific sequence before export? |
| Export Verification | Verify a completed forensic evidence export against expected contents? |
| Export Package Viewer | Review the forensic evidence production as it will appear to the recipient? |
| Error Logs | Download the error log for a forensic evidence export to resolve issues? |
| Run as New | Re-run a forensic evidence export after correcting configuration errors? |
| Exports Page | View the history of all forensic evidence exports from this case? |
| Export to Case (Simplified) | Quickly copy forensic evidence to another case for a related investigation? |
| Export to Case (Full) | Perform a controlled migration of forensic evidence to another case with field mapping? |
| Image Generation | Generate PDF or TIFF renditions of forensic evidence with stamps and placeholders? |
| Grid Download | Download an Excel report of forensic evidence with optional attached files? |
| Print Records | Combine forensic evidence records into a single PDF for physical production? |
| Australian Court-Compliant Export | Export forensic evidence in Australian Federal Court compliant format? |
| Exhibit List Generation | Produce an exhibit list of forensic evidence for hearing preparation? |
| EDT Feature | How Do I... |
|---|---|
| Report Builder View | Build a custom report showing the forensic evidence breakdown by file type, custodian, or date range? |
| Grid Download | Download a filtered list of forensic evidence records to Excel for external reporting? |
| Chronology View | Present a forensic examination timeline of key events in table or calendar format? |
| PDF Presenter | Present forensic evidence documents side-by-side during a hearing or briefing? |
| Exhibit Lists | Produce a numbered exhibit list of forensic evidence for court proceedings? |
| Case List Report | Download a report of all forensic cases for portfolio oversight? |
| Case Stats | View case-level statistics for a forensic examination including record counts and processing status? |
| QA Reports | Generate a quality assurance report documenting all processing issues from the forensic examination? |
| Import Details | Review the detailed import summary for a forensic image processing job? |
| Export Summary | Review the settings and results of a forensic evidence production? |
| Participant Download | Download a list of participants associated with the forensic case? |
| Audit Reports | Generate an audit report documenting all activity on the forensic case for evidentiary purposes? |
| Review Pool Reports | Check the progress of forensic evidence review assignments? |
| Record Audit | View the complete audit trail of a specific forensic evidence record? |
| Download Charts as PNG | Export forensic analysis charts as images for inclusion in examination reports? |
| Print Records | Print a set of forensic evidence records as a combined PDF? |