Information for experts: How Cyan Forensics’ tools work, and what they can and can’t do.
Cyan Forensics’ tools are designed to answer the question “is there any content matching the Contraband Filter (database) on this drive?”.
Simple enough, but as a forensics expert you will need to know:
- how the tools actually work,
- what they can and can’t achieve, and
- how to test them.
This document covers these points in some depth.
This information will help you in evaluating the tools, testing them, deploying them effectively, and validating and verifying their performance.
Given the commercially sensitive nature of this information, access is by invite only.
This document contains:
- Basis of Operation
- Key Concepts
- The Contraband Database
- Creating a Contraband Filter
- Running a Scan
- Capabilities
- Physical Media Types
- Partition and Filesystem Types
- Unrecognised Partitions and Unpartitioned Space
- File Types
- Limitations
- Statistical Process
- Positive Results
- Negative Results
- Characteristics of Files
- Characteristics of Disks and Partitions
- Scan Performance
- Contraband Database & Filter Creation Performance