Cyan Forensics

Rapid Digital Forensic Triage

Rapid Digital Forensic Triage allows investigators to discover indecent images of children and terrorist material on suspect electronic devices in minutes. Finding evidence fast helps investigators make better decisions to protect the public. Within a process to assess risk, this triage reduces the number of devices seized and overall workload.

Features

  • Fast search and rapid triage for IIoC and terrorist material.
  • Easy to use, even for non-expert users.
  • Simple ‘red/amber/green’ result plus interactive views and detailed reports.
  • Integrates with existing databases of illegal or indicative content.
  • Uses existing categorisation methods and results.
  • Forensic tools can be used standalone, without any network connection.
  • Support for write-blocked, bootable or live analysis of suspect devices.
  • Secure Contraband Filter file format for use in the field.
  • Finds files that have been deleted with no speed penalty.
  • Detects encryption and encrypted content that cannot be scanned.

Benefits

  • Find evidence in minutes, even in a suspect’s home.
  • Enables smarter device seizure decisions, reducing volumes in forensic labs.
  • Find evidence fast to present to suspects at first interview.
  • Gain rapid insights into ever-increasing volumes of data in investigations.
  • Faster and more comprehensive than traditional triage approaches.
  • Built on scientific methods with demonstrable statistical performance.
  • Extend use of existing databases into Forensic Triage (leveraging investments).
  • Safe/secure Contraband Filter format: for third-party sharing, field-use and distribution.
  • Supports mainstream computing devices: PCs, laptops, flash-drives and external drives.
  • Supports various disk/partition types, filesystems, and image formats for preview.

Pricing

£220.000 per unit per year

Service documents

Framework

G-Cloud 11

Service ID

4 0 8 5 1 4 4 3 9 6 5 0 4 8 6

Contact

Cyan Forensics

Ian Stevenson

0131 608 0195

Ian.Stevenson@cyanforensics.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Child Abuse Image Database (CAID)
Cloud deployment model
Private cloud
Service constraints
There are a number of technical dependencies depending on the deployment model selected. Details can be found in the service definition document.
System requirements
Minimum software specification, please see the service definition document.

User support

Email or online ticketing support
Email or online ticketing
Support response times
4 working hours for Priority 1 issues. See service definition document for full details.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Cyan Forensics standard support is offered between the hours of 9am - 5pm Monday to Friday excluding Bank Holidays, via a designated web portal. Additional support options are available, and the company can tailor a package to meet customer requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The service includes initial training for administrators, and online training for service users. See service definition document for full details.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data held in this system is either (a) exported regularly as part of routine operations or (b) provided by other systems. Cyan Forensics will work with the customer to explore any additional needs to extract data at contract end.
End-of-contract process
Cyan Forensics will work with the customer team on any required off-boarding process, including shutting down services and extracting/archiving data.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Administrative interface only.
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
An API is provided to update the system with new contraband material. Other APIs can be made available on request.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customisation is available for a variety of options including how data is ingested, exported and searched.

Scaling

Independence of resources
Each deployment is specific to one customer.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate data at rest privacy requirements and ensure an appropriate configuration is implemented.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is exported in Cyan Forensics' Contraband Filter format. Some exports can be made in Project VIC JSON format.
Data export formats
Other
Other data export formats
Project VIC JSON.
Data import formats
Other
Other data import formats
Category information can be added using Project VIC JSON format.

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Data is not transmitted to or from our network.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate availability objectives and ensure an appropriate configuration is implemented. Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.
Approach to resilience
Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.
Outage reporting
Dependent on customer infrastructure.

Identity and authentication

User authentication needed
Yes
User authentication
Other
Other user authentication
Any available Microsoft Active Directory authentication method.
Access restrictions in management interfaces and support channels
Customer defines access control via Active Directory user configuration.
Access restriction testing frequency
At least once a year
Management access authentication
Other
Description of management access authentication
Any available Microsoft Active Directory authentication method.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We ensure data confidentiality, integrity and availability through a robust combination of policies, processes and independent evaluation.
Information security policies and processes
Cyan Forensics has policies and processes for IT Security and Data Protection which comply with and exceed Cyber Essentials and GDPR requirements. These policies are available for review on request. Any additional requirements can be met by mutual agreement with the customer.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to the system are vetted and prioritised by the business. Changes are implemented by one member of the development team and reviewed by another. All changes to the system are tracked and can be individually traced. Development and testing of the product is undertaken following an internal process that covers the full development lifecycle (from initial idea through to final customer release).
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability reporting is actively managed through our support channels. New releases are planned and emergency releases can be deployed to all registered users.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Given that most clients manage their deployments in private environments, this is usually a client responsibility. However, our product does keep audit logging of important changes to the system in a usable format to be imported into a monitoring system.
Incident management type
Supplier-defined controls
Incident management approach
Given that most clients manage their deployments in private environments, this is usually a client responsibility. Any issues reported to us through support channels will be addressed in line with support guidelines as detailed elsewhere.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£220.000 per unit per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑