Rapid Digital Forensic Triage allows investigators to discover indecent images of children and terrorist material on suspect electronic devices in minutes. Finding evidence fast helps investigators make better decisions to protect the public. Within a process to assess risk, this triage reduces the number of devices seized and overall workload.
- Fast search and rapid triage for IIoC and terrorist material.
- Easy to use, even for non-expert users.
- Simple ‘red/amber/green’ result plus interactive views and detailed reports.
- Integrates with existing databases of illegal or indicative content.
- Uses existing categorisation methods and results.
- Forensic tools can be used standalone, without any network connection.
- Support for write-blocked, bootable or live analysis of suspect devices.
- Secure Contraband Filter file format for use in the field.
- Finds files that have been deleted with no speed penalty.
- Detects encryption and encrypted content that cannot be scanned.
- Find evidence in minutes, even in a suspect’s home.
- Enables smarter device seizure decisions, reducing volumes in forensic labs.
- Find evidence fast to present to suspects at first interview.
- Gain rapid insights into ever-increasing volumes of data in investigations.
- Faster and more comprehensive than traditional triage approaches.
- Built on scientific methods with demonstrable statistical performance.
- Extend use of existing databases into Forensic Triage (leveraging investments).
- Safe/secure Contraband Filter format: for third-party sharing, field-use and distribution.
- Supports mainstream computing devices: PCs, laptops, flash-drives and external drives.
- Supports various disk/partition types, filesystems, and image formats for preview.
£220.000 per unit per year
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
0131 608 0195
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Child Abuse Image Database (CAID)|
|Cloud deployment model||Private cloud|
|Service constraints||There are a number of technical dependencies depending on the deployment model selected. Details can be found in the service definition document.|
|System requirements||Minimum software specification, please see the service definition document.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||4 working hours for Priority 1 issues. See service definition document for full details.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Cyan Forensics standard support is offered between the hours of 9am - 5pm Monday to Friday excluding Bank Holidays, via a designated web portal. Additional support options are available, and the company can tailor a package to meet customer requirements.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||The service includes initial training for administrators, and online training for service users. See service definition document for full details.|
|End-of-contract data extraction||All data held in this system is either (a) exported regularly as part of routine operations or (b) provided by other systems. Cyan Forensics will work with the customer to explore any additional needs to extract data at contract end.|
|End-of-contract process||Cyan Forensics will work with the customer team on any required off-boarding process, including shutting down services and extracting/archiving data.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||N/A|
|What users can and can't do using the API||An API is provided to update the system with new contraband material. Other APIs can be made available on request.|
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||Customisation is available for a variety of options including how data is ingested, exported and searched.|
|Independence of resources||Each deployment is specific to one customer.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate data at rest privacy requirements and ensure an appropriate configuration is implemented.|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data is exported in Cyan Forensics' Contraband Filter format. Some exports can be made in Project VIC JSON format.|
|Data export formats||Other|
|Other data export formats||Project VIC JSON.|
|Data import formats||Other|
|Other data import formats||Category information can be added using Project VIC JSON format.|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||Data is not transmitted to or from our network.|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate availability objectives and ensure an appropriate configuration is implemented. Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.|
|Approach to resilience||Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.|
|Outage reporting||Dependent on customer infrastructure.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Any available Microsoft Active Directory authentication method.|
|Access restrictions in management interfaces and support channels||Customer defines access control via Active Directory user configuration.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Other|
|Description of management access authentication||Any available Microsoft Active Directory authentication method.|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We ensure data confidentiality, integrity and availability through a robust combination of policies, processes and independent evaluation.|
|Information security policies and processes||Cyan Forensics has policies and processes for IT Security and Data Protection which comply with and exceed Cyber Essentials and GDPR requirements. These policies are available for review on request. Any additional requirements can be met by mutual agreement with the customer.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All changes to the system are vetted and prioritised by the business. Changes are implemented by one member of the development team and reviewed by another. All changes to the system are tracked and can be individually traced. Development and testing of the product is undertaken following an internal process that covers the full development lifecycle (from initial idea through to final customer release).|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Vulnerability reporting is actively managed through our support channels. New releases are planned and emergency releases can be deployed to all registered users.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Given that most clients manage their deployments in private environments, this is usually a client responsibility. However, our product does keep audit logging of important changes to the system in a usable format to be imported into a monitoring system.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Given that most clients manage their deployments in private environments, this is usually a client responsibility. Any issues reported to us through support channels will be addressed in line with support guidelines as detailed elsewhere.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£220.000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|