Cyan Forensics

Rapid Digital Forensic Triage

Rapid Digital Forensic Triage allows investigators to discover indecent images of children and terrorist material on suspect electronic devices in minutes. Finding evidence fast helps investigators make better decisions to protect the public. Within a process to assess risk, this triage reduces the number of devices seized and overall workload.

Features

  • Fast search and rapid triage for IIoC and terrorist material.
  • Easy to use, even for non-expert users.
  • Simple ‘red/amber/green’ result plus interactive views and detailed reports.
  • Integrates with existing databases of illegal or indicative content.
  • Uses existing categorisation methods and results.
  • Forensic tools can be used standalone, without any network connection.
  • Support for write-blocked, bootable or live analysis of suspect devices.
  • Secure Contraband Filter file format for use in the field.
  • Finds files that have been deleted with no speed penalty.
  • Detects encryption and encrypted content that cannot be scanned.

Benefits

  • Find evidence in minutes, even in a suspect’s home.
  • Enables smarter device seizure decisions, reducing volumes in forensic labs.
  • Find evidence fast to present to suspects at first interview.
  • Gain rapid insights into ever-increasing volumes of data in investigations.
  • Faster and more comprehensive than traditional triage approaches.
  • Built on scientific methods with demonstrable statistical performance.
  • Extend use of existing databases into Forensic Triage (leveraging investments).
  • Safe/secure Contraband Filter format: for third-party sharing, field-use and distribution.
  • Supports mainstream computing devices: PCs, laptops, flash-drives and external drives.
  • Supports various disk/partition types, filesystems, and image formats for preview.

Pricing

£220.000 per unit per year

Service documents

G-Cloud 11

408514439650486

Cyan Forensics

Ian Stevenson

0131 608 0195

Ian.Stevenson@cyanforensics.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Child Abuse Image Database (CAID)
Cloud deployment model Private cloud
Service constraints There are a number of technical dependencies depending on the deployment model selected. Details can be found in the service definition document.
System requirements Minimum software specification, please see the service definition document.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 working hours for Priority 1 issues. See service definition document for full details.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Cyan Forensics standard support is offered between the hours of 9am - 5pm Monday to Friday excluding Bank Holidays, via a designated web portal. Additional support options are available, and the company can tailor a package to meet customer requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service includes initial training for administrators, and online training for service users. See service definition document for full details.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data held in this system is either (a) exported regularly as part of routine operations or (b) provided by other systems. Cyan Forensics will work with the customer to explore any additional needs to extract data at contract end.
End-of-contract process Cyan Forensics will work with the customer team on any required off-boarding process, including shutting down services and extracting/archiving data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API An API is provided to update the system with new contraband material. Other APIs can be made available on request.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation is available for a variety of options including how data is ingested, exported and searched.

Scaling

Scaling
Independence of resources Each deployment is specific to one customer.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate data at rest privacy requirements and ensure an appropriate configuration is implemented.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data is exported in Cyan Forensics' Contraband Filter format. Some exports can be made in Project VIC JSON format.
Data export formats Other
Other data export formats Project VIC JSON.
Data import formats Other
Other data import formats Category information can be added using Project VIC JSON format.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Data is not transmitted to or from our network.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Cyan Forensics software is hosted on customer infrastructure, and Cyan Forensics works with customers to determine appropriate availability objectives and ensure an appropriate configuration is implemented. Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.
Approach to resilience Cyan Forensics' software makes use of services within its host environment to deliver high availability including services in Windows Server, Microsoft SQL Server, and Active Directory.
Outage reporting Dependent on customer infrastructure.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication Any available Microsoft Active Directory authentication method.
Access restrictions in management interfaces and support channels Customer defines access control via Active Directory user configuration.
Access restriction testing frequency At least once a year
Management access authentication Other
Description of management access authentication Any available Microsoft Active Directory authentication method.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We ensure data confidentiality, integrity and availability through a robust combination of policies, processes and independent evaluation.
Information security policies and processes Cyan Forensics has policies and processes for IT Security and Data Protection which comply with and exceed Cyber Essentials and GDPR requirements. These policies are available for review on request. Any additional requirements can be met by mutual agreement with the customer.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes to the system are vetted and prioritised by the business. Changes are implemented by one member of the development team and reviewed by another. All changes to the system are tracked and can be individually traced. Development and testing of the product is undertaken following an internal process that covers the full development lifecycle (from initial idea through to final customer release).
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability reporting is actively managed through our support channels. New releases are planned and emergency releases can be deployed to all registered users.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Given that most clients manage their deployments in private environments, this is usually a client responsibility. However, our product does keep audit logging of important changes to the system in a usable format to be imported into a monitoring system.
Incident management type Supplier-defined controls
Incident management approach Given that most clients manage their deployments in private environments, this is usually a client responsibility. Any issues reported to us through support channels will be addressed in line with support guidelines as detailed elsewhere.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £220.000 per unit per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑