CameraForensics Ltd

CameraForensics Tactical

Our software service helps investigators find intelligence leads in cases involving imagery. CameraForensics have a constantly growing reference database of over 3bn processed and indexed images. The service is used by law enforcement agencies internationally to find victims of online exploitation, and also in organised crime and intelligence investigations.

Features

• A growing reference database of over 3bn images
• Secure access and account control
• A flexible search capability with inclusive and exclusive filtering
• An interactive user forum and comprehensive training and support
• Powerful image processing - identifying close matches and duplicates
• API integration with leading law-enforcement tools
• BigSearch functionality - triage and navigate results from large searches
• Project VIC compliant, providing a victim-centric approach
• Application of technologies to online investigations

Benefits

• Rapidly match target images against a 3bn image database
• Intuitive user interface with multiple search criteria options
• Full tracking, reporting and auditing of system use for managers
• Easily obtain help and advice via online forum and/or documentation
• Integrate with in-house tools and workflows via API
• Quickly confirm possible connections and establish new leads

£174,900 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

602973723435684

Contact

info@cameraforensics.com
07812165133
info@cameraforensics.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: All CameraForensics search criteria and results, including BigSearch are available via a REST API. A number of third-party organisations providing Digital Investigation tools (including Griffeye) have already integrated with us using this API, and some users operate through the API directly.
• Cloud deployment model: Public cloud
• Service constraints: Users access the service through an internet browser, or through integration with existing tools (such as Griffeye). No software download or local installation is required. https internet connection is required and is subject to local firewall and access control policies. Connectivity is verified using TLS certification. Access control is via email accounts within "whitelisted" domains. The service is supported for Internet Explorer 11 and the two most recent releases of Google Chrome and Mozilla Firefox.
• System requirements:
  • Internet Browser: Chrome, Firefox or Microsoft Internet Explorer 11
  • Local firewall and access control policies that permit https connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our system is accessible 24/7 with an availability well in excess of 99.9% over the past 3 years. Second-line support will be provided via a dedicated email account. Users and/or their first line support will be able to raise issues which will be responded to by email or telephone during business hours (typically within 2 hours), or if reported out of hours, at the start of the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As described above, second-line support will be provided via a dedicated email account. This facilitates the reporting of issues at any time, and prompt response during business hours. This approach also has the advantage that it is independent of the status of the main system and therefore provides a robust mechanism for problem reporting. Users and/or their first line support will be able to raise issues which will be responded to by email or telephone during business hours, or if reported out of hours, at the start of the next working day. Where the CameraForensics team have proactively identified any issues the same reporting, fix and communication process will be used.; Monthly reporting, including standard metrics on the service performance against the SLA and issues raised and resolved, will be provided.; This level of support is included in the baseline service costs.; Provision of on-site support (e.g. training) can be provided at an additional per-event cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We design our powerful user interface to be efficient and intuitive, thereby minimising training requirements and making the tool suitable for infrequent use. There are inbuilt online help tips, which guide the user on how to get the most out of the system, and we employ tooltips to clarify elements that might not be immediately obvious. Tutorial videos for functionality are also available when logged-in, along with access to a discussion forum. ; Formal training is available online to all users at any time. It is aimed at new users, along with elements for more experienced users and investigators.; Additional on-site training can be delivered (at extra cost) to develop expert users and local champions.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Retained information includes user search histories and search parameters included in the standard audit log. The logs for a given user or organisation can be provided on request to appropriate management account holders. Data is typically provided in CSV format.
• End-of-contract process: At the end of a contract period, the associated user and manager accounts are suspended. API keys are disabled.; Account data can be provided and/or deleted at the customer's request. ; Accounts and keys can be preserved and reactivated under a new contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• Description of service interface: Our powerful user interface is efficient and intuitive, thereby minimising training requirements and making the tool suitable for infrequent use. Searching is straightforward yet powerful, allowing users to combine multiple or single search fields as both inclusive and exclusive filters. Users can add as many filters as they like either from the search forms, or from the results. If a user sees data they are interested in they can “drill-down” via the search-plus icon to automatically re-run the search.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is provided via web browser and all standard browser functionality (text scaling, keyboard-only operation etc) is unrestricted. Support documentation is also browser-accessible text or captioned video content.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: All CameraForensics search criteria and results, including BigSearch are available via a REST API, authenticated by a user’s API Key. This is verified by the fact that the CameraForensics User Interface itself consumes this API. The use of BigSearch with an exported JSON file gives the ability to search on a machine without the need for the imagery itself, enabling searching from air-gapped networks if required.; ; Users and third-party organisations can communicate with the API via HTTPS requests, passing their API Key in a specific header. No client library is required.; ; A number of third-party organisations providing Digital Investigation tools (including Griffeye) have already integrated with us using this API, and some users operate through the API directly.; ; The API is documented in a Swagger-generated “try it now” style GUI, so that users and potential integrators can understand how it works and see example query parameters.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Professional performance testing and measurement software Gatling is used to test the system. This enables us to define testing criteria and ramp up users to beyond a life-like usage profile to stress-test the system.; ; Current testing criteria include:; 1: Standard UI/API Searches respond in less than a second to ~9,000 people searching at once, with simple and complex search types;; 2: Crawl operations are timely and do not adversely affect operations.; 3: BigSearch can service a representative number of concurrent users without timeouts.

Analytics

• Service usage metrics: Yes
• Metrics types: The CameraForensics system records active users, logins, page visits, API calls, searches (and criteria) and more in a metrics databases, including a timestamp for each of the various events, and details on who was logging in/searching/acting in that event. These data are available to nominated client administrator accounts. If necessary, collection of this data can be disabled to meet user security or privacy requirements.; ; All data described can easily be exported from CameraForensics in a format to be agreed with the user (e.g. CSV) for subsequent loading and analysis in other systems.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data related to customer accounts can be provided on request. This includes activity and search criteria per user account.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats:
  • Image metadata as search input (project VIC)
  • Image metadata as search input (JSON)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our system is accessible 24/7 with an availability well in excess of 99.9% over the past 3 years. In our experience of operating the system to date the most serious incidents encountered have been resolved within 2 hours.
• Approach to resilience: We are dependent on hosting services and connectivity provided by world-class third party suppliers, under standard commercial terms. The hosting services include full backup and failover contingencies which provide robust assurance that underpins our service commitments.
• Outage reporting: Service status, outages and planned maintenance are communicated via a “splash screen” at the login page, and by automated response to queries to our second-line support via email.; Significant outages are reported via email to nominated client leads.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: User access is determined by roles assigned to nominated user accounts. These roles govern access to management reporting and support.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: CyberEssentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We maintain and update a local security policy and associated procedures, overseen by Matt Burns, CEO. This policy and associated governance documents is currently being assessed against the CyberEssentials standard.
• Information security policies and processes: Information security is governed by local policies which are overseen by Matt Burns CEO. We are in the process of certifying these policies and associated processes with the CyberEssentials standard.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software version and release control is via industry-standard tools. Software development is controlled via BitBucket. ; Changes are pushed, checked, approved and released.; A Jenkins service is used to execute, test and confirm a new build. The automated testing includes security-related test scripts. If these test are successful then there is a manually controlled switch to a new release version.; There is an automated methodology for building and adding new server resources via the cloud services provider to ensure that new resources are consistently configured.; .
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We respond to relevant vendor security update notifications for all software and service components.; Our cloud servers are patched regularly.; Updates that are classed as urgent will be implemented within 24 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is performed via automated event reporting. Events include notification of potential attack events (e.g. multiple failed access attempts, or script insertion attempts). In the rare event where a potential vulnerability is detected via this route, our software is patched and updated promptly.
• Incident management type: Supplier-defined controls
• Incident management approach: Service management processes are in place which include incident response and communication methods. Service status is reported via the web interface and via email to the customer's nominated user support contacts.; Users report incidents by phone or the email-based support service.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £174,900 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full service for a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF