As mentioned in the main blog post, when you conduct an acquisition with iVe Software, version 3.0 or higher, the contents of your collection will be packaged into an iVx file, encrypted with your unique key, and pushed to all of your devices. This enables you to view and analyze the contents of your collection whenever and wherever you need.
Before we dive too deep into this feature, let’s quickly discuss the elephant in the room. The security of your case data is our paramount concern. We are leveraging the same cryptography technology used to protect the highest level of classified information. You, and only you, can access the contents of an iVx file. All active iVe accounts have their own unique set of encryption and decryption keys, called a Keypair. When an iVx is created, your unique encryption key is used to protect the contents of a collection. When the iVx file is pushed out to your devices, only the devices with the decryption key are able to open the iVx. Your decryption key is never transmitted or stored by us. If your decryption key is lost, you or anyone else, will not be able to open any of the iVx files that were protected with the associated encryption key. However, it is not all doom and gloom. You can always generate a new keypair and re-generate the iVx file.
Content and Accessibility
First, let’s discuss what data you are able to access. You are able to view all of the data from the content section in the workspace. The content section contains all of the data decoded and/or parsed from the original source files acquired from a vehicle system, such as connected devices and their associated data, navigation/geo-location data, and vehicle events.
Secondly, lets discuss where you can view this data. The primary purpose for creating a means to view just the contents of a collection was to make it accessible to you, on your mobile device. We know as an investigator you are always pulled in different directions and someone always has a question that needs an immediate answer. Most of those questions don’t require deep forensic analysis of the data. The answers are typically found in the content section. Where was the vehicle on X date and X time? Did you find X phone number? How fast was the vehicle going before X? These are all questions you should be able to answer without going back to your computer, finding your hardware license key and loading up a collection.
With all of that said, you can actually view the contents of a collection from the mobile app and the forensic software. We’ll discuss the mobile app first.
Content Viewer (Mobile App)
To access the content of a collection on your mobile device, tap on the vehicle in the list and open the dashboard. If the collection has an iVx, you will see a file icon to the right of ‘Analysis.’ Tap on ‘Analysis,’ and then open the iVx to view the contents of the collection.
Tapping on ‘Open iVx’ will decrypt the file using your decryption key. It is decrypted in memory only and will remain available until you close it or leave/background iVe Mobile. Once decrypted, you will be on the main page of the Content Viewer.
Connected Devices
From the main page of the Content Viewer you can view connected devices and their associated data by going into each device or simply viewing all of the calls, contacts, SMS, and media files across all of the devices. If you have a specific phone number or name you are looking for, you can use the search function to find it. That will lead you directly to the device it is associated with.
Location Data
The Content Viewer has a full suite of mapping tools. From the main page, you can access any stored locations, such as saved locations or previous destinations, and map them or view the associated textual data. You can also map tracklogs and view all of the associated trackpoints and vehicle events. There is even a playback feature which animates the tracklogs and shows events as they occur in real time.
Vehicle Events
Again, from the Content Viewer main page, you can access all of the vehicle events. You can see all of them in chronological order by tapping on the Vehicle Events section header or scrolling through the individual event types and view them one at a time.
Global Filters
One of the features in the Content Viewer is the ability to set global filters that apply to all of the content. Filters can be set for specific date ranges and/or locations. A vehicle may contain years’ worth of location data and events. The global date filter and location filter can help narrow down the data to just the information associated to the investigation.
Content Viewer (Forensic Software)
While the forensic software was not the intended viewing platform, it is important to be able to view the contents of an iVx file and compare it against the actual content in the collection. It is also handy to be able to view the contents of a collection from another machine with iVe installed without having to copy the entire collection folder.
To view the iVx file associated with a collection, open the vehicle dashboard and select the Analysis Section. From here you can download the iVx and/or open it. Once open, you will see a similar interface to iVe Mobile. Only the system section is not available when viewing an iVx. Tags, Search and Timeline all work as they normally would. However, be aware that once you close the iVx, any tags you made will not be saved.
Generating iVx Files
To view the content of a collection for an acquisition done prior to version 3.0, you will need to generate an iVx for each of those vehicles. Simply select a vehicle from the list and open the vehicle dashboard. Click on the ellipsis in the upper right and chose the option ‘Generate iVx’. This will create an iVx and push it to all of your devices.
Recent Comments