Filtering
In order to get only the right data, you can set your filters at the start of the process, so extraction will adjust accordingly to not extract unwanted data and speed-up the process, where possible.
Global filters
Allows you to extract and create reports of the information that is only relevant to the case, or, only of what you want to be displayed in the final reports. Data can be filtered by time, contact, text string or location.
Local filters
Local filters are filters used in the "Specific selection" section - unlike the Global filters they only apply to specific content. Contains the following parameters: order, time, location, name, and path.
Highlights
This option creates a special section where all desired data will be present without affecting the rest of the report.
File filtering
Filtered results be filtered based on the National Software Reference Library (NSRL) database of common files which effectively reduces the number of exported files. In order to use this feature, a package called File exclude list has to be downloaded in the Updates section.
Considerations when using filters
Within Specific selection there is a list of analysis modules. Some have local filters, some don’t. For ones with local filters, they may only have one or two filter options available e.g. time & contact or, they may have all.
Global filters are accessible from the “Choose what to extract” screen and contain all available filters; time, contact, text string, & location.
If you enter a search parameter in “Location” it will search only those specific selection modules that also have the option to search for location as a local filter. For example, searching Location in Global would not search contacts, as contacts cannot be searched by location, only by time and contact.
Here is a table to show what is searchable with Global & Local filters.
Specific selection module | Time | Contact | Text string | Location |
|---|---|---|---|---|
Screenshots of report settings | No | No | No | No |
Summary | No | No | No | No |
Highlighted data | No | No | No | No |
Deleted data | No | No | No | No |
Captured phone photos | No | No | No | No |
Accounts | No | No | No | No |
Contacts | Yes | Yes | No | No |
Messages | Yes | Yes | Yes | No |
Time | Yes | Yes | Yes | No |
Calls | Yes | Yes | No | No |
Organizer | Yes | No | Yes | No |
Applications | No | No | No | No |
Applications list | No | No | No | No |
Photo Recognizer | Yes | No | Yes | Yes |
Face Matcher | Yes | No | Yes | Yes |
Photos | Yes | No | Yes | Yes |
Image files | Yes | No | Yes | Yes |
Large images | Yes | No | Yes | Yes |
Audio files | Yes | No | Yes | No |
Video files | Yes | No | Yes | No |
Documents | Yes | No | Yes | No |
Files | Yes | No | Yes | No |
Matched files | No | No | No | No |
Activities | No | No | No | No |
Application usage | No | No | No | No |
Bluetooth pairings | No | No | No | No |
Cell towers | No | No | No | No |
Clouds (see below) | Yes | No | No | No |
Contacts analysis | No | No | No | No |
Cookies | No | No | No | No |
GPS locations | No | No | No | Yes |
Malware detection | No | No | No | No |
Notifications | No | No | No | No |
Passwords | No | No | No | No |
Screen unlocking history | No | No | No | No |
SIM card | No | No | No | No |
System logs | No | No | No | No |
User dictionary | No | No | No | No |
Wi-Fi networks | No | No | No | No |
Web | Yes | No | No | No |
Timeline | Yes | No | No | No |
Data extraction log | No | No | No | No |
Clouds - Additional filters are available specifically for Clouds. These are “Filter by size” and “Filter by extension”