Workspaces in ArtiFast
26/05/2023 Friday
Digital forensics analysis can be a complex and time-consuming process. Investigators need to efficiently analyze large amounts of data from a variety of sources. ArtiFast is a powerful digital forensics tool that simplifies the process by allowing users to customize their workspaces for their specific needs. In this blog post, we'll explore how workspaces in ArtiFast can be tailored to suit different digital forensics scenarios, and how investigators can create their own custom workspaces. ArtiFast provides workspace as a main view for showing results, by default the main workspace is a called (Home). A digital forensics investigator can leverage multiple workspaces to be able to perform more in-depth investigations
Why workspaces?
One of the key benefits of customizing your workspace in ArtiFast is
that it allows you to tailor your digital forensics analysis to your
specific needs. For example, if you're investigating a case that
involves a lot of email correspondence, you may want to create a
workspace that focuses on email artifacts which allows you to analyze,
view and filter email messages. Another advantage of using multiple
workspaces is that it can help you stay organized and focused. By
creating a separate workspace in each stage of your investigation, you
can quickly switch between different views and avoid getting overwhelmed
by too much data.
Forensafe team wanted ArtiFast users to be able to investigate more in
depth and as fast as possible. The whole Workspace approach came as a
result of trying to find a solution for this. The idea was to give an
analyst maximum ability to have as many complex views as possible, and
also to be able to merge or intersect them in any way they want. Each
view could be as simple as only Evtx Artifact Analysis, or it might be
an analysis based on multiple artifacts. The baseline was the main
view(Home). Any artifact parser selection, or any search on the main
view is actually a filter applied on the main view. Each workspace is a
combination of main view and a filter. Workspace technology provides an
investigator to combine or select any filters they have created and
would like to apply as many as they want on main view (parsed data) and
see the results within a blink of an eye no matter how big the parsed
data is. By using Workspace technology filters that results in millions
of lines can be combined in under one second. An investigator can create
multiple filters for both broader results and also for specific findings
in her investigation. A report based on multiple parts of an
investigation is only combining all the relevant workspaces and creating
a report based on that result. This also allows an investigator great
flexibility.
Overall, using workspaces in ArtiFast can greatly improve the efficiency
and effectiveness of your digital forensics analysis. By customizing
your workspace to suit your specific needs, you can easily access the
tools and features you need to analyze your digital evidence and uncover
important insights.
Workspace Features
The structure of ArtiFast allows users to show millions of lines
(artifact parsing results) swiftly and in one single view. An
investigator can export her findings to new workspaces, and later
combine them with “Merge” or “Intersect” them to create
subsets.
Different digital forensics scenarios require different tools and
features. By utilizing various workspaces, users can conveniently access
different views and features with diverse outcomes to help organize
data. Each workspace includes:
• Displayed results such as Artifacts, Files, and File
Categories.
• Timeline view.
• Artifact view.
• Reporting.
• Timeline filtering.
• Quick search.
Users can take advantage of these features in each separate workspace without impacting the results in other workspaces. Additionally, the Timeline View and Artifact View offer features such as Notes and Bookmarking to help users highlight the most significant results in each workspace.
How to Create a New Workspace
An investigator can create a workspace in different ways. They can select an artifact or category of their choice and then right-click and select "To New Workspace”.
Another way to create a workspace is by right-click on an existing workspace and select "New," followed by either "Blank" or "Using Keyword".A user can also create another workspace by using "Duplicate" feature so that they can continue their investigation, while securing the original workspace.
For more information or suggestions please contact: [email protected]
×
