My Road to Digital Forensics Excellence

On the Outside looking In

Posted by Paul Bobby on October 14, 2010

This post concerns the OutsideIn technology, owned by Oracle. The following link takes you to the OutsideIn product page.

I conduct digital forensic examinations in the corporate world and my customers, while capable investigators, do not always have high technical skill. When providing them with data such as office documents, pdfs, internet history summaries, email (pst/ost), lots of images and movies, the ‘presentation layer’ can become very complicated. The presentation of so much data is complicated by the delivery (how do you get 50 megabytes of media to the customer) and also by the viewing of said data.

My ideal goal is to package up all the data, including report, in to logical evidence files and to provide a self-contained executable that can both mount the LEFs, provide a navigation screen, and incorporate viewer technology. This is a product opportunity. OutsideIn may just be the ticket that provides the viewer technology.

At the above link you can find the download page of OutsideIn that provides SDKs for various components. There are various download options:

  1. Content Access – extract/view metadata from all supported formats
  2. HTML Export – create html versions of all supported formats
  3. Image Export – create image versions of all supported formats (e.g. TIFF or JPEG)
  4. PDF Export – create PDF versions of all supported formats
  5. Viewer Technology – create viewer applications that display all supported formats.

For those of you that use Encase, you have already seen OutsideIn in operation. That ‘doc’ pane is simply a viewer window and the content is rendered by OutsideIn for display.

I downloaded both the Viewer Technology SDKs and the HTML Export SDKs. They both come with  sample applications. The Viewer technology gave me my first <Takai>”Oh my”</Takai> moment.

See that screenshot?

That aint no PST it’s an OST! Woot, now I have a demo application that can view OST files natively!

Next, playtime with the HTML Export SDK. Coming up, some quick and dirty scripting creates a decent navigation experience for a case reviewer.


One Response to “On the Outside looking In”

  1. Anonymous said

    Im a policeofficer and have also had huge problems viewing the .ost files. So i was quite pleased when reading this post.

    Sure enough, it worked like a charm. But after having read the license i noticed that it stated: “This application must not be used unlicensed in a production environment”.

    So I contacted Oracle and got it confirmed: It can NOT be used for work. Only for testing. So I asked how much it would cost to use it at work and to share it with my colleagues. And it was a LOT 🙂

    Just a little reminder to people who read this post. (And you. When I can find it I’m sure Oracle can find it).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: