What is the problem Digital Witness addresses?

Simply put, criminals do not use telco voice and messaging networks anymore, and over 90% of internet traffic is encrypted. The valuable metadata of “who called who” and ”who messaged who” has been lost in the flood of over-the-top (OTT) applications offering free voice and messaging services, some of who even can’t be subpoenaed to get the information because of their messaging architecture. Existing data like IPDR flow records or tools like Wireshark simply cannot deliver value to a forensics analyst, and many agencies have stopped trying to use data warrants at all. With trained forensics analysts being in short supply and the criticality of time-to-solve cases always being a problem for LEAs, better solutions are needed to protect citizens.

Get a Demo  Product Information  Become a Partner


Digital Witness Image 1

What can LEAs do to regain visibility into communications?

Criminal activity leaves traces. There are clues in law enforcement data wiretaps that are being missed every day. With the right tool, crucial network forensics metadata can be extracted from the packet captures (PCAPs) that you already have and get as part of a warrant today, while maintaining privacy for people only suspected of crimes. When investigating a suspect, the applications that are being used by suspects, what devices should be searched for under warrants, and whom a suspect is communicating with are all critical leads that can determine the likely guilt or innocence of a suspect before arrest and the seizure of their devices. In cases where the interaction of suspects (kidnapping, child exploitation, drug rings, or criminal syndicates), visibility into the interactions of multiple suspects is critically important and completely opaque in the current law enforcement solutions. The transition of data to evidence needs to be very short, and a system that can report on fine-grained details from network forensics is crucial as more communication uses encryption and OTT apps.


Digital Witness Image 2


Digital Witness: The next generation of network forensics for analysts

Digital Witness is a revolutionary solution designed to help investigatory agencies extract leads from network data. We target the most challenging problem for law enforcement and national security agencies dealing with network forensics by classifying and correlating encrypted traffic with patented accuracy. Our technology can be applied to warranted lawful intercepts of mobile or any type of broadband traffic (PCAPs, Live Feeds, etc) to provide application forensics analysis on VoIP, Video, File Transfer, Messaging, VPNs, and Cryptocurrency activity by criminals or bad actors. The evidence is presented in a summary view that can be used to generate reports for officials to request arrest warrants as well as in a detailed format for forensic agents to do their own analysis. One of our value propositions is to keep the time-to-evidence for network forensics to as near real-time as possible once the data is acquired and to immediately present the critical information to the agent for use in an active investigation.


Digital Witness Image 3


VoIP Forensics
VoIP Forensics leverages the identification of hundreds of VoIP applications used on the internet today to determine what communication applications are being utilized by suspects and correlated calls between groups of suspects under a warrant. 
Messaging and File Exchange Forensics
Messaging and File Exchange Forensics reveals the file exchanges and messaging contacts regularly used by a suspect and correlated calls between groups of suspects under a warrant. 
Application Forensics
Application Forensics reveals a massive amount of data on the internet and lifestyle activity of a user, including details like devices used, email services, social media, car driven, content categories, and even countries communicated with, all of which may provide leads in a stalled case.
Cryptocurrency Forensics
Cryptocurrency Forensics focuses on a suspect’s interaction with cryptocurrency mining and online wallets. Cryptocurrency activity can be mapped against public blockchain ledgers to determine if a suspect could be behind a number of cryptocurrency identities using Bitcoin, Etherum, or other common cryptocurrencies.
Social Media Forensics
Social Media Forensics correlates Social Media Upload records to compare with online posts – matching time, size, and the specific social media service to the suspect behind anonymous social media accounts.
VPN Forensics
VPN Forensics shines a light on the VPN activities of a suspect, highlighting the specific VPN services or technologies being used by suspects and potentially correlating VPN activity with other suspects. Behavior analysis is also used on VPN traffic to determine if VoIP calls or large file transfers are occurring with the VPN.