How To Use The Griffeye Intelligence Database

by

Beginning with version 19, Griffeye Analyze DI Pro and Core will start using the new Griffeye Intelligence Database, or GID, to replace the legacy intelligence manager.

In this video, we’re going to discuss the changes that the GID brings to the Analyze DI interface, and how to use the Griffeye Intelligence Database system within your cases.

First off, let’s create a new case and take a look at the differences in the case creation process, which are very minor.

On the second page of the Import options, you’ll notice that the GID section has replaced the Database section. Analyze DI will now check imported files against all of your GIDs, if selected. Analyze DI will still check your files against any legacy databases you have connected.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

On the Exclude page, you now have the ability to exclude files by GID source, in addition to any legacy databases you have connected. This can be done by selecting ‘Exclude files with hits in databases’ and selecting the GID source, or sources, you would like to exclude any file matches from.

These are the only two changes that version 19 brings to the case creation wizard at this time.

Now that our case has finished processing, let’s take a look at the changes to the Analyze DI interface related to the GID.

First off, you will notice that the GID has some new buttons in the ribbon on the Home tab. These buttons are used to manage, update, and migrate to your GID. You can also still access your legacy database manager from the ‘Manage Hash Databases’ button, but keep in mind your legacy databases are now in read-only mode and cannot be changed, with the exception of removing them.

Let’s select the GID management to see the GIDs you are currently connected to.

In this example, I have a local GID populated with hashes and intelligence, but because I’m using DI Pro, I am also connected to a remote GID in Sweden. How to set up and connect additional GIDs for collaboration will be discussed in a future video.

In the Case Data tab, we also see that we now have an additional GID button that will let users rescan their case against any GIDs that they are connected to. We will discuss this button’s functions in a few moments.

Moving to the bottom of the interface, you can also quickly check to see if your GID connections are OK by the GID Status infobar next to the Filters action button. Simply hover over ‘GID Status’ to see a list of GIDs and their connection state. A check mark indicates all your GIDs are in sync and ready to use.

In the Thumbnail view, users can quickly view GID and legacy database matches of individual files by hovering over the ‘Database Match’ icon in the thumbnail header icons. This will list all the databases and GIDs – including sources – that the file matched against.

GID matches also appear in the File Info panel, under the Summary tab, by scrolling all the way down to the GID section.

GID Matches columns are also now present in the grid view, each column representing an individual GID source.

Under Filters, on the Intelligence tab, there is a new quick filter for the GID, where users can filter to file matches based on individual GID sources. Data can also now be sorted by GID source matches as well.

Now let’s talk about the ‘Rescan Against GIDs’ button on the Case Data tab. This button is a two-function button: the top option will rescan your case against all available GIDs and categorize any matched files, but will not override any categorization work you may have already completed.

The bottom button allows you to match files against specific GID sources, overriding categorization for any matched files. It is important to note that using this option will overwrite any manual categorization work you may have already completed.

Click the bottom button, and a menu will appear allowing you to select the GID that you would like to overwrite your categorization from.

After you select a GID, a window will open asking which sources within that GID you would like to match against. This window requires that you read and check the box before performing a rescan. This is to ensure that you have acknowledged that your case categorization may be overwritten for matches in the GID source that you select.

Once you have completed your work and you are ready to update your GIDs with your categorization and intelligence data, select the ‘Update GIDs’ button from the ribbon.

This will allow you to select which GID you would like to update. Note that all of the hashes and intelligence will be placed in a hash source called ‘Case Work’ within the GID you update. Analyze DI will create this source for you when you perform your first GID update. Any future updates from other cases will also be assigned to the ‘Case Work’ source.

You can verify this source was created and updated by selecting the GID Manager and opening the GID you updated.

Thanks for watching. If you have any questions or comments, hit us up in the forums or shoot us an email to support@griffeye.com.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Read more on all these stories at https://www.forensicfocus.com/news/digital-forensics-round-up-april-17-2024/ #digitalforensics #dfir

Read more on all these stories at https://www.forensicfocus.com/news/digital-forensics-round-up-april-17-2024/ #digitalforensics #dfir

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_wY4_T8IUuxY

Digital Forensics News Round Up, April 17 2024 #digitalforensics #dfir

Forensic Focus 20 hours ago

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-april-12-2024/

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-april-12-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_DTjUBPIzVNs

Forensic Focus Digest, April 12 2024 #digitalforensics #dfir

Forensic Focus 12th April 2024 2:31 pm

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising. The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems. 00:00 – The state of the digital forensics industry 02:30 – Desi’s talk at BSides Brisbane 05:30 – Sweaty Cyber Advice and Strongman 09:40 – Companies integrating open source software 23:00 – Advertising, statistics and logical fallacies 28:00 – The Post Office scandal and computer accountability 49:00 – Security, compliance and regulations 56:00 – Closing thoughts Show Notes Hardly Adequate YouTube - https://www.youtube.com/@hardlyadequate Oxfordshire’s Strongman & Strongwoman - https:\oxfordshire.rocks\ CPS, Computer Records Evidence - https://www.cps.gov.uk/legal-guidance/computer-records-evidence Your Logical Fallacyis - https://yourlogicalfallacyis.com/ British Post Office Scandal - https://en.wikipedia.org/wiki/British_Post_Office_scandal The Guardian, Robodebt Scandal - https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal Tyler Vigen, Spurious Correlations - http://www.tylervigen.com/spurious-correlations Forensic Focus Discord - https://discord.gg/97zKvTXHeS

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising.

The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_LtdulCL39AU

Cyber Scandals And When (Not) To Trust Computers

Forensic Focus 10th April 2024 6:40 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Alex Beddard, Investigator, Chainalysis
Interviews

Alex Beddard, Investigator, Chainalysis

ByForensic FocusApr 18, 2024
Digital Forensics Round-Up, April 17 2024
News

Digital Forensics Round-Up, April 17 2024

ByForensic FocusApr 17, 2024
Magnet Forensics Announces Magnet One, A Revolutionary Platform For The Pursuit Of Justice
News

Magnet Forensics Announces Magnet One, A Revolutionary Platform For The Pursuit Of Justice

ByMagnetForensicsApr 16, 2024
UPCOMING WEBINAR – Fireside Chat: Navigating The Cloud – Expert Insights On Emerging Cloud Threats And Complexities
News

UPCOMING WEBINAR – Fireside Chat: Navigating The Cloud – Expert Insights On Emerging Cloud Threats And Complexities

ByCado SecurityApr 16, 2024
Maltego Acquires PublicSonar And Social Network Harvester To Propel Vision Of An All-in-One Investigation Platform
News

Maltego Acquires PublicSonar And Social Network Harvester To Propel Vision Of An All-in-One Investigation Platform

ByForensic FocusApr 15, 2024
Filip Kachnic, Business Development Manager, Eyedea Recognition Ltd
Interviews

Filip Kachnic, Business Development Manager, Eyedea Recognition Ltd

ByForensic FocusApr 15, 2024