MARGARET WANG
UX | UI Designer
idl53TwNhl.jpeg

Magnet Forensics - Digital Forensics Triage

Magnet OUTRIDER

 
 

Overview

Magnet OUTRIDER enables Digital Forensic Examiners and non-technical stakeholders to quickly triage Mac and Windows computers, mobile devices, and external drives for illicit content such as CSAM (Child sexual abuse material), usernames, and contacts in the field or the lab with automated insights.

My responsibilities

Lead UX Designer

  • User research - survey and user interviews

  • Competitive analysis

  • Mockups and Prototype

  • User testing

 

Problem space

Law enforcement agencies are overwhelmed with the growth and complexity of digital evidence. Whether you’re triaging mobile devices and computers in the field or working through a backlog of evidence in the lab, time to evidence is critical. Examiners and non-technical stakeholders need a way to quickly and easily find information that is imperative to their case. The latest iteration of OUTRIDER proved to be cumbersome, demanding a technical background for users to grasp its functionalities accurately. Unfortunately, it didn't operate as intended, and its steep learning curve, coupled with the need for technical expertise, led to minimal adoption in the field.

Previous UI OUTRIDER 2.0

 

Our solution

  1. Rapid Triage

    • Uncover CSAM and other illicit content from mobile devices, computers, and hard drives in the field or the lab in under 6 minutes (based on field use) without performing a full extraction.

  2. Actionable Insights

    • Quickly identify apps and other key insights on a phone, computer, or hard drive at the outset of an investigation to give the investigative team real-time intel for interviews, warrants, and seizures.

  3. No More Manual Scans

    • Start running the software in less than three clicks by using preconfigured artifact categories that automatically count and display the number of captured hits during scans.

 

How we got to the solution

User research through surveys and user interviews

Understanding the significance of Time-To-Evidence for Investigators and Forensic Examiners, we set out to gather some insights on the use of triage tools in this field. We had questions about how often these tools were used, where, and by whom. To get answers, we sent out a survey to our global customers, and the response from over 200 customers gave us a decent snapshot.

From this feedback, we got a clearer picture of who's using or interested in triage tools, what they're using them for, when they find them handy, and why they want them in the first place. To dig deeper, we had video chats with specific customers in multiple interviews. What I found:

  1. Triage tools are out there, but they're not great.

  2. Some users find them slow.

  3. If you're not tech-savvy, there’s a learning curve.

  4. There’s still a time lag when dealing with critical evidence.

Competitive analysis

After looking at what our competitors were doing this is what we found the pros and cons to be:

Pros:

  1. Quick to process large data sets

  2. Powerful search and analysis capabilities

  3. Free

  4. Support a wide range of mobile devices

  5. Detailed analysis

Cons:

  1. Steep learning curve

  2. Some tools can be expensive–having to purchase the entire suite for the triage tool

  3. Resource extensive–too much information and not giving just the critical evidence that wanted in a rapid triage tool

  4. Supports only certain data sources and evidence types

 

Designs

My primary objective was to design an efficient triage tool designed for swift examination of diverse digital evidence on both computers and mobile devices. This tool aims to be user-friendly, requiring no specialized technical knowledge for operation.

Users: Investigators, Police officers, Parole officers, Digital Forensic Examiners

UI Library: Given time constraints and our team's size, I opted to leverage a third-party UI library (Microsoft Fluent). I aligned the colour palettes and iconography to maintain consistency with our existing products, ensuring a consistent visual experience.

Features:

  1. Preconfigured scan setups for different cases

  2. Critical evidence-actionable items on a report

  3. Start running software in less than 3 clicks

1. Preconfigured artifact categories and scan setup that automatically count and display the number of hits during scans. Multiple templates can be preset and saved for different cases.

 

2. Critical hits located applications will show under “Critical hits” summary or if you open up the "Located Applications” drop down, the critical hit icon will also call out any individual categories that are critical.

 

3. Start your scan in 3 steps

Note: Android Device Setup (Beta) was not part of my design work

 

A report is instantly generated post-scan, highlighting the identified hits.

 

See how Magnet OUTRIDER works

 

Launch feedback from users

 

Feedback from a Digital Forensic Detective from MNPD taken from LinkedIn

 
OUTRIDER is becoming the most efficient thing we could ever dream up in an ideal world. It saves so much measurable time while also allowing us to focus only on devices that need it. It is possible in some cases to only use this tool.
— Forensic Examiner, Large police agency in USA
We tested Magnet OUTRIDER as a triage solution and it’s the fastest tool we could find so congrats on that.”
— Customer from Germany
OUTRIDER is super fast. I scanned my undercover computer which has two 2TB drives attached to it. It scanned 800K files in just over 3 minutes. I love the speed and how you can export out the files for charging purposes.
— Forensic Examiner
When I gave OUTRIDER to my examiners, the look on their faces when they used it—without any level of instruction—was amazing. It found exactly what they wanted it to find.
We need to get answers ASAP during on-site interviews. We believe this is the fastest solution out there and we’re very excited to be using it.
— Parole officer
 

Next Steps

What I learned–the balance between user needs, business needs and the capabilities of our developers.

While the idea of creating a modern and polished product is tempting, it's crucial to be realistic. Consider the needs of your user base, especially when dealing with older, less tech-savvy individuals accustomed to a more dated software aesthetic.

In our case, our users aren't heavy app users, and their computer usage outside of work is minimal. Expecting them to seamlessly adopt a cutting-edge UI might be a stretch, especially when their comfort zone lies with older interfaces.

Given OUTRIDER’s small team's limitations, achieving pixel perfection everywhere wasn't feasible. We made the practical choice to focus on core functionalities and launched our MVP. The plan is to gather user feedback quickly, ensuring that any necessary improvements, including refining the look and feel, are informed by real user experiences.

For OUTRIDER

To broaden its user base, OUTRIDER is now available as a complimentary product alongside our flagship product, Magnet AXIOM. While the current product has the potential to cater to a diverse range of users within the field, our focus is on understanding which specific users will derive the most benefit and the likely scenarios in which the product will be utilized. We aim to pinpoint the primary beneficiaries and optimal usage patterns within the field to enhance the product's relevance and impact.