Viewed images are sorted by size and relevance with a frequency number in parentheses.
This analysis might be useful to you when an employee is using company resources to look at
inappropriate, restricted, or prohibited images. For example, the images might be related to
airplanes, certain buildings, or locations that are targets for security breaches.
With image analysis, you can view the most relevant images from one or more documents in one or
more packet capture files in one display instead of being forced to open each document and viewing
the images.
Procedure
-
On the Forensics tab, from the Grid view, select
one or more documents that contain image in the description.
-
From the investigative tools menu at the top of the grid, click Image
Analysis.
In the results, thumbnail versions of all the images that are contained within the documents are
displayed in order of relevance. The number in parentheses next to the image indicates the number of
instances of the image in the document. If you place the cursor over a thumbnail image, the image
becomes larger.
-
Right-click an image for further investigation
- To review the image and its attributes, click Display
Document.
- To review an entropy graph and check whether the image might contain malware, click
Display Entropy.
You can use entropy values as an indication of whether
the file might contain malicious content. For example, bitmap image files and ASCII text files are
typically highly compressible and have low entropy values. Encrypted data is typically not
compressible, and usually has a high entropy value. Malware is often packed and hidden in both files
and images.