Detego Global has recently launched Artefact_Compare, a new capability within its Detego Analyse AI+ analysis suite that enables rapid verification of the integrity of devices used in potentially hostile or high-risk environments.
The feature compares device snapshots taken before and after deployment, quickly identifying any changes that may indicate tampering, compromise, or unauthorised activity. Artefact_Compare supports a range of devices, including computers and laptops running Windows, Linux, or macOS, as well as Android and Apple phones and tablets, and loose media, giving investigators a quick and reliable way to verify device integrity across major operating systems.
Protecting Devices in High-Risk Operational Environments
Intelligence, military, law enforcement, and border security teams frequently deploy digital forensic equipment into environments where devices may be exposed to interference, hacking attempts, or physical tampering. In these situations, confirming that operational equipment has not been compromised is critical to maintaining evidential integrity and safeguarding investigative workflows.
Artefact_Compare addresses this challenge by enabling a structured verification process. Before a device is deployed, investigators capture a snapshot of device artefacts. Once the device returns from the field, a second snapshot is taken, and the system compares the two datasets to identify any differences.
This process helps investigators to quickly determine whether a device remained unchanged during deployment or whether files have been added, removed, or modified.
Clear Identification of Changes
The comparison results are presented within a dedicated exhibit, providing investigators with a clear breakdown of detected changes. Files are categorised into three states:
- Added – files present in the post-deployment snapshot but not in the original
- Removed – files present before deployment but missing afterwards
- Modified – files present in both snapshots but altered
Files are visually tagged using colour-coded indicators, helping investigators quickly identify anomalies and prioritise further analysis. The system also examines file properties such as timestamps, size, and content, to determine whether modifications have occurred.
Detecting Changes and Potential Compromise
Artefact_Compare uses a multi-stage matching process to accurately identify differences between pre- and post-deployment snapshots. The system first matches files using known identifiers, then analyses file locations and signatures to detect changes.
Once the comparison is complete, investigators receive a clear breakdown of detected changes, allowing them to quickly identify potential tampering, malware, or unauthorised activity. The feature can also highlight recovered files and unexpected executables that may indicate attempts to compromise a device.
For teams deploying forensic equipment in sensitive environments such as border operations, military deployments, intelligence missions, or remote investigative locations, this capability provides a fast and structured way to confirm that devices remain secure and uncompromised after use.
Artefact_Compare is now available within Detego Analyse AI+, further strengthening the platform’s capabilities for digital forensic analysis and operational security.
Request a trial to experience these capabilities first-hand.
About Detego Global
Detego Global is the company behind award-winning Digital Forensics, Case Management and Endpoint Monitoring solutions trusted by military, law enforcement, intelligence agencies and enterprises worldwide.
With the ever-increasing use of digital devices and the vast volumes of data generated, its solutions have become the preferred choice for rapidly acquiring, analysing and acting on evidence and intelligence.