MOBILedit Forensic Express 4.0 Features Physical Analysis, 64-Bits And More

MOBILedit Forensic Express enters a new era by adding physical extraction and analysis, and it is now a native 64-bit application providing more power and stability for processing huge data. Version 4.0 brings in total 359 improvements making MOBILedit Forensic Express a must-have comprehensive forensic tool for any lab.MOBILedit Forensic is back and stronger than ever before. We can briefly say that it is a phone extractor, data analyzer and report generator in one solution. It is excellent for its deleted data recovery, advanced application analyzer, wide range of supported phones including most feature phones, fine-tuned reports, concurrent phone processing, physical acquisition and easy-to-use user interface.

MOBILedit Forensic Express supports the newest iOS 10.2.1 and Android 7.0.x, extracts maximum possible data, such as passwords, messages, media, web history, web searches, bookmarks, geolocations, contacts, call logs, calendars, notes, keyboard cache and dictionaries, emails, Bluetooth pairing history, cookies, log files and a lot of data from applications. The built-in password breaker uses GPU to maximize computing power and concurrency.

Forensic Express offers maximum functionality at a fraction of the price of other tools. It can be used as the only tool in a lab or as an enhancement to other tools through its data compatibility. When integrated with Camera Ballistics it scientifically analyzes camera photo origins.

Read more about all product features here.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

New features in version 4.0
Android physical data extraction, yes now you can extract physical images from investigated phones!
Physical analysis allows you to open image files, ours or 3rd party and recover deleted files plus all other deleted data where our product is known to be excellent
• The entire application is now native 64-bit for processing huge amounts of data, such as hundreds of thousands of messages with photos which greatly improves its speed and stability
• New File Manager to copy, move, and work with complete export folders, it solves problems with long filenames – which Windows File Explorer or Total Commander usually cannot handle
• Import of Cellebrite UFD files from UFED for both logical and physical analysis
• Built from scratch, a rich MS Excel report allows you to do your own data analysis using Excel features

Improvements
• Improved Android 7.0 support
• Wi-Fi connection now also supports app analysis and physical extraction for rooted Android phones
• New report sections for Notes, Tasks, and deleted iOS applications
• ADB and iTunes backup password can be included in reports and exports
• More information from iOS, including itunesmetadata. plist analysis, better keychain decryption, more iCloud information
• Additional phone information presented, such as cell info, device name, serial number and unique id
• Option to also pack binary files linked to PDF and HTML reports to create more compact reporting
• Memory usage optimizations
• More reliable cancelling of operations
There are 359 new features and improvements in total…

Application analyzers
One of the strongest features of Forensic Express is the application data decryption, undelete and analysis. Hundreds of applications are supported, such as:
Signal Private Messenger, Silent Phone, Threema, WhatsApp, WeChat, QQ, Blackberry Messenger, Private Photo Vault and many others. Find list of application analyzers for iOS and for Android.

App analyzers added or updated in version 4.0
myMail, Verizon messaging app, ASUS Browser, ASUS Email, Play Store, Chrome Canary, BBM, eBay, Mi Fit, Opera Free VPN, WowApp, BlackBerry Hub+ Services, 360 Browser, Blendr, Hide My Text, ZOOM Cloud Meetings, Wikipedia, Textie, TextMe Up Free Calling & Texts, Google Quicksearch Box, Android Blockednumber, WhatsApp, Telegram, Viber, Hangouts

[image]

Classical MOBILedit Forensic 9.0 also released
MOBILedit Forensic 9.0 brings improved support of iOS, updated support of Android 7.0, advanced filtering and many other improvements. Click this link for MOBILedit Forensic 9.0 release details

For more information about Compelson and MOBILedit please visit our website.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...