Now released: XRY 8.0, XAMN 4.3 and XEC Director 5.1

The newest versions of XRY, XAMN and XEC Director represent a major advance in our efforts to help customers acquire mobile evidence and intelligence faster, easier and more efficiently.

XRY 8.0 features a new interface and powerful new capabilities that make the extraction process faster, easier and more automated than ever. XRY 8.0 also adds support for 409 mobile devices and apps, bringing the total number of supported devices and app profiles to 27,441.

XAMN 4.3 now has improved filtering capabilities and new quick views to help investigators find critical content such as passwords, deleted data and important chat messages.

And we’ve built significant new IT security enhancements into XEC Director 5.1 and the MSAB Kiosk.This summarizes highlights in each product family:




Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.
XRY 8.0




Quicker mobile device recognition: XRY 8.0 automatically recognizes most mobile device models as soon as you attach the device to your computer, so you can start extractions right away.


Improved search and filtering in the Device Manual: The Device Manual now offers improved search and filtering capabilities for faster identification of devices that are not automatically recognized.


Greater control with new step-by-step extraction process: A new step-by-step extraction process for Android logical extractions makes it easier to acquire the data you need, in less time.


Physical extraction via security bypass for Samsung Galaxy S7: XRY now supports bypassing the security of locked Samsung Galaxy S7 phones.




XAMN 4.3


Dynamic counting of filtered artifacts: As users apply filters in XAMN to narrow their searches, XAMN now dynamically updates and displays the number of artifacts remaining in each artifact category. This helps users immediately see and understand the effect of using different filters.




Video recording of user interface: A new tool available in the installation version of XAMN lets users set up a controlled video recording of a selected part of the XAMN interface. Video of animated drone flight paths, gifs, map and timeline interactions and much more can be of great use in reports and presentations.


New health data view tab: Health data sequences can now be viewed and analyzed on a specialized tab.


New password filter and quick view: Use the new password quick view and filter to find password artifacts.


Introducing the XAMN help center: XAMN 4.3 features a new integrated and interactive help center to support users.




XEC Director 5.1


Secure communications: Security is improved in XEC Director and its network communication with distributed clients such as MSAB Kiosks and other field-based computers. This includes encryption of transferred data.



MSAB Kiosk


The MSAB Kiosk now features the new XRY 8.0 interface and capabilities.


The MSAB Kiosk has been highly rated for its IT security levels. Now it is even more secure, based on new enhancements and improvements in this release.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...