The following transcript was generated by AI and may contain inaccuracies.
Today I’m talking about Remote Mobile Discovery, but specifically the way I want to address this is through our Exterro forensic agent. As many of you may know, this agent is our solution for forensic endpoint analysis, investigation, and collection.
We have been updating, working on, and adding features to our forensic agent for many years. This came over during the AccessData acquisition, and since coming to Exterro, we have not slowed down on updates to our agent. Hopefully, you guys have seen that over the last few years. Our agent can be installed on Windows machines, Mac OS, Linux, and what we have now added within the last few months is the ability to collect remotely from iOS devices as well, utilizing our Windows agent on an endpoint.
The cool thing about utilizing the preexisting agent is that all the features we’ve built and upgraded over the last few years—such as zero trust compliance, on and off network collections, analysis, and preview—all come along with it and add a lot of power to our iOS capabilities now. We’re calling the iOS portion “Remote Mobile Discovery.”
So what are some of the characteristics of Remote Mobile Discovery that we’re releasing right now? It’s agentless—and you’re thinking, “Wait a minute, you just spent an entire slide talking about the agent.” What we mean is that our solution with Remote Mobile Discovery, which is now available in both FTK Central/Enterprise and our EDDM platform for the e-discovery side of the house, doesn’t install any agent on the phone itself. Your custodians, employees, or users don’t have to have anything installed on the mobile device for you to be able to collect that information. So it’s super handy there.
It’s a single platform, meaning you don’t have to use one solution to collect and another solution to review. You can keep it all in-house, all in one review platform and collection platform synced together. You should schedule a demo if you haven’t seen it yet. We’re running a bunch of those, and we have some webinars coming up later this month and in April as well that show an actual run-through dedicated just to this feature.
Once the device is collected, FTK or EDDM will automatically kick off and start processing that data, so you don’t have another step where you have to hand it off to someone else. It’s just going to process so it’s ready for review.
One of the things we’ve worked on as well is that while, yes, we of course support plugging the device into the custodian’s endpoint (their computer, laptop, whatever that may be) to collect that way, we can also collect wirelessly if the phone and the endpoint computer are on the same network. That allows you to initiate collection without the user having to plug into the computer. This is especially useful if you’ve disabled USB ports and other similar restrictions.
This is available for on-premises installations such as FTK, FTK Central, FTK Enterprise, or our SaaS solution with EDDM and also FTK as well.
So how does it work? How would it look for your user? How does this play out?
First off, you will need an agent on the endpoint. That’s our Exterro forensic Windows agent sitting on your employee’s or custodian’s laptop. No agent is ever installed on the iOS device. One time—whether that’s when you’ve hired someone and need to get them their laptop and company phone, or when you pair the phone and laptop back at your IT lab before deployment—the devices will need to be trusted together. After that trust is established, you can collect as many times as you want without having to replug in and trust the device to the laptop.
To initiate a collection, let’s say I want to collect certain information, like SMS messages. I initiate that, and we only do consent-based collection. What will happen on the user’s phone is they will see a prompt saying, “Please enter your device PIN to authorize this collection.” The user puts in the PIN, and then the collection begins.
That information is collected to the laptop and then, using our agent, sent back to your legal department, IT department, or forensic department for analysis. As I mentioned earlier, the information is automatically processed, so there’s no middle step. You just have to wait for the collection and processing to finish, and you’re ready to review the chats or whatever you’re looking for. It’s super simple and smooth.
The thing we’re going for here is to make it easy so you’re not moving information between platforms. That’s where things get messy—you introduce risk and additional costs by moving things between different infrastructures. This way, you can keep it all in-house.
As I’ve gone through, this is not just about collections. It’s a big part of it—you need to be able to get to that data, react to it, and review it. We have a very purpose-built review system built into FTK and EDDM for the various types of artifacts that you would need to review and bring together for your report or deliverables.
You can export this information if you need to look at it in a different software suite, deliver it to counsel, or if you’re just doing a preservation. We support that. And of course, we have various reporting formats and capabilities to create and edit your own custom reports. So it’s not just a collection system—it’s the full package of collection, review, reporting, and export.
So that’s Remote Mobile Discovery—our built-in ability to reach out, preserve, and review that data. But let’s say you already have some other solution for mobile devices in-house. We can ingest their data as well to combine it with computer data that you may already have. We can ingest Cellebrite data, GrayKey from Magnet, extended XML from in SAB, and of course, we can get Android backups as well and load them in. You don’t need to run it through their software first for parsing or anything like that.
We’ve focused a lot of effort on our own native app parsing lately, building that up so you’re able to use our timeline feature, filter features, and all the different tools to isolate information from one or all of these sources. That’s one of the cool things about FTK especially—you can bring in data sources whether from a computer, phone, cloud resource, or whatever, and view all that data side by side.
So don’t forget about our mobile data ingestion. We’ve continued to support that, and we continue to add more capabilities. I believe Android physical backups were added in our last update as well, so we’re not giving up on supporting all sources of information. Again, we want to enable you to review that data in one spot.
If you have any questions on Remote Mobile Discovery or mobile capabilities in general, by all means set up a call for a demo. We’re happy to walk through it.
