Phone Forensics Express Pro

Nový, rychlý a snadno použitelný software s dotykovým rozhraním pro zajištění dat z mobilních telefonů.

Availability: Dostupné na objednávku Katalogové číslo: 1200 Kategorie:
Zobrazit seznam poptávek

Popis

 Forensic Express Pro

Vydání Pro je navrženo pro uživatele, kteří hledají pokročilé funkce – ideální pro všechny orgány činné v trestním řízení, průmyslové experty a forenzní profesionály.

Všechny funkce verze Standard plus:

Odblokování telefonu

Podpora iCloud

Rozpoznávání objektů na fotkách

Rozpoznávání obličejů

Detekce malwaru

Podpora Camera Ballistics

Podpora UFED

Integrace Access Data

 

Nový, rychlý a snadno použitelný software s dotykovým rozhraním pro zajištění dat z mobilních telefonů.

Zrychlete svou analýzu – s neuvěřitelnou jednoduchostí zajišťujte data z několika telefonů najednou a využijte pečlivě připravených templatů pro výstupní reporty.

Zajistěte data z mobilních zařízení

S aplikací Phone Forensics Express zajistíte všechny data jen pomocí pár kliknutí. Ve výsledku získáte nejen smazaná data, historii hovorů, kontakty, SMS, MMS, soubory, kalendář, poznámky, upomínky, ale i data z aplikací jako Skype, Dropbox, Evernote, Facebook, Whatsapp, Viber apod.

Rozsáhla podpora zařízení

Jako průkopníci v oblasti mobilní forenzní analýzy, nabízíme rozsáhlou podporu telefonů od roku 1996 až dodnes. V dnešní době náš software podporuje tisíce zařízení s operačními systémy, jako jsou například Android, iOS, Blackberry OS, Windows Phone, Windows Mobile, Symbian, Bada a Meego široké skupiny výrobců, jako např. Samsung, HTC, Nokia, Sony, LG, Motorola a mnoha čínských značek. Nástroj si rovněž poradí s celou řadou starších telefonů bez OS.

Zajištění dat z aplikací

Využívání aplikací pro komunikaci a sdílení obsahu zažívá obrovský růst. Mnoho aplikací vzniká nebo je updatováno prakticky denně. Je evidentní, že analýza aplikací je klíčová pro zajištění všech relevantních informací ze zařízení.

Analýza aplikací je nejsilnější stránkou Phone Forensics Express. Velká část našeho týmu se věnuje problematice aplikací a jsme tak schopni stále přidávají podporu i pro ty nejnovější. Forensics Express provádí hloubkovou analýzu dat, zajišťující všechna dostupná data aplikací včetně těch smazaných. Získaná data jsou podrobena analýze obsahu a vy si je tak můžete zobrazit na časové ose jako poznámky, fotografie či konverzace bez ohledu na to, kterou aplikací byla tato data vytvořena.

Zajišťujte data na několika zařízeních najednou

Zajištění dat z mobilních zařízení zabírá mnoho času. Zrychlete svou práci připojením několika telefonů najednou. Jediné co potřebujete je USB hub, kabely a počítač s nainstalovaným nástrojem Phone Forensics Express.

Několik výstupních formátů najednou

Zvolte si váš oblíbený formát a závěrečnou zprávu exportujte přesně v tom formátu, jaký se vám hodí. Nabízí se vám formáty jako PDF, XLS, nebo HTML s náhledem celého obsahu na daném zařízení. Můžete si rovněž vytvořit závěrečnou zprávu ve formátu XLS, která bude kompatibilní se ostatními forenzními nástroji, které využíváte.

Bypass zámku obrazovky na iOS

Přestože má iOS velmi dobře zabezpečená data, Forensics Express dokáže prolomit zabezpečení a data dešifrovat. Jsou k tomu potřeba pouze Lockdown soubory ze spárovaného počítače. Tyto soubory jsou vytvořeny ve chvíli, kdy připojíte své zařízení iOS ke svému počítači a autorizujete ho. Díky souborům Lockdown budete schopni obnovit všechna data z telefonu, i když bude zamčený.

Data ze starých záloh

Phone Forensics Express dokáže zajistit data ze starých záloh. To se hodí, když nemůžete použít konkrétní telefon, ale máte přístup k datům z autorizovaného počítače.

Obnovte veškeré informace ze SIM karty

Forensics Express vám pomůže k získání ICCID bez kódu PIN a také k zjištění oblasti, ze které karta pochází (Location Area Information). Budete mít také možnost dostat se k datům, jako jsou kontakty, zprávy, IMSI a nebo seznam používaných aplikací na SIM kartě.

Jednoduchý proces připojení zařízení

Naše databáze mobilních zařízení a snadno použitelné prostředí vám usnadní práci. Okamžitě uvidíte všechny informace, které potřebujete: kompletní funkce telefonu, kompatibilní kabely, ovladače a potřebné návody.

Updaty

Softwarové updaty jsou v dnešní době neustálého vývoje nutné. Stále přidáváme nová zařízení a analyzujeme nové aplikace. Nejnovější updaty vám tak dávají vždy ty nejširší možnosti využití. Nový nástroj jsme odladili i díky obrovské odezvě uživatelů MOBILeditu. Díky tomu máme jistotu, že Phone Forensics Express nabídne ty nejlepší funkce s podporou nejvíce mobilních zařízení.

Analyzujte rychle a jednoduše

Už nemusíte být expertem v oblasti forenzní analýzy, abyste dokázali zajistit data na mobilním zařízení. S naším softwarem to dokáže každý. Je intuitivní, dokáže jednoduše zajistit data a s vylepšenou autodetekcí snižuje nároky na znalosti postupů.

Vyvinuto v EU

Naší klíčovou výhodou je umístění našeho výzkumného a vývojového centra v Praze, což spolu s vysokými standardy kvality podporuje rozsah našich schopností v oblasti fyzické analýzy v Evropě prodávaných telefonů.

Mnohaleté zkušenosti

Firma Compelson Labs byla založena v roce 1991 a od roku 1996 nabízí nástroje pro mobilní forenzní analýzu. Náš předchozí produkt MOBILedit byl velmi dobře hodnocen National Institute of Standarts and Technology a je stále používaný FBI, CIA, IRS a bezpečnostními složkami více než 75 zemí světa.

Main Functions

Phone extractor with extremely wide range of supported phones

Password breaker with GPU acceleration and multi-threaded operation for maximum speed

iTunes backup analyzer

Android ADB backup analyzer

Applications data analyzer

Photo Recognizer

Deleted data recovery

Cellebrite UFED data analyzer

Cellebrite UFED data generator

Oxygen data analyzer

Report generator

Phone unlocking

 

Connecting phones

The phone connection wizard will guide you through simple to follow instructions allowing even a novice to work with the product. It also eliminates stress by showing you which setting you need and what buttons to press to make sure your phone connects every time.

 

Open/Import files

iTunes backup

Android ADB backup

MOBILedit Backup XML

Oxygen Export XML

Cellebrite UFDR

Cellebrite UFD with both, logical data and physical images (new in version 4.0)

 

Exports and reports

HTML – creates site structure for easy data browsing using any browser

PDF – Acrobat reader single file or multiple files

XML – Excel

XLS – Excel workbook

UFDR – Cellebrite report file

MOBILedit export structure of files with parsed data from phone

MOBILedit backup structure of raw files from phone

MOBILedit export and backup can be compressed and encrypted using AES and protected by MD5 or SHA256 hashes.

 

Contacts

Three unique reports help uncover the suspect’s connections.

 

The Contacts Report presents all contact details fully retrieved and analyzed, including deleted contact details when available. Contact recovery scope is from multiple sources such as phonebook and memory, vCard files, SIM card, cloud accounts and applications.  Search a report directly for names, numbers, deleted contacts or other information.  The report informs the investigator when the contact was created, when it was last modified and which account type it is (WhatsApp, Cloud, Gmail, Facebook etc.). Find important information such as phone numbers, email address, home address, birthday, employer, and contact profile pictures to help you put a face to a name.

 

With a Contact Analysis Report find out who the suspect has been in contact with the most, and discover crucial connections.  Contact Analysis will detail the number of sent and received messages and calls including total minutes of talk-time for each contact, sorted in descending order by the number of communication events with the suspect.

 

The Contact Accounts Report will help the investigator find all phone, email, cloud and applications accounts associated with the suspect’s device.

 

Messages

Messages are fully retrieved for analysis and presented in the Messages Report, including deleted messages when available.   Messages include standard phone messages (SMS, MMS, iMessages), email messages, SIM messages and application messages.  Customize the report and sort by contact, timeline, conversation view, or both.

 

Conversations

Efficiently read through entire uninterrupted conversation streams.  The Conversations Reports separates entire conversations by contact and are ordered by time sequence.  Captured conversations include all SMS, MMS, iMessages and applications messages including encrypted-messaging apps.

 

Call Logs

The Calls Report provides details of all mobile service and applications-based phone calls, including deleted calls.  Pin-point the time and date of when the suspect made or received calls, the duration of the call, the source (mobile, Facebook, WhatsApp etc.) and the contact and phone number associated with each call.

 

Emails

Emails are fully retrieved for analysis and presented in the Emails Report, including deleted messages when available. Customize the report and sort by contact, timeline, conversation view, or both.

 

Applications

Perform an advanced applications analysis.  All applications are listed and fully analyzed for their detailed data, including deleted applications data where available, and presented in the Applications Report.   Narrow your search by selecting the specific applications you wish to analyze, or complete an analysis on all applications in the device.  Criminals, terrorists and everyday people are using encrypted-messaging applications more than ever, now an investigator can read these messages.  Raw application data are also stored in the export folder, which makes additional processing and analysis possible.  We support hundreds of applications and the list is growing.

 

Integrate

We understand an investigator may use many tools in an investigation.  We’ve designed our software with the ability to integrate with other forensic tools in your lab.  Import and analyze data files exported from Cellebrite UFED and Oxygen reports to uncover potentially overlooked data.  Export all MOBILEdit Forensic Express data to UFED, so you can use the UFED Viewer or Analytics for further processing to move your investigation forward.

 

Deleted Data

Deleted data is often the key information in an investigation.   Deleted data details are presented in a special comprehensive Deleted Data Report, and also displayed within each individual analysis report.  Whether it is calls, SMS, MMS, calendar events, notes, applications data, or other evidence your are looking for, MOBILedit Forensic Express searches deeply in databases for caches and hidden files to reveal the maximum deleted data possible.

 

Passwords

The Passwords Report will reveal passwords from many types of accounts and applications.

 

In iOS devices all system passwords and most application passwords are managed through dedicated and encrypted Keychain. We are able to decrypt the keychain and retrieve all passwords that were saved in it. Passwords contained in the Keychain include: Wi-Fi passwords, appleID password, passwords saved in Safari as well as various email and application passwords, and passwords saved in web browsers and other accounts.  From Android devices Wi-Fi passwords are retrieved.

 

Wi-Fi Networks

This section contains detailed data about all Wi-Fi networks saved in a device. The Wi-Fi Networks Report displays the history of Wi-Fi connections in time sequential order, including the Wi-Fi network name, the last joined time and date, the last auto-joined time and date (indicates that a suspect has been a repeat visitor to the network location), SSID, BSSID, and security mode. Supported are also continued logs – connected time. Even Wi-Fi network passwords are recovered and are shown in Password Report.

 

Images

The Images Report will contain images from the phone file system.  This includes application images – images retrieved from applications data, which might also include images stored in temporary files or caches that have been detected as potential images.  An option to display large images in full size will create an additional section in the report and display one image per page.  Filter out duplicate images to omit emoticons and similar images from the reports.

 

Photos

The Photos Report retrieves all device and applications photos taken by the phone, usually in the DCIM folder.  iPhone deleted photos can be recovered if they were sent via MMS or from a supported application. The ability to recover deleted photos depends on many internal factors in the storage and cannot be predicted nor guaranteed. Supported is also an Apple photo format HEIF.

 

Cell towers

Data about cell towers that the subject phone was connected to can be obtained. Obtained cell tower locations can be individually viewed on the map through the provided link.

 

Audio Files

Audio files are copied from the device and its applications.  The Audio Files Report allows you to play an audio file simply by clicking on it in the report.  The report also details the file path, the created and modified time, the duration of the audio file and the size of the audio file.

 

Video Files

Video files are also copied from the device and its applications.  The Video Files Report allows you to play a video file by clicking on it in the report.  The report also details the file path, the created, modified, encoded and tagged time, the duration of the video, the size of the video file as well as the frame rate, height and width.

 

Organizer

The device and applications organizers are searched and analyzed, and data is presented in four distinct reports.  Customize the search within a specific timeframe for calendar events, notes and tasks, or complete a full phone search.

 

The Calendar Accounts Report displays the various device and applications accounts where events are created and stored.  Details include the account source, name, account owner, account email address and the number of associated events with the calendar.

 

An Events Report lists all events in detail from the device and its applications, including deleted events from calendars and other sources where events are created.  Details include which calendar the event was created in, a summary, a description, start time, created time, modified time, end time, recurrence, if the event was removed or deleted and are sequenced in ascending or descending order.

 

Tasks are carefully compiled and presented in detail in the Tasks Report.  Tasks found in the device and applications include the full task text content, the creation time, modified time, start time, completion time and indicates if the task was deleted.

 

Notes including deleted or removed notes are compiled in detail in the Notes Report. Gathered from the device and applications, the report includes a header title, a summary, the full text content of the note, the created, modified and last visit time, as well as if the note was removed or deleted.

 

Documents

Extract and preview most common document formats.

 

GPS Locations

Knowing when and where a suspect has been is key in every investigation.  The GPS Locations Report contains all possible GPS location data from the device and applications.  We are able to extract ‚last known‘ locations from Android devices. The analysis and report yield valuable information from map, fitness and transportation applications such as Google Maps, Pokémon Go, Nike+ Running, Uber and many more. Some applications may even contain GPS data about the entire route, and show the sequence of GPS coordinates with their timestamps recorded and stored. Photos and videos on a device may also contain GPS locations in their metadata.  Customize the locations search and report by time, or search and order locations by proximity to specific GPS coordinates.

 

Cookies

The Cookies Report compiles the history of cookies in a device. System cookies are only obtainable from iOS devices. Application specific cookies are analyzed for every installed application. Cookies contain information about web domain as well as their creation, accessed and expiration time, and if the displayed cookie has been deleted.

 

Web Browsing History

The Web Browsing History Report contains a consolidated web browsing history from all analyzed browser applications. Each web browsing history entry consists of the visited URL as well as time of the visit. In some cases the total number of visits of the URL is also available with the timestamps of individual visits.  The report is customizable by alphabetical order or by time sequence.

 

Web Search History

The Web Search History Report contains queries searched in the web browser as well as a timestamp of when the search occurred. System-wide web searches are only obtainable from Android 5.1 devices and older. Web search data is also gathered from browser application analysis.

 

Bluetooth Pairings

Bluetooth pairing history can be discovered on both Android and iOS devices and is presented in the Bluetooth Pairings Report.  In the report you will find the name of the Bluetooth connection, the Bluetooth address of the pairing device, the status, and on iOS- the date and time of the last connection.

 

Contact analysis

Contact analysis is a section with analyzed relationships between contacts and the way they were used in various modes of communication. It is also possible to skip contacts that have rarely been communicated with on that mobile phone.

 

Notifications

Notifications of the device and applications are presented in detail and are retrievable from iOS and Android devices. The Notifications Report displays notifications information including the source, the text of the notification, and the timestamp.  On iOS also included are notifications that are no longer active and may contain otherwise unobtainable information, such as emails and messages from applications that do not store them in databases. On Android only active notifications are retrievable.

 

Bookmarks

The Bookmarks Report gathers device and application global browser bookmarks on iOS devices (Safari bookmarks), and on Android devices up to Android 5.1; later versions of Android only application specific bookmarks can be obtained.  The report can be sorted by time or name in alphabetical order.

 

Keyboard Cache

The Keyboard Cache Report contains all words that have been typed on device and is only available on devices running iOS version 7 and older. On Android devices we can extract User Dictionary that contains custom user defined words

 

System Logs

The System Logs Report contains system logs and dumpsys files that can be extracted from Android phones. The Android system keeps these files for debugging and monitoring purposes and they contain system data such as recent locations, recent connected Wi-Fi networks, running applications, recently launched applications, recent cell locations and signal info, current Bluetooth MAC address and name etc.  These files are listed in the System Logs section within the HTML and PDF reports and can be directly opened by clicking on their filenames. Their content is analyzed and presented in various reports such as Wi-Fi Networks, GPS Locations, Notifications etc.

 

File System

The File System Report is divided in three section according their source. Internal – which includes raw file system. Then Application File System which contains application data files. The third is the Extra File System, which contains information about files that are not physically present on device but are available to be extracted. This includes all files from iTunes backup on iOS devices. On Android devices, Content Providers, System Logs and DumpSys fall into this category.

 

Timeline

The Timeline Report provides insight into all device activity exactly as it occurred. The report aggregates all extracted items that contain time and date information and displays it in chronological order. Exact parameters of a generated timeline can be customized to specific function; for example, you can select to configure a timeline of calls and messages only.

 

Photo Recognizer

This module automatically locates and recognizes suspicious content in photos such as weapons, drugs, nudity, currency and documents. Photo Recognizer utilizes artificial intelligence and deep machine learning to quickly analyze an unlimited number of photos, and is designed to eliminate countless hours that would be spent manually searching for key evidence in huge databases of photos. Each photo is placed in its own specific category so the investigator can keep the case well-organized and easily present the suspicious content in a fine-tuned report.

 

Phone Unlocking

For a wide range of Android devices, the phone unlocking feature allows for physical image acquisition even when the device is protected by a password or gesture, also able to bypass the lock-screen with many phone models.

 

xtremely wide range of supported phones

  • Password breaker with GPU acceleration and multi-threaded operation for maximum speed

  • iTunes backup analyzer

  • Android ADB backup analyzer

  • Applications data analyzer

  • Photo Recognizer

  • Deleted data recovery

  • Cellebrite UFED data analyzer

  • Cellebrite UFED data generator

  • Oxygen data analyzer

  • Report generator

  • Phone unlocking


Connecting phones

The phone connection wizard will guide you through simple to follow instructions allowing even a novice to work with the product. It also eliminates stress by showing you which setting you need and what buttons to press to make sure your phone connects every time.


Open/Import files

iTunes backup

Android ADB backup

MOBILedit Backup XML

Oxygen Export XML

Cellebrite UFDR

Cellebrite UFD with both, logical data and physical images (new in version 4.0)


Exports

and

reports

HTML – creates site structure for easy data browsing using any browser

PDF – Acrobat reader single file or multiple files

XML – Excel

XLS – Excel workbook

UFDR – Cellebrite report file

MOBILedit export structure of files with parsed data from phone

MOBILedit backup structure of raw files from phone

MOBILedit export and backup can be compressed and encrypted using AES and protected by MD5 or SHA256 hashes.


Contacts

Three unique reports help uncover the suspect’s connections.

The Contacts Report presents all contact details fully retrieved and analyzed, including deleted contact details when available. Contact recovery scope is from multiple sources such as phonebook and memory, vCard files, SIM card, cloud accounts and applications.  Search a report directly for names, numbers, deleted contacts or other information.  The report informs the investigator when the contact was created, when it was last modified and which account type it is (WhatsApp, Cloud, Gmail, Facebook etc.). Find important information such as phone numbers, email address, home address, birthday, employer, and contact profile pictures to help you put a face to a name.

With a Contact Analysis Report find out who the suspect has been in contact with the most, and discover crucial connections.  Contact Analysis will detail the number of sent and received messages and calls including total minutes of talk-time for each contact, sorted in descending order by the number of communication events with the suspect.

The Contact Accounts Report will help the investigator find all phone, email, cloud and applications accounts associated with the suspect’s device.


Messages

Messages are fully retrieved for analysis and presented in the Messages Report, including deleted messages when available.   Messages include standard phone messages (SMS, MMS, iMessages), email messages, SIM messages and application messages.  Customize the report and sort by contact, timeline, conversation view, or both.


Conversations

Efficiently read through entire uninterrupted conversation streams.  The Conversations Reports separates entire conversations by contact and are ordered by time sequence.  Captured conversations include all SMS, MMS, iMessages and applications messages including encrypted-messaging apps.


Call Logs

The Calls Report provides details of all mobile service and applications-based phone calls, including deleted calls.  Pin-point the time and date of when the suspect made or received calls, the duration of the call, the source (mobile, Facebook, WhatsApp etc.) and the contact and phone number associated with each call.


Emails

Emails are fully retrieved for analysis and presented in the Emails Report, including deleted messages when available. Customize the report and sort by contact, timeline, conversation view, or both.


Applications

Perform an advanced applications analysis.  All applications are listed and fully analyzed for their detailed data, including deleted applications data where available, and presented in the Applications Report.   Narrow your search by selecting the specific applications you wish to analyze, or complete an analysis on all applications in the device.  Criminals, terrorists and everyday people are using encrypted-messaging applications more than ever, now an investigator can read these messages.  Raw application data are also stored in the export folder, which makes additional processing and analysis possible.  We support hundreds of applications and the list is growing.

List of supported apps


Integrate

We understand an investigator may use many tools in an investigation.  We’ve designed our software with the ability to integrate with other forensic tools in your lab.  Import and analyze data files exported from Cellebrite UFED and Oxygen reports to uncover potentially overlooked data.  Export all MOBILEdit Forensic Express data to UFED, so you can use the UFED Viewer or Analytics for further processing to move your investigation forward.


Deleted Data

Deleted data is often the key information in an investigation.   Deleted data details are presented in a special comprehensive Deleted Data Report, and also displayed within each individual analysis report.  Whether it is calls, SMS, MMS, calendar events, notes, applications data, or other evidence your are looking for, MOBILedit Forensic Express searches deeply in databases for caches and hidden files to reveal the maximum deleted data possible.


Passwords

The Passwords Report will reveal passwords from many types of accounts and applications.

In iOS devices all system passwords and most application passwords are managed through dedicated and encrypted Keychain. We are able to decrypt the keychain and retrieve all passwords that were saved in it. Passwords contained in the Keychain include: Wi-Fi passwords, appleID password, passwords saved in Safari as well as various email and application passwords, and passwords saved in web browsers and other accounts.  From Android devices Wi-Fi passwords are retrieved.


Wi-Fi Networks

This section contains detailed data about all Wi-Fi networks saved in a device. The Wi-Fi Networks Report displays the history of Wi-Fi connections in time sequential order, including the Wi-Fi network name, the last joined time and date, the last auto-joined time and date (indicates that a suspect has been a repeat visitor to the network location), SSID, BSSID, and security mode. Supported are also continued logs – connected time. Even Wi-Fi network passwords are recovered and are shown in Password Report.


Images

The Images Report will contain images from the phone file system.  This includes application images – images retrieved from applications data, which might also include images stored in temporary files or caches that have been detected as potential images.  An option to display large images in full size will create an additional section in the report and display one image per page.  Filter out duplicate images to omit emoticons and similar images from the reports.


Photos

The Photos Report retrieves all device and applications photos taken by the phone, usually in the DCIM folder.  iPhone deleted photos can be recovered if they were sent via MMS or from a supported application. The ability to recover deleted photos depends on many internal factors in the storage and cannot be predicted nor guaranteed. Supported is also an Apple photo format HEIF.


Cell towers

Data about cell towers that the subject phone was connected to can be obtained. Obtained cell tower locations can be individually viewed on the map through the provided link.


Audio Files

Audio files are copied from the device and its applications.  The Audio Files Report allows you to play an audio file simply by clicking on it in the report.  The report also details the file path, the created and modified time, the duration of the audio file and the size of the audio file.


Video Files

Video files are also copied from the device and its applications.  The Video Files Report allows you to play a video file by clicking on it in the report.  The report also details the file path, the created, modified, encoded and tagged time, the duration of the video, the size of the video file as well as the frame rate, height and width.


Organizer

The device and applications organizers are searched and analyzed, and data is presented in four distinct reports.  Customize the search within a specific timeframe for calendar events, notes and tasks, or complete a full phone search.

The Calendar Accounts Report displays the various device and applications accounts where events are created and stored.  Details include the account source, name, account owner, account email address and the number of associated events with the calendar.

An Events Report lists all events in detail from the device and its applications, including deleted events from calendars and other sources where events are created.  Details include which calendar the event was created in, a summary, a description, start time, created time, modified time, end time, recurrence, if the event was removed or deleted and are sequenced in ascending or descending order.

Tasks are carefully compiled and presented in detail in the Tasks Report.  Tasks found in the device and applications include the full task text content, the creation time, modified time, start time, completion time and indicates if the task was deleted.

Notes including deleted or removed notes are compiled in detail in the Notes Report. Gathered from the device and applications, the report includes a header title, a summary, the full text content of the note, the created, modified and last visit time, as well as if the note was removed or deleted.


Documents

Extract and preview most common document formats.


GPS Locations

Knowing when and where a suspect has been is key in every investigation.  The GPS Locations Report contains all possible GPS location data from the device and applications.  We are able to extract ‚last known‘ locations from Android devices. The analysis and report yield valuable information from map, fitness and transportation applications such as Google Maps, Pokémon Go, Nike+ Running, Uber and many more. Some applications may even contain GPS data about the entire route, and show the sequence of GPS coordinates with their timestamps recorded and stored. Photos and videos on a device may also contain GPS locations in their metadata.  Customize the locations search and report by time, or search and order locations by proximity to specific GPS coordinates.


Cookies

The Cookies Report compiles the history of cookies in a device. System cookies are only obtainable from iOS devices. Application specific cookies are analyzed for every installed application. Cookies contain information about web domain as well as their creation, accessed and expiration time, and if the displayed cookie has been deleted.


Web Browsing History

The Web Browsing History Report contains a consolidated web browsing history from all analyzed browser applications. Each web browsing history entry consists of the visited URL as well as time of the visit. In some cases the total number of visits of the URL is also available with the timestamps of individual visits.  The report is customizable by alphabetical order or by time sequence.


Web Search History

The Web Search History Report contains queries searched in the web browser as well as a timestamp of when the search occurred. System-wide web searches are only obtainable from Android 5.1 devices and older. Web search data is also gathered from browser application analysis.


Bluetooth Pairings

Bluetooth pairing history can be discovered on both Android and iOS devices and is presented in the Bluetooth Pairings Report.  In the report you will find the name of the Bluetooth connection, the Bluetooth address of the pairing device, the status, and on iOS- the date and time of the last connection.


Contact analysis

Contact analysis is a section with analyzed relationships between contacts and the way they were used in various modes of communication. It is also possible to skip contacts that have rarely been communicated with on that mobile phone.


Notifications

Notifications of the device and applications are presented in detail and are retrievable from iOS and Android devices. The Notifications Report displays notifications information including the source, the text of the notification, and the timestamp.  On iOS also included are notifications that are no longer active and may contain otherwise unobtainable information, such as emails and messages from applications that do not store them in databases. On Android only active notifications are retrievable.


Bookmarks

The Bookmarks Report gathers device and application global browser bookmarks on iOS devices (Safari bookmarks), and on Android devices up to Android 5.1; later versions of Android only application specific bookmarks can be obtained.  The report can be sorted by time or name in alphabetical order.


Keyboard Cache

The Keyboard Cache Report contains all words that have been typed on device and is only available on devices running iOS version 7 and older. On Android devices we can extract User Dictionary that contains custom user defined words


System Logs

The System Logs Report contains system logs and dumpsys files that can be extracted from Android phones. The Android system keeps these files for debugging and monitoring purposes and they contain system data such as recent locations, recent connected Wi-Fi networks, running applications, recently launched applications, recent cell locations and signal info, current Bluetooth MAC address and name etc.  These files are listed in the System Logs section within the HTML and PDF reports and can be directly opened by clicking on their filenames. Their content is analyzed and presented in various reports such as Wi-Fi Networks, GPS Locations, Notifications etc.


File System

The File System Report is divided in three section according their source. Internal – which includes raw file system. Then Application File System which contains application data files. The third is the Extra File System, which contains information about files that are not physically present on device but are available to be extracted. This includes all files from iTunes backup on iOS devices. On Android devices, Content Providers, System Logs and DumpSys fall into this category.


Timeline

The Timeline Report provides insight into all device activity exactly as it occurred. The report aggregates all extracted items that contain time and date information and displays it in chronological order. Exact parameters of a generated timeline can be customized to specific function; for example, you can select to configure a timeline of calls and messages only.


Photo Recognizer

This module automatically locates and recognizes suspicious content in photos such as weapons, drugs, nudity, currency and documents. Photo Recognizer utilizes artificial intelligence and deep machine learning to quickly analyze an unlimited number of photos, and is designed to eliminate countless hours that would be spent manually searching for key evidence in huge databases of photos. Each photo is placed in its own specific category so the investigator can keep the case well-organized and easily present the suspicious content in a fine-tuned report.


Phone
Unlocking

For a wide range of Android devices, the phone unlocking feature allows for physical image acquisition even when the device is protected by a password or gesture, also able to bypass the lock-screen with many phone models.