最新版 MOBILedit Forensic v9 更新於 2024/2/14
MOBILedit Forensic Express 是一款功能強大且先進的軟體,它使用戶能夠分析其行動設備,生成報告,從電話和雲端服務中提取數據,它是一個包含所有有用和必需工具和功能的一體式軟體平台
MOBILedit是使用物理和邏輯數據採集方法的功能強大的64位應用程式,非常適合其先進的應用程式分析器,刪除的數據恢復,即時更新,支持的電話範圍廣泛(包括大多數功能電話),經過微調的報告,並發電話處理,以及易於使用的用戶界面。使用密碼和PIN密碼鎖,您可以通過GPU加速和多線程操作以最大速度訪問鎖定的ADB或iTunes備份。
Forensic Express提供最大的功能,而價格僅為其他工具的一小部分。它可以用作實驗室中的唯一工具,也可以通過其數據兼容性來增強其他工具的功能。與Camera Ballistics集成後,它將科學地分析相機的照片來源。
- Phone extractor with extremely wide range of supported phones
- Password breaker with GPU acceleration and multi-threaded operation for maximum speed
- iTunes backup analyzer
- Android ADB backup analyzer
- Applications data analyzer
- Photo Recognizer
- Deleted data recovery
- Cellebrite UFED data analyzer
- Cellebrite UFED data generator
- Oxygen data analyzer
- Report generator
- Phone unlocking
Phone unlocking
Forensic Express has a built-in phone unlocking feature for many phone models, allowing you to acquire a physical image even when the phone is protected by a password or gesture. It can bypass the lock-screen on a wide range of Android phones. It is ready to utilize the full potential of modified recovery images in order to perform physical acquisition with just a few clicks. Lock-screen patterns, gestures, PINs and passwords are no longer an obstacle in your way of acquiring any data from a wide variety of Android devices.
Physical data acquisition and analysis
In addition to advanced logical extraction we also provide Android physical data acquisition, allowing you to extract physical images of investigated phones and have exact binary clones. Physical analysis allows you to open image files created by this process, or those obtained through JTAG, chip-off or other tools to recover deleted files plus all other deleted data where our product is known to be excellent.
Advanced application analysis
The use of apps to communicate and share has grown rapidly. Many apps are released or updated everyday. It is obvious that the analysis of apps is vital to retrieving as much evidence as possible. This is the strongest point of MOBILedit Forensic Express, we dedicate a large part of our team specifically for application analysis. We employ adaptive and in-depth methods to ensure you retrieve the most data available for each app- especially recovering deleted data. Data is analyzed for its meaning so you see it on a timeline as a note, a photo, a video or a flow of messages no matter what app was used to send them.
Live Updates
The use of apps to communicate and share has grown rapidly. Many apps are released or updated everyday. It is obvious that the analysis of apps is vital to retrieving as much evidence as possible. This is the strongest point of MOBILedit Forensic Express, you get updates of application analysis live and as often as needed. Data is analyzed for its meaning so you see it on a timeline as a note, a photo, a video or a flow of messages no matter what app was used to send them.
Deleted data recovery
Deleted data is almost always the most valuable information in a device. It often hides in applications; and because this is our strongest expertise, we deliver great results in finding deleted data. Our special algorithms look deeply through databases, their invalidated pages and within caches to find any data that still resides in a phone. MOBILedit Forensic Express retrieves the deleted data and presents it clearly in a special section of the report.
Fine-tuned reports
A tremendous amount of effort has been dedicated to refining reports so they are customizable, easy to read, concise and professional. An enhanced report configurator allows you to define exactly which data will be extracted from the phone and how the report will look. Each report is divided into sections, labeled with icons, pictures, and highlighted relevant data so you can find evidence quickly. A complete, configurable and comprehensive list of all events with a time-stamp is shown on a timeline and messages can be filtered by conversation or by contact names.
Reports are available in PDF, XLS, or HTML formats, and you can generate data exports compatible with the other data analysis tools you use in your lab, such as UFED. Have a look on the sample report.
Password breaker with GPU acceleration
Gain access to locked backups of a phone by using our password and PIN breaker. Passwords can be cracked by performing a dictionary attack using our built-in dictionary, or you can use your own dictionary for other languages. Password breaker uses GPU acceleration and multi-threaded operations for maximum speed. Although iOS has well-protected data due to its on-the-fly hardware encryption, MOBILedit Forensic Express is able to penetrate this protection and retrieve the data using the lockdown method.
Concurrent extractions and new 64-bit engine
The new 64-bit engine provides stability and the ability to analyze huge amounts of data, apps with hundreds of thousands of messages, photos and other items, plus several phones at once. Speed up your investigation process by extracting multiple phones at the same time, and generating multiple outputs for each one. All you need is a USB hub, cables and a computer powerful enough to perform concurrent jobs. You can finish a week's worth of work overnight!
Easy to use UI
Having the right tool is not enough, you need the right staff to work with it. The shorter the learning curve the better. Because we have designed software for millions of consumers, it was a welcome challenge for us to make MOBILedit Forensic Express the most user-friendly forensic tool available. With a straightforward interface, each step is simple and guided with clear instruction. It is also optimized for touch screens allowing for easy use in the field.
Camera Ballistics - scientific image analysis
When combined with Camera Ballistics you are able to identify which images present on the analyzed phone were actually taken by the phone's camera using a sensor fingerprint. This process delivers new insight into the images such as make, model, GPS, camera settings, mean square error, fingerprint presence result, probability, and correlation will be organized into a well designed and comprehensive PDF report suitable for submission as evidence.
iCloud analyzer
Now you can analyze backups of iOS devices stored in iCloud. Don't have the phone? Don't worry, you don't need it. Cloud Analyzer will locate all iOS backups in the cloud and let you choose which ones you want to extract, analyze and create reports for. Find crucial hidden evidence including deleted data, applications data and more directly from the cloud. All versions of iOS are supported, including two-factor authentication.
Reports in any language
Reports are now under the user’s control. You can customize reports to your own style or translate them to your language, so you can meet the criteria defined by the law.
Photo Recognizer
This module automatically locates and recognizes suspicious content in photos such as weapons, drugs, nudity, currency and documents. Photo Recognizer utilizes artificial intelligence and deep machine learning to quickly analyze an unlimited number of photos, and is designed to eliminate countless hours that would be spent manually searching for key evidence in huge databases of photos. Each photo is placed in its own specific category so the investigator can keep the case well-organized and easily present the suspicious content in a fine-tuned report.
Face Matcher
This important feature easily finds photos of people you are looking for. Based on the newest deep learning techniques, Face Matcher rapidly analyzes even large quantities of photos that users often have in their phones. Eliminate countless hours spent manually looking through photo albums. Simply supply photos of faces you want to find, and let Face Matcher find right photos in a phone or PC.
Huge number of supported phones
Since 1996 we have supported an extremely wide range of phones manufactured over two decades. The software supports thousands of handsets including popular operating systems such as iOS, Android , Blackberry, Windows Phone, Windows Mobile, Bada, Symbian, Meego, Mediatek, Chinese phones, and CDMA phones. The software can handle many feature phones without an OS. This includes older models from as far back as 1996, when development began and was the first of its kind in the world.
Integrate with other tools
We all know that it is a good practice to use multiple tools in a lab. We've designed our software with the ability to integrate with other forensic tools. Import and analyze data files exported from Cellebrite UFED and Oxygen reports to get even more data.
Export all data to UFED, so you can use the UFED Viewer or Analytics for further processing to move your investigation forward.
MOBILedit Forensic Express extracts all data from phones also into open data format, so you get all the files directly as they are in the phone. This allows you to use other tools, including open source tools, to further analyze data and get even more evidence.
Message analysis and timeline
MOBILedit Forensic Express collects both standard and deleted message information sent by phone and displays it as a timeline. See all message information including who sent message text, what messenger program they used, and any attached media files.
Filter your results to find data faster
Get exactly what you are looking for by filtering extracted data by keyword, specific contacts, time, application or file name. Apply these filters to different data types and radically minimize the report size.
Bypass the passcode on iOS using the lockdown files method
Although iOS has well-protected data due to hardware encrypted on-the-fly, MOBILedit Forensic Express is able to go through this protection and retrieve the data. It supports importing the lockdown files that can be found on a suspect’s computer. These files are generated when you connect an iOS device to a PC and authorize the computer by typing the passcode. MOBILedit Forensic will instruct you on how to obtain these files. If you import the lockdown files to the computer where you make the acquisition, then you will be able to retrieve all data from the phone even if it is locked with a passcode.
Live view data
This new feature allows you to live view content of a phone so you can browse and extract any file even before the batch extraction begins.
Bypass the PIN code with the SIM Cloning Tool
This feature removes the requirement of a PIN for the original SIM card of the phone being investigated. It also removes the need for obsolete and unreliable Faraday bags. Now you can clone SIM cards, create new SIM cards with any ICCID, or just format your SIM card to renew for next use.
Forensic Single Phone |
Forensic Standard | Forensic Pro |
Single Phone edition allows for activation per phone with functionality described in the table below. You pay exactly for as many phones as needed. | Standard edition is packed with the essentials - ideal for users who need a complete forensic tool, but might not need advanced add-ons. | Pro edition is designed for users seeking advanced functionality - perfect for all law enforcement, industry experts and forensic professionals. |
► Pay per phone ► 6 month of updates ► 1 computer ► Phone forensic at logical level ► App analysis
|
► Unlimited phones ► One-time license fee ► 12 months of updates ► 1 computer ► Phone forensic at logical level ► App analysis ► Unlimited imports
|
► All features of Standard plus: ► Deleted data ► Security bypassing ► Physical analysis ► App downgrade ► Smartwatch forensics ► Malware and spyware detection ► Photo object recognition ► Face matcher ► UFED support ► Cloud forensic (optional) ► Camera Ballistics (optional) |
System Requirements
To enjoy the best possible user experience, please ensure your computer meets the minimum system requirements as shown below. We have also included additional specifications for a more powerful system:
- CPU: Intel Core i3 or Ryzen 3 as a minimum, i7 or Ryzen 7 is recommended for concurrent extractions, and a CPU with AVX is required for Face Matcher and Photo Recognizer.
- RAM: 16 GB as minimal configuration, 32 GB is recommended.
- Please note that meeting the minimum RAM requirements may impact concurrent extractions and performance on phones with a larger amount of data.
- HDD: free space of 30 GB on the system drive, plus suitable storage space for the reports. Ideally, separate disks should be used for storing the data, and using SSDs will mean read/write speeds are quicker.
- OS: Windows 64-bit OS is required, Windows 10 as minimal configuration.
- Minimum screen resolution: 1250x800, recommended 1920x1080.
- High-quality cables for connecting phones are essential.
- GPU: The only feature that benefits from a GPU is the Password toolkit for brute force attacks on backup Pins and passwords. The GPU can be of any type and either integrated, a dedicated graphics card or fully external.
To install MOBILedit Forensic successfully, please disable your antivirus program. If enabled, our security bypassing features (i.e. Dirty Cow) may trigger the antivirus warning system. If it is not possible to disable it completely, disable at least the automatic scan of the folders.
By disabling your antivirus program you will also prevent any possible errors that may occur during installation and extraction.
For Windows 10 and above, you may also need to add MOBILedit Forensic to the safe/allowed list of apps in the controlled folder access settings.
MOBILedit
Whether its the latest and greatest or your tried and true classic phone, MOBILedit is the central toolbox that can manage them all. Control your phones content the way that you have always wanted. With so much important content in your phone the convenience of MOBILedit on your PC makes all the difference when adding new contacts to your phone book, managing files, making back ups or sending text messages.
Camera Ballistics
Camera Ballistics is a unique software product that uses advanced algorithms and cutting-edge technology to determine if a photo was truly taken by a suspected camera or not.
Photos contain more information than what you can see in the image. Camera Ballistics' unique scientific algorithm goes deeper than just EXIF. It will identify if a photo was taken by a suspected camera device or not, giving you maximum data from photos and making Camera Ballistics an essential tool for every forensic investigator.
Phone Copier Express
Professional software for phone content transfer
Phone Copier Express is easy to use, fast, transfers maximum data, supports a huge range of phones and is a great in-store solution as well as for home users