MOBILYZE

全球擁有超過40億個智能設備，移動數位數據現在已成為每項調查的一部分。立即獲得這種法醫證據至關重要。Mobilyze允許調查人員獲取，查看和保存任何iOS或Android設備上的數據。

特色

OVERVIEW
MAKE INVESTIGATIONS EASIER
With the dynamic acquisition capabilities of Mobilyze, investigators can instantly examine data and quickly decide which evidence requires further forensic investigation.

Mobilyze is perfect for investigators with minimal digital forensics experience:

• Support for Apple's mobile devices with iOS 12.0
• Ability to set timezone display
• Improved support for Android group message on Samsung devices
• Mobilyze is now a 64-bit application
• User-friendly, with minimal training required to use Mobilyze in the field
• Simply plug the iOS or Android device into the system’s USB port running Mobilyze, and immediately start acquiring data
• Perform logical acquisitions, allowing investigators to acquire a full or limited data collection in real time
• Discover evidence quickly through an easy-to-use integrated interface
• Examine data through various categories, filters, searches and views
• Securely preserve all relevant user data in a forensically sound manner

Mobilyze significantly reduces an investigators’ dependency on specialized investigators or high tech units. For more comprehensive analysis, Mobilyze cases seamlessly import into Blacklight, without the need to perform another data collection.

ACQUISITION
CHOOSE COLLECTION OPTIONS AND QUICKLY ACQUIRE DATA

• View data in real time during the device acquisition
• Unplug the device at any time, preserving all acquired data
• Get an immediate snapshot of key user info from the device
• Select the order in which third party application data is collected
• Even with a locked iPhone/iPad, the model number, device name and iOS software version are displayed

TRIAGE
LOCATE EVIDENCE OF INTEREST IN CLEAR, ORGANIZED VIEWS

• Easily navigate between views (Communications, Media, Locations, Apps, Internet and Productivity)
• View all messages (SMS, WhatsApp, etc.) in a native format or an indexed list
• Filter any data set by keyword and/or date/time
• View files with geolocation data alongside the built-in Google Maps GPS pane

REPORTING
CUSTOMIZE YOUR REPORT

• Identify and tag collected data, even while it is still being acquired
• Tailor the elegant report to either include all data, or just tagged evidence
• Quickly export to HTML or PDF
• Click the image to the left to view a full sample HTML Report!

系統需求 

*Note: For Windows systems, Mobilyze uses whatever the default app may be for playing media files. Windows Media Player 12 is recommended. If Windows examiners do not have QuickTime installed and they wish to play certain file types such as .AMR files (voicemail, etc.) they will need to install some non-default codecs

IOS

• iPhone 3G and newer with iOS 5.0 to 12, including iPhone models - XS, XS Max and XR
• All iPads with iOS 5.0 to 12
• iPod Touch 2G and newer with iOS 5.0 to 12

ANDROID

• Devices running Android 4.0.4 to 8.0 (without encryption)
• Devices manufactured by: Samsung, Motorola, HTC, LG, Google Nexus
• Note*: Additional devices running Android 4.0 or later may function properly if the appropriate USB driver for Windows OS is installed

MACQUISITION™

MacQuisition是一款功能強大的三合一解決方案，適用於即時數據採集，目標數據採集和取證成像。MacQuisition經驗豐富的審查員經過十多年的測試和使用，可在Mac OS X操作系統上運行，安全地啟動並從原生環境中的185多種不同的Macintosh電腦模型中獲取數據 - 甚至是Fusion Drives。當你有MacQuisition時，不需要復雜的拆分。

特色

TARGETED DATA COLLECTION
SELECTIVELY ACQUIRE

• 目標和取證獲取文件，文件夾和用戶目錄，同時避免已知的系統文件和其他不需要的數據
• 通過維護與原始文件的關聯來保留有價值的元數據
• 使用任何或所有MD5，SHA-1或SHA-256哈希函數對收集的數據進行身份驗證
• 在整個收集過程中徹底記錄數據採集和源設備屬性
• 有選擇地以每用戶，每卷為基礎獲取電子郵件，聊天，地址簿，日曆和其他數據

LIVE DATA ACQUISITION
COLLECT FROM LIVE SYSTEMS

• 實時捕獲重要的實時數據，如Internet，聊天和多媒體文件
• 合理地獲取並將易失性隨機存取存儲器（RAM）內容保存到目標設備
• 從26種獨特的系統數據收集選項中進行選擇，包括活動系統進程，當前系統狀態和打印隊列狀態
• 在整個收集過程中廣泛記錄實時數據採集信息

FORENSIC IMAGING
CREATE FORENSIC IMAGES

• MacQuisition可自動識別Fusion Drive中的組合音量並將其呈現用於成像
• 如果FileVault 2存在，審查員可以使用密碼，Keychain文件或恢復密鑰，以只讀方式安裝卷，允許分類或收集文件
• 使用源計算機自己的系統通過從MacQuisition USB加密狗啟動來創建取證圖像
• 寫保護源設備，同時保持對目標設備的讀寫訪問
   

系統需求

MacQuisition is a unique forensic imaging and acquisition tool capable of booting hundreds of Mac OS X systems, as well as acquiring live targeted data. MacQuisition is the trusted forensic solution that runs within a native OS X boot environment.

Below is the range of Mac systems supported by the newest version of MacQuisition, followed by instructions for examiners in need of a solution for older Mac hardware. For Mac models with a USB-C port, we advise using an Apple USB-C adapter. Other third party USB-C accessories may not be compatible. 

*Note: Not all recent systems have been fully tested. The compatibility table represents the full list of systems that MacQuisition is built to support. If you have any issues with system compatibility

* Certain older 2007-2009 models that are not supported by the MacQuisition 2018R1 partition may be bootable by the MacQuisition Secondary partition. Having trouble identifying a Mac OS X system? We recommend the MacTracker App, available for free at the App Store.

† T2 chip default encryption may be present.

LEGACY MACS
Trouble booting older Mac systems? Within each MacQuisition dongle, there is a legacy version of the software that can boot Intel-based Mac systems that predate the compatibility table above. For even older systems, including those running OS 9 (Classic), all MacQuisition customers have access to an ISO boot disk. ISO downloads are available within MacQuisition customers' individual account pages on BlackBag's website. Please contact [email protected] with any questions regarding current compatibility or use of the ISO boot disk.

SOFTBLOCK

SoftBlock™是一種基於軟體的取證寫入阻止工具。SoftBlock可快速識別新連接的硬體設備，並根據用戶偏好使用只讀或讀寫權限安裝設備。該取證軟體旨在滿足大型數位取證實驗室和個人法醫從業者的需求。SoftBlock允許取證審查員在導入數據之前快速安全地預覽證據設備上包含的數據。SoftBlock可以在法醫檢查員的分析機器上運行; 不需要額外的昂貴或笨重的硬體。

Note: The current version of SoftBlock (1.1.0) is compatible with OS X 10.9.5 - 10.13.3. SoftBlock 1.0.7 is compatible with OS X 10.7.x - 10.10.x. If you are running a version of OS X that is older than 10.7, you will need SoftBlock 1.0.5.

特色

SUPPORT FOR MAC OS X
SoftBlock runs on OS X 10.9.5 - 10.13.3.

SCALABILITY
SoftBlock handles as many hardware devices as a forensic analysis machine allows.

MOBILITY
Avoid purchasing expensive write-blocking hardware. SoftBlock blocks data transfer at the kernel-level.

DEVICE MANAGEMENT
A true time-saver. Quickly and safely mount and preview multiple external devices.

SEAMLESS WORKFLOW INTEGRATION
SoftBlock features an intuitive user interface. Once installed, SoftBlock runs in the background and is available for use on demand.

ADDITIONAL INFORMATION