Magnet Forensics Releases Internet Evidence Finder v6.3


Key release updates include enhanced tools for investigation of pictures; additional support for volume shadow copies, support for an expanded range of mobile chat and social networking artifacts; as well as support for analysis of Kindle Fire tablets.

IEF v6.3 released

 

Magnet Forensics, the global leader in the development of digital forensic software for the recovery and analysis of Internet evidence from computers, smartphones and tablets, today announced the release of Internet Evidence Finder™ (IEF) v6.3. The latest release keeps with the company’s commitment to provide timely software updates, adding new platform features, and support for the recovery of 76 new Internet and mobile artifacts.

New IEF Platform Features

Enhanced Tools for Investigation of Pictures

IEF v6.3 includes a new set of integrated features intended to assist law enforcement with identification and categorization of pictures:

  • Hashing of Recovered Pictures – PhotoDNA, MD5 and SHA-1 hashes are provided for picture files recovered by IEF
  • Import custom hash databases to automate the identification and categorization of picture files
  • Import Project Vic databases to automate the identification and categorization of picture files for law enforcement customers working on child exploitation cases
  • Export pictures from the IEF report viewer for customers using third party picture analysis software (for example C4All)

Other New Features

  • Native support for the AD1 logical image format created by AccessData’s FTK
  • Volume shadow copies can now be analyzed as a standalone source of evidence with more granularity and native parsing (no image mounting required)
  • Native support for analysis of zip archives (no longer necessary to extract the data from a zip archive prior to analysis). This is particularly useful for analyzing Cellebrite logical file dumps saved as zip archives
  • Support for the exFAT filesystem. Recover artifacts from devices that use the  exFAT filesystem, including Windows Phone and Xbox 360 devices
  • Artifact selection profiles allow for the creation of search profiles that predefine the artifacts to be searched for by an IEF search
  • New refined results categories/features:
    • Known pornographic websites identified and categorized in refined results
    • Known malware/phishing websites identified and categorized in refined results
    • Customize refined results lists to automate identification and categorization of predefined websites.
  • Export geolocation data to a KML file for visualization using Google Earth (an alternative to the IEF World Map, Google Earth can be used on offline forensic workstations that aren’t Internet-connected).

New Artifacts

This release adds support for 76 new artifacts, bringing the total number of artifacts supported by IEF to 431. IEF now recovers 263 types of Internet artifacts on Windows and Mac computers and 168 types of mobile artifacts for iOS and Android powered smartphones and tablets (IEF Advanced required for mobile investigations).

Expanded Set of Mobile Messenger & Mobile Social-Networking Artifacts

The use of mobile messenger and mobile social-networking applications has exploded in the past year. With this release, IEF adds support for the recovery of artifacts from a host of additional mobile chat and social-networking applications, including;

  • WeChat
  • LINE
  • BlackBerry Messenger (BBM)
  • Viber
  • textPlus
  • Growlr
  • Grindr
  • QQ Chat
  • AIM for iOS
  • Touch
  • WhatsApp support expanded to include recovery of WhatsApp encrypted backups
  • Kik Messenger support expanded to include recovery of attachments

Support Added for Kindle Fire

IEF v6.3 adds support for the analysis of Kindle Fire tablets which are powered by a custom version of the Android Ice Cream Sandwich OS. This release includes the addition of 18 new Kindle Fire specific artifacts, like the Silk Browser, email, downloads, pictures, video, and Kindle versions of popular third-party applications like:

  • AIM
  • Dropbox
  • Facebook
  • Gmail
  • Instagram
  • Kik Messenger
  • Sina Weibo
  • Skype
  • Twitter

IEF Advanced is required for analysis of mobile devices. For a full list of mobile artifacts supported by IEF Advanced visit: www.magnetforensics.com/software/internet-evidence-finder/supported-artifacts/

Other New Artifacts

  • Dropbox decryption support for Windows 7 (Dropbox decryption now supported for Windows XP, Vista and 7 on images, as well as Windows 8 on live systems)
  • Dropbox config.dbx decryption
  • Windows Phone artifacts – Recover browser history, browser based social networking artifacts, webmail, Skype artifacts, and pictures/videos from Windows Phone images/file system dumps
  • Internet Explorer 10/11 downloads
  • Mailinator.com webmail
  • Recovery of IP addresses from Skype configuration files and chat sync messages

Artifact Updates

  • iChat updates
  • Safari updates
  • Facebook updates
  • Chrome updates
  • Firefox updates
  • Picture carving updates
  • Skydrive updates
  • Built-in regex updates
  • IE10 rebuilt webpages updates
  • MSN chat protocol updates
  • eMule updates
  • Flash cookie support updates
  • 360 Safe browser updates
  • AIM updates

Learn More

Change Log

Upgrade to IEF v6.3

Existing customers with a Software Maintenance & Support (SMS) subscription can upgrade to IEF v6.3 visiting our customer portal

Try IEF v6.3

New to IEF? – Download a free trial of IEF v6.3  by going to www.magnetforensics.com/trial