From Jad Saliba, Founder & CTO of Magnet Forensics
Today I’m excited to announce the beta availability of a new software product called Magnet ACQUIRE™. Magnet ACQUIRE is a smartphone acquisition tool that will allow you to quickly and easily acquire an image of any iOS or Android smartphone or tablet.
We’re looking for forensic professionals to join our beta program and help us make a great smartphone acquisition tool for the digital forensics community. Your feedback is critical and will help us shape the product to best meet your needs. Current Magnet IEF customers can sign up for the beta program now, in our Customer Portal.
Mobile Forensics with Magnet
While Magnet ACQUIRE is our first smartphone acquisition tool, it certainly isn’t our first smartphone forensics product. About two and a half years ago, we began development of our IEF Mobile Module – a product we designed to recover and analyze evidence contained within smartphone images. The Module was a product of customer feedback, having learned that our users needed a tool that would allow them to dig deeper into smartphone user activity in popular chat apps, browsers, social networking apps, email apps, etc.
Customer feedback was also the driving force behind the development of Magnet ACQUIRE. Over the last year, I discovered that more and more of our customers were expressing concern over the challenges they were facing getting smartphone images. Some of the most common pain points I was hearing from customers were:
- “Sometimes I’m able to acquire a physical image, while other times I can only get a logical image. I’m spending too much time on ‘hit or miss’ extraction attempts on smartphones.”
- “Why do I have to choose ‘method x’ or ‘method y’? I don’t understand the difference between these methods or why they seem to produce different results?”
- “How are my tools extracting data to create smartphone images? The extraction process is unclear.”
Building Magnet ACQUIRE
With this feedback in mind, we set about researching extraction methods to build Magnet ACQUIRE. The customer feedback we received appeared to share two common root causes:
- Increased security of smartphone operating systems:
Smartphone operating systems are getting more secure, making physical images increasingly difficult to acquire. This is a new reality of smartphone forensics.
- Limited transparency in acquisition methods:
There’s a lack of transparency, openness, and documentation about the acquisition methods used by mobile forensics tools, making it hard for digital forensic examiners to:
- Troubleshoot or adapt when they encounter a problem during acquisition,
- Identify the ‘path of least resistance’ to get a quick image, or
- Know which method will produce the most comprehensive image
When we developed Magnet ACQUIRE, we defined three key benefits we wanted deliver on to help overcome these problems faced by our customers. Magnet ACQUIRE would be reliable and fast, acquire as much data as possible, and have documented acquisition methods and process transparency.
No small task, but the Magnet development team likes a challenge (and we give them plenty 🙂 ), and they never cease to amaze me with what they’re able to accomplish. And so, Magnet ACQUIRE was born.
Extracting an Image with Magnet ACQUIRE
Magnet ACQUIRE offers a choice of two distinct extraction processes:
Quick Extraction – a reliable and quick method for obtaining a logical image from any iOS and Android device.
Full Extraction – a method allowing users to gather more evidence through physical images of rooted Android devices or file system logical images of jailbroken iOS devices.
Our Quick Extraction method uses documented backup processes and openly known commands for iOS and Android. The advantage of these methods is that they will work consistently. Quick Extraction uses a combination of two acquisition methods in a single extraction process to produce one logical image with more content/data than can be obtained by either method on its own.
I see Quick Extraction as a great way to start off a smartphone examination, knowing that it’s a fast and consistent way to get an image. You can use IEF to recover and analyze evidence from this image. If the data recovered proves valuable, you can use the Full Extraction method or another imaging tool to try and get a physical image of the device, which may reveal additional evidence from unallocated space.
As the smartphones landscape continues to change and advance, the process of investigating these devices becomes more challenging, but essential. Our team at Magnet Forensics is committed to building tools and sharing information that will help you spend less time navigating the technical complexities of smartphone forensics, and more time using smartphone evidence to uncover the truth.
To our customers, thank you for your long-time support and for being there with us as we grow. It’s important to me that we maintain a close working partnership with our customers and the forensic community, as it helps us learn and improve our products. We hope that this free beta trial of Magnet ACQUIRE will assist you in the important work you do.
Learn More About Magnet ACQUIRE
Join the Magnet ACQUIRE Beta Program
- Magnet IEF Customer: Join the Beta Now