Latest version of IEF uniquely addresses the challenge of identifying, recovering and analyzing mobile chat data.
- Blog: Finding More Mobile App Data – IEF v6.2 Released by Jad Saliba
- Video: Dynamic App Finder – Walk-through
- Upgrade to IEF v6.2
- Download a free trial of IEF v6.2
Magnet Forensics, the global leader in the development of digital forensic software for the recovery and analysis of Internet evidence from computers, smartphones and tablets, today announced the release of INTERNET EVIDENCE FINDER™ (IEF) v6.2. The latest release adds new features, new Internet artifacts and artifact updates for both IEF Standard and IEF Advanced editions. Newly introduced in IEF v6.2 is the Dynamic App Finder feature. Available for IEF Advanced, it is a novel approach to data recovery from mobile chat applications that enables forensic professionals to find more evidence, faster.
Dynamic App Finder
Data recovered from mobile chat apps is critical to many forensic investigations. However, with thousands of mobile chat apps in use today and a steady stream of new apps emerging, identifying, recovering and analyzing mobile chat data is a significant challenge and has become a time consuming duty for forensic professionals.
Dynamic App Finder is a new feature of IEF Advanced that searches for any potential mobile chat app databases that can be found on images or file dumps of iOS or Android mobile devices. It identifies the app name and maps the four key fields required to interpret results from most chat apps; sender, receiver, date/time and the message. At the conclusion of an IEF search, Dynamic App Finder displays the names of the discovered chat apps along with the recommended field mapping for each chat database. Field mappings can be accepted as displayed or modified, and are saved by IEF for use in future cases. Full search results with all recovered records for each chat app are displayed in IEF Report Viewer.
Dynamic App Finder enables examiners to find chat messages from potentially thousands of apps, regardless of how new or obscure they might be.
New IEF Platform Features
The platform enhancements in IEF v6.2 include:
- Chat thread visualization for WhatsApp and Skype; simulates the appearance of chat threads as they would appear in the original application to provide an easily digestible format for both investigators and prosecutors
- Import and export log2timeline CSV format files with IEF Timeline; support for an industry standard file format making it possible to use IEF Timeline for visualization of evidence obtained with other forensic tools
- Merge multiple cases together in IEF Report Viewer and IEF Timeline
- Associate a unique evidence number with each individual device added to a search/case and filter search results based on evidence number within IEF Report Viewer and IEF Timeline
IEF Standard Edition Updates
New Internet Artifacts:
- AVI file carving; recovers video fragments that can be exported to a video file and then played in a video player
- Full Ares artifact support; parse and carve search terms, shared files, downloaded files, and incomplete file downloads
- Hushmail webmail support
- TOR Chat parsing and carving support
- Flash cookies and local objects
- Offline Gmail
- Chrome last/current session tabs
Updated Internet Artifacts:
- Outlook.com webmail (Hotmail artifact update)
IEF Advanced Edition Updates
All IEF Standard artifacts are included in IEF Advanced.
New Mobile Artifacts:
- Support for the YAFFS2 file system used on older Android devices
- Sina Weibo App support
- AIM (AOL Instant Messenger) support on iOS and Android
- Android Cell.cache and Wifi.cache file support – location data can be plotted in World Map
- Android Native email carving
Updated Mobile Artifacts:
- Android SMS improved carving for deleted SMS
- Kik Messenger
- Blog Post: “Finding More Mobile App Data – IEF v6.2 Released”, by Magnet Founder and CTO Jad Saliba
- IEF Artifacts Supported