News Room

News Release: Magnet Forensics Releases Internet Evidence Finder v6.5

With the release of Internet Evidence Finder v6.5, Magnet Forensics adds support for Windows Phone, and introduces new triage features including live system artifact recovery capabilities.

IEF v6.5 Resource Centre:

November 19, 2014 – Magnet Forensics, the global leader in the development of software solutions that find, analyze and report digital evidence found on computers, smartphones and tablets, announced today the release of Internet Evidence Finder® (IEF) v6.5. This release adds support for Windows Phone, and introduces new triage features including live system artifact recovery capabilities.

Find More Evidence on Mobile Devices:

Support Added for Windows Phone

IEF is already capable of recovering evidence from native and third-party mobile applications found on Android and iOS smartphones. With the release of IEF v6.5, investigators can now use IEF to analyze a physical image of a Windows Phone acquired using JTAG and chip-off techniques.

Supported Windows Phone artifacts include:

  • Windows Phone 8 Email
  • Windows Phone 8 SMS
  • Windows Phone 8 Contacts
  • Windows Phone 8 Call logs
  • Pictures
  • Video
  • Skype
  • Internet Explorer

Read blog post on analyzing Windows Phone with IEF

Support Added for Popular Mobile Dating App, Tinder

Tinder has emerged as popular location-based mobile dating application used by millions of people to meet other singles. In this release, support for this location-based dating app has been added to IEF, as finding evidence from this new class of application is becoming increasingly useful.

Read blog post on recovering evidence from Tinder

Support Added for F2FS Android File Systems

As various Android device manufacturers move to F2FS file systems, support for the recovery of artifacts on Android phones running this new file system has been introduced.

Read blog post on recovering evidence from F2FS file systems

Find More Evidence on Computers:

IEF can also recover a host of new artifact types, and has updated its support for many others:

New Internet Artifacts:

  • webmail
  • Google Analytics cookies (carving)
  • Enhanced support for Google Search Queries
  • Additional Refined Result Categories for Shipping and Income Tax Filing Sites (URLs)
  • ICQ 8
  • Viber (Windows artifacts)

New Business Application & OS artifacts:

  • Text Files (.txt)
  • RTF Files (.rtf)

Updated / Improved Artifacts:

  • Twitter (iOS)
  • Email fragments (iOS)
  • Snapchat (additional chat and decrypting of videos added for Android devices)
  • Chrome Cache
  • Dropbox (iOS & Android)
  • WhatsApp (iOS)
  • Kik Messenger (iOS)
  • Dropbox (Windows)
  • Twitter (Android)
  • Windows User Accounts

New Triage Module:

Now available as an optional module, Triage capabilities can be added-on to any license, giving an examiner the flexibility to bring their dongle into the field to conduct live system forensics. Capture live RAM, collect data from live system artifacts, and run an IEF search to recover hundreds of different types of digital forensics artifacts from Windows powered computers.

Triage Module Features:

  • Detect active full disk encryption like Truecrypt, Bitlocker, PGP, and more
  • Capture live RAM
  • Collect volatile data from live system artifacts:
    • Network connections
    • Running processes
    • Connected network shares, drives and remote connections
    • Network interfaces
    • Logged on users
    • Scheduled Tasks and Services
    • New “Quick Capture” feature to quickly capture RAM, live system artifacts, and run a Quick Search in a single step
    • Quickly and easily conduct on-scene searches and pre-screen evidence to qualify computers for seizure and further examination
    • Maintain forensic integrity of data

Read blog post on IEF’s new Triage Module

Analysis & Reporting Enhancements:

Several additions have also been made to IEF’s analysis and reporting features:

  • Bookmark comments & tags: Add text comments and tags to bookmarked items of interest.
  • Chat threading: View Facebook and Kik Messenger chats in a threaded view that resembles the app’s interface.
  • IEF Timeline: Option to plot multiple date and time metadata from the same artifact. Useful when trying to view information of when a file was created, modified and accessed (instead of only being able to see one of those dates per artifact).
  • Improved picture viewing and sorting: Review all recovered pictures in a single view, with no paging required. Right-click to change how items are sorted.

Read blog post on all of IEF’s new analysis & reporting features

IEF Pricing & Licensing Options:

As part of the release of IEF v6.5, Magnet Forensics has re-introduced IEF Triage as an optional, add-on module, enabling forensic examiners to run an IEF search on a live system in the field. This change is intended to provide customers with greater flexibility to customize their IEF license(s) to meet their investigative needs and budget. The table below summarizes the current IEF licensing and pricing options:

Products License * Annual SMS
Internet Evidence Finder $1,549 $400
(includes Internet Artifacts Module)    
Add-on Modules (optional)
Mobile Artifacts Module $600 $150
Business Applications & OS Artifact Module $600 $150
Triage Module $450 $50
(previously available as a separate license)

* First Year SMS Included with License

For more details, please contact