SPECIFICATION
PARSING AND RECOVERY OF VARIOUS IMAGES AND FILESYSTEMS
- Images: SD Card, phone data partition, MDF, E01, GrayKey, UFED image format
- Filesystems: FAT12, FAT16, FAT32, NTFS, exFAT, HFS+, EXT2, EXT3, EXT4, F2FS, VDFS, APFS, TAT16, TAT32, NxFS, IKVISION, DHFS4.1, WFS0.4, TANGO, RSFS, WOW, VDFS, XFS, YAFFS, EFS2, TFS4
- Data carving for unused area
ANALYSIS OF MOBILE DATA AND APPS
- Multimedia files taken by phone camera
- Call log, Address book, SMS/MMS, Email, Memo, Internet history
- SNS, Map, Navigation, Health, Banking and Lifestyle apps
- Detects Steganography, Anti–forensic apps
- Deserialization, Decryption and Recovery of data
ADVANCED ANALYSIS OF POPULAR MESSENGERS
- Description of encrypted messenger data
- Multiple backup files of WhatsApp decryption and analysis
- Multiple account analysis
DATA VISUALIZATION AND SOCIAL RELATIONSHIP ANALYSIS
- Map view for GPS data and cell tower location
- Timeline view of analyzed data
- Chat viewer for communication visualization
- Web browser for internet history review
- Social relationship analysis
- Community analysis by centrality
MULTIPLE SPACE ANALYSIS
- Samsung secure folder(KNOX space) analysis
- Huawei PrivateSpace analysis
- Android Multi-Space analysis
DATA DECRYPTION AND RECOVERY
- Identifies encrypted document
- Decrypts encrypted chat message, email, file and app data
- Recovery of deleted file and multimedia data
DYNAMIC DATA FILTER AND SEARCH
- Filter by file system, signature, time and more fields
- Dynamic filtering operators, sorting, grouping
- Search by regular expression
- Keyword registration
- Bookmarking of selected data
- Multimedia filter by app, status, size, type, property, path
REPORTING
- Export of original or converted files with hash value of files
- Supports PDF, Excel, ODS, HTML, XML and SQLite DB format
- Supports 3rd party report formats such as NUIX, Relativity and ForensIQ one
- Electronically stored information can be included in a report
- Analyzed result can be reviewed with a stand-alone data viewer MD-Explorer
