Digital Forensics is an application of science to collecting, preserving, analysing, and presenting digital data. Mobile Forensics is a sub-branch under the scope of digital forensics, and it specializes solely in the forensic extraction of mobile devices (smartphones).
There are other sub-disciplines as well, such as cloud forensics, memory forensics and many more.
To examine a mobile device, one needs to overcome and understand the various types of chipsets used (e.g. MTK, Exynos, Snapdragon), the operating system (Android, iOS), the connectivity ports (e.g. USB Type-C), software security version, encryption used, etc.
Commercial tools largely dominate most of the mobile forensics software used in this industry. However, these companies invested heavily into the research & development (R&D) of gaining access to modern-day phones, developing support for thousands of mobile apps and parsing them nicely in an intuitive interface for their users.
What are the Best Mobile Forensics Tools?
Here are the five (5) best mobile forensics software tools used by law enforcement and private organisations worldwide.
1. Cellebrite UFED
Since entering the mobile forensics industry in 2007, Cellebrite UFED has been the market leader in this space for many years.
Cellebrite is an Israeli digital intelligence company focusing mainly on extracting data from mobile devices. The company has several offices across the world, including Washington D.C, Germany and Singapore.
The UFED capability is available on desktop computers (UFED4PC) and a standalone handheld console (UFED Touch2).
Cellebrite UFED – Key Features
- Unlocking of mobile devices via pattern bypass and PIN locks
- Perform logical, file system and physical extractions
- Use of bootloaders, automatic EDL capability, smart ADB connection and more
- Wide range of supported mobile devices across many different brands
- Extract evidence from mobile phones, SIM cards, drones, SD cards, GPS devices and more
2. Oxygen Forensics
Like Cellebrite UFED, Oxygen Forensics is a Russian company headquartered in Alexandria, Virginia and provides mobile forensics capabilities to law enforcement, federal agencies and enterprises.
The forensic software is an all-in-one platform that can extract mobile forensic images, decode them and parse them in its interface for investigators to analyse quickly. Furthermore, multiple extractions can be investigated in a single Oxygen Forensic interface to have a complete picture of all the acquired data.
Oxygen Forensics – Key Features
- File system level extraction on most mobile devices
- Drone forensics possible
- Bypass screen lock on popular Android devices
- Cloud extraction – Acquire data from cloud services and storage
- Support import of call data records
3. MSAB XRY
MSAB is a Swedish company that specialises in using forensic technology for mobile device examination and analysis. It offers frontline extraction support (i.e. rugged forensic kit model) and forensic lab solution (i.e. software, kiosk or tablet form).
The company’s product is designed to recover and analyze the contents of a digital device in a forensically secure manner and offers three (3) different products, namely;
| MSAB Product | Function |
|---|---|
| XRY | The extraction of the mobile device and the decoding & indexing of the mobile data |
| XAMN | The analysis, reporting and filtering of the extracted data |
| XEC | The digital forensics management solution for seamless data distribution between users, locations, departments and other agencies. |
MSAB XRY – Key Features
- Logical and Physical examinations of over 40,000+ mobile devices and app profiles
- GPS & Memory card examination
- File Signature Analysis
- Support for Chinese chipsets
4. Hancom MD-NEXT
Hancom has been a Korean company specialising in forensic mobile device extraction since 2005. It offers an integrated digital and mobile forensic solution that supports over 15,000+ mobile phones, particularly Korean-made brands such as Samsung and LG.
The company offers three (3) mobile forensics software, namely;
| Software | Function |
|---|---|
| MD-NEXT | The data extraction software for mobile devices, wearables, drones, IoT devices, etc |
| MD-RED | The analysis software for data recovery, examination and reporting of the extracted data |
| MD-LIVE | The first responder software for live data extraction and analysis from mobile devices |
Hancom MD-NEXT – Key Features
- Supports data acquisition for various global smartphone manufacturers (Samsung/Apple/LG/HTC/ZTE etc.) model
- ADB Pro extraction: Supports data acquisition using vulnerability attacks from Android-based devices
- Supports Android Live, MTP, iOS full filesystem Backup, Vendor backup protocol, Local backup, USIM
- Supports Bootloader, Fastboot, MTK, QEDL, etc
5. MOBILedit Forensic
MOBILedit is an all-in-one solution for data extraction from mobile devices, smartwatches and cloud services. It has built-in security bypassing feature that allows users to acquire supported phone models without needing a pattern or pattern unlock.
Another valuable and unique feature is their open database of supported mobile apps. Users can quickly check against this database to see if MOBILedit current supports a particular app. If it doesn’t, there is a request button to ask the company to research that new app.
MOBILedit – Key Features
- Physical and Logical data acquisition
- Automated deleted data recovery
- Cloud forensics acquisition, e.g. Google Drive, OneDrive, Instagram and many others
- Integrates with camera ballistics technology to scientifically analyze photo origins
- Concurrent extractions with the new 64-bit engine
