Best of

digital-forensics-imager-software-tools

7 BEST Digital Forensic Imager Tools [dd, E01, AFF formats]

Best of /

A digital forensic imager can be in the form of a software imaging tool or hardware equipment. A good forensic imaging tool can output to several forensics formats and is commonly used by law enforcement agencies, private investigation firms, and security companies nowadays.

Below is a quick summary of the best forensic imagers and their imaging capability.

S/noForensic Imaging ToolDescriptionType
1FTK® ImagerComputer imagingSoftware
2Tableau Forensic Imager (TX1)Computer imagingHardware
3EnCase™ ForensicComputer imagingSoftware
4SIFT WorkstationComputer imagingSoftware
5Magnet RAM CaptureRAM imagingSoftware
6Magnet ACQUIREComputer & Mobile imagingSoftware
7Cellebrite UFEDMobile device imagingSoftware and Hardware

What is a Forensic Image?

A forensic image is a court-accepted digital image of a digital device or a digital file, such as a computer, a mobile phone or a system drive. It is considered forensically sound as the forensic image is a bit-by-bit copy of the original device, drive or file.

A forensic image is acquired using specialized digital forensics software or hardware equipment and is examined primarily by digital forensics analysis tools.

What are the Different Formats of Forensic Images?

The most common forensic image formats being used are;

  • EnCase Evidence Files = E01 / Ex01
  • Raw Format = dd
  • Advance Forensics Format = AFF

What are the BEST Forensic Imaging Software Tools?

Here are the seven (7) best digital forensics imaging tools you can use.

1. FTK® Imager

ftk-imager-digital-forensics-imaging

FTK® Imager is a data preview and imaging software tool that allows you to quickly assess electronic evidence to determine if further analysis using forensic tools is needed.

The imaging tool can make forensic copies of physical disks, logical drives, individual files, entire folders, discs, USB flash drives, etc.

FTK Imager – Key Features

  • Create perfect or forensic copies from the original.
  • Generate hash reports before and after the forensic image is created
  • Ability to mount images as read-only

2. Tableau Forensic Imager (TX1)

Tableau-Forensic-Imager-TX1-imaging

Measuring 9.5 in (L) x 6.5 in (W) x 2.6 in (H), the Tableau Forensic Imager (TX1) is a physical forensic imager hardware device that is used to create forensic images of a wide range of computer media, including USB flash drives, SATA hard drives, PCIe and 10Gb Ethernet devices.

When TX1 starts imaging, it can output to raw DD formats, .e01 (compressed) or .ex01 (compressed), and supports a wide range of file systems, such as ExFAT, NTFS, EXT4, FAT32, HFS+ and many more.

TX1 – Key Features

  • Support up to two active forensic jobs simultaneously
  • Pause and resume imaging jobs
  • Automatic job queuing allows additional jobs to begin as soon as an active job completes
  • Secure Wiping and Formatting features
  • AES whole disk encryption

3. EnCase™ Forensic

opentext=encase=forensics-digital-imager

EnCase™ Forensic is a software imaging tool used by the majority of law enforcement agencies in the world. The strength of this forensic imaging software lies in its competency in acquiring forensic images from a wide array of computer systems.

It is especially good at analyzing Windows operating systems and commonly-used file systems such as NTFS, FAT/FAT32/exFAT/, ext4 and many more.

EnCase Forensics – Key Features

  • Analyze data from multiple platforms—Windows, Linux, AIX, OS X, Solaris, and more
  • Uncover suspicious files, e.g. hiding, cloaking, or deletion
  • Manage large data volume, including deleted files, unallocated space and file slack.
  • Indexing, keyword searching and automated evidence-processing features
  • Create exact forensic duplicates through verifiable hash values and Cyclic Redundancy Check (CRC) values
  • Easy transfer of evidence files to external parties, such as legal representatives

4. SIFT Workstation

SIFT-workstation-digital-forensics-imaging

SIFT Workstation is a software imaging VMware appliance, pre-configured with free, open-source forensics and analysis tools to perform deep digital forensic investigations in various environments.

It can image attached physical devices and system drives using a range of forensic command formats, such as raw dd, E01, AFF, etc.

SIFT Workstation – Key Features

  • Lots of installed forensic applications, e.g. log2timeline
  • Mounting of raw and forensic images
  • Conduct forensic investigation using installed suites like the sleuthkit.
  • Conduct incident response investigations

5. Magnet RAM Capture

magnet-RAM-capture-digital-forensics-imager

Magnet RAM Capture is a software imaging tool that can recover and examine artefacts frequently found only in the memory by taking a snapshot of a suspect’s computer’s physical memory (RAM).

You can use Magnet RAM Capture while minimizing memory overwriting thanks to its minimal memory footprint. Furthermore, you can transfer the memory data into analysis programs like Magnet AXIOM after you have captured it.

6. Magnet ACQUIRE

magnet-acquire-digital-forensics-imager

Magnet ACQUIRE is a software imaging tool capable of mobile device image acquisition and capturing forensic images of common storage drives, including hard drives and USB flash drives.

The forensic acquisition tool can output the image to the E01 and raw dd format.

For mobile devices, depending on the make & model of the device, it can acquire a logical extraction, file system extraction or even a full physical image extraction.

Magnet ACQUIRE – Key Features

  • Use Media Transfer Protocol to acquire media and files, such as photos, videos and documents from mobile devices.
  • Support 3rd-party application user data
  • Support extraction of memory cards, e.g. microSD cards

7. Cellebrite UFED

cellebrite-ufed-digital-forensics-imaging-tool

Cellebrite is an Israeli digital intelligence company focusing mainly on extracting data from mobile devices. The forensic image it outputs is in its proprietary form, the UFDR format.

The UFED capability is available on desktop computers (UFED4PC) as software, as well as a standalone handheld physical console (UFED Touch2).

Cellebrite UFED – Key Features

  • Unlocking of mobile devices via pattern bypass and PIN locks
  • Perform logical, file system and physical extractions
  • Use of bootloaders, automatic EDL capability, smart ADB connection and more
  • Wide range of supported mobile devices across many different brands
  • Extract evidence from mobile phones, SIM cards, drones, SD cards, GPS devices and more

7 BEST Digital Forensic Imager Tools [dd, E01, AFF formats] Read More »

Virtual-Piano-Keyboard-Software-App

9 BEST Free Virtual Piano Keyboard [PC, Mac, iOS, Android]

Best of /

Learning to play the piano these days does not necessarily require a physical piano. Virtual piano software is convenient, sounds great and has tons of customization & connectivity features.

Depending on the virtual piano app, it can work on web browsers, different operating systems and different types of devices, such as mobile phones and computers.

Table Of Contents
  1. What are the Best Virtual Piano Keyboard Software?

What are the Best Virtual Piano Keyboard Software?

Here are the nine (9) virtual piano software apps you can use to learn and play music.

1. Recursive Arts: Virtual Piano Simulator

| Works on Web Browser |

Recursive-Arts-Virtual-Piano-simulator

Virtual Piano Simulator is a realistic-looking browser-based piano instrument that is good at mirroring the distribution of white and black keys in a real piano.

When playing piano songs, users will realize that all five octaves are available for them to use. Users can also record and save their own music compositions. Sharing with friends and family is also accessible with invitation links.

Key Features

  • Adjustable sound and tempo using SustainMetronomeTransposition, and Tempo buttons
  • Free Interactive songs to choose from
  • Ability to access additional musical instrument sounds such as OrganHarpsichordHarp or Synthesizer
  • Realistic 3D keyboard
  • Capable of playing up to 64 simultaneous notes

2. VirtualPiano.net

| Works on Web Browser |

virtualpiano.net-virtual-piano-keyboard

Virtual Piano allow users to learn how to play the piano in a quick, easy and enjoyable manner. The software turns your computer or mobile device keyboard into a piano keyboard, containing letters corresponding to the keys from a QWERTY keyboard.

When playing a song, you can press both the black and white keys together at the same time. In addition, there is a scroll bar under the keys to allow users to play all the octaves of a grand piano.

Key Features

  • Do not require users to know how to read music notation
  • Thousands of free music sheets
  • Maps QWERTY keyboard to piano keys
  • Credit, edit and refine customized music sheets
  • Choose from 24 different classical instruments, such as Violin, Saxophone and many more.

3. Online Pianist: Virtual Piano

| Works on Web Browser | iOS | Android |

online-pianist-virtual-piano

Online Pianist simulates a real piano keyboard with 7 1/4 octaves of 88 keys, a Metronome, a sustain pedal and many others. Unfortunately, for mobile devices, only five octaves are available.

Key Features

  • Real keys mode – corresponding computer keys for the middle octaves & piano keys of a real piano
  • Simulate a piano’s sustain pedal
  • Adjust the Metronome based on BPM (beats per minute) or time signature
  • Using the letter notes feature to display ABC or DoReMi letter notes on the piano keyboard keys

4. Virtual Drumming: Virtual Piano

| Works on Web Browser |

virtualdrumming-virtual-piano-keyboard

Virtual Piano from Virtual Drumming enables users to learn chords and scales when they do not have a real piano.

Users can quickly learn music theory or try out random melodies that come to mind with this online tool.

Key Features

  • Record your song track up to a maximum of one minute
  • Automatically play the major and minor triads for every single note on the piano keyboard
  • Playing scales, such as Major, Natural Minor, Harmonic Minor, Melodic Minor, etc
  • Piano pedal simulator that allows users to play short notes by releasing the keys
  • Metronome feature for learning to play the piano keyboard, keeping time

5. Apronus: Virtual Piano

| Works on Web Browser |

apronus-virtual-piano

Apronus Virtual Piano enable users to use their keyboard to play on their virtual online piano simulator. Each key on the piano keyboard from C3 to C5 can be played by pressing an associated key on the computer keyboard.

The keys from the keyboard A, S, D rows and the Z, X, C rows are programmed to play white key chords for rich melodies.

This is an offline version of the virtual piano as well.

Key Features

  • Create a custom-made chord button
  • Configure buttons to be associated with a computer keyboard key
  • Ability to record and playback
  • Savings recordings to a local drive
  • Bookmarking chords by generating a link that encodes all the chords from your buttons

6. Revontulet: Perfect Piano

| Android |

perfect-piano-app-keyboard-virtual

Perfect Piano is an intelligent piano simulator developed for Android phones and tablets. With built-in authentic piano sounds, the app can teach users how to play the piano and be entertaining at the same time.

After installation, users can have a widget on their home screen to quickly play the piano without opening the app itself.

The app supports Timbre plugins such as bass, electric guitar, saxophone, etc. and has an 88-key piano keyboard.

Key Features

  • Support USB MIDI Keyboard
  • MIDI and ACC audio recording
  • Multiplayer Connection & Competition (real-time chat and challenge)
  • Three play modes: autoplay, semi-auto play, note pause
  • Left & right-hand setup
  • A->B loop

7. FunAIs: Piano+

| Android |

funAIs-piano+-virtual-keyboard

With more than 50 million downloads, Piano+ is one of Android’s most popular virtual piano apps.

The virtual piano app has an impressive sound to mimic that of a grand piano while allowing users to compose their own music after playing and learning using the 88-key piano app.

Key Features

  • MIDI keyboard recording, allowing the creation of own MIDI files to share with the community
  • Huge music library with lots of classical piano songs, kids’ songs, pop and many more
  • Daily challenges to unlock themes and customization

8. Peaksel Games: Virtual Piano

| For iOS | For Android |

peaksel-virtual-piano-simulator

Virtual Piano is a simple, easy-to-use mobile app that supports iOS and Android devices.

It has over one million+ downloads on the Play Store and App Store with plenty of positive reviews.

Key Features

  • Pedal for changing the instrument’s sound
  • Three instrument sounds: piano, banjo, toy piano
  • Pitch correction
  • Zoom buttons for zooming in and out for piano keys
  • Adjustable octaves

9. T.V CO: Piano

| For Mac and iOS |

piano-ios-macOS-virtual-keyboard

Piano for Mac and iOS is a classic piano app that allows users to learn and play thousands of songs on a virtual piano.

Users can import their popular songs and music sheets into the app and learn with the 88-key virtual piano.

The piano app also offers a Metronome, pedal, dual scrollable keyboard and supports a USB MIDI keyboard and Bluetooth MIDI keyboard.

Key Features

  • Connect to a MIDI-Keyboard via USB / Lightning cable or Bluetooth MIDI Connect
  • Use the keyboard as an output device to play the MIDI-Files 
  • Show notes and sheet as song timeline
  • View sustain-pedal events and sustained notes
  • Customize colours, effects, instruments and much more

9 BEST Free Virtual Piano Keyboard [PC, Mac, iOS, Android] Read More »

Best-Database-Forensics-Software-Tools

7 Best Database Forensics Software Tools [Recover Deleted]

Best of /

Many of our data records are stored in database management systems (DBMS) and in the event of a mishap or data breach or theft incident, there is both a legal and technical requirement need to adopt a database forensics investigation process using specialized tools to carefully uncover what had happened.

Most of the common DBMS are;

  • MySQL
  • Oracle
  • PostgresSQL
  • Microsoft SQL Server
  • MongoDB

Before we look at Database Forensics, we have to understand what is Digital forensics. it is a scientific application of analysing digital evidence, mainly used in a court of law and has several sub-disciplines such as cloud forensics, mobile phone forensics, etc.

Digital forensics is not to be confused with the concept of data recovery, although both are similar in many ways. Forensics, as a whole, is used for investigation purposes.

What is Database Forensics?

Database forensics is a sub-field of the digital forensics discipline that deals with the preservation, extraction, analysis and presentation of digital evidence and findings.

With scientific forensics in mind, it is often used in litigation, criminal investigation and organisational inquiry purposes. However, it can also be used as a specialized database extraction skill to query the database and find out what happened.

Examiners using database forensics tools can expect to be looking more in-depth, such as analysing file metadata, record timestamps, database artefacts and system artefacts.

Which are the Best Database Forensics Software?

Here are the seven (7) BEST Database Forensics software tools that you can use to analyse and recover deleted database entries.

1. DB Browser for SQLite

db-browser-database-forensics

Popular among users and developers who want to create, search and edit databases compatible with SQLite, DB Browser for SQLite is a free, lightweight open-source tool with a clean interface.

The database software supports Windows, macOS and Linux operating systems. One prominent feature of this tool is the ability to export multiple tables to CSV, all in a single group, to analyse together.

Suitable for database forensics, the program comes with a Windows portable app version that does not require installation. You can run this program from an external USB flash drive when examining computer systems.

Some of the useful features are;

  • Create and compact database files
  • Create, define, modify and delete tables
  • Import and export tables from/to CSV files
  • Import and export databases from/to SQL dump files
  • Examine a log of all SQL commands issued by the application
  • Plot simple graphs based on table or query data

2. Database Forensic Analysis System

database-forensic-analysis-system-tool-software

Database Forensic Analysis System is a commercial software that supports multiple relational and non-relational databases such as Oracle, SQLite, MySQL, mongoDB, redis and Cassandra.

The database forensic software assist in resolving the problems about the deleted /corrupted/fragmented database files, false file system, restriction of application system accessibility, etc.

Some of the main features include;

  • Unrestricted Accessibility to the database files – no need for password or account info from the application system
  • Extraction and Recovery for the normal/deleted/damaged database files – e.g. tables, views, triggers
  • Multiple Analysis Functions – e.g. .keyword searching, SQL statement query, visual connection analysis
  • Patent File Craving Technology – extract, analyze and reorganize the fragmented database files

3. Forensic Toolkit for SQLite

Forensic-toolkit-for-SQLite-database-software-tool

This commercial forensic software suite is a must-have for any forensic investigators to make the tasks of recovering SQLite records from disk, image and database simpler.

The Forensic Toolkit for SQLite is a suite of three (3) comprehensive software tools namely;

  • The Forensic Browser for SQLite
  • Forensic Recovery for SQLite
  • SQLite Forensic Explorer

It is an investigative tool designed to show every single byte of an SQLite database, journal or WAL file along with its decoded data. It is also an forensic tool to aid in the recovery of databases, tables and records.

Some of the features include;

  • examining unused spaces in tables and indexes,
  • viewing how each record in encoded and stored in a table or index,
  • exploring the free list and every page within it
  • Overview of the type and content of the database, which can be SMS, passwords or any other valuable evidence

4. Log Analyzer for SQL

Stellar-Log-Analyzer-for-MySQL-database-forensics-software-tool

This commercial forensic tool was designed specifically for database administrators to analyze log files transactions of MySQL Server databases and recover deleted transaction logs.

Log Analyzer for SQL scans the forensic details of Redo, General, and Binary logs to identify abnormalities in the MySQL database.

The forensic tool helps you preview the type of transaction (insert, delete, and update), the time of the transaction, the name of the transaction, and the table name involved in the query.

Some of the features include;

  • Saving of logs in multiple formats, such as MySQL, CSV, HTML, and XLS format.
  • Date filters on log transactions and log transaction data to analyze the data for a particular time period
  • Option to save log report of the MySQL log file analysis process

5. SQLite Forensics Explorer

SQLite-Forensic-Explorer_database-software-tool

SQLite forensics explorer is designed for investigators and administrators to restore lost and deleted databases and exporting these entries in different formats.

The forensic tool reveals the intention of the user who deletes the database records by not only recovering the deleted data but also highlights the data which is deleted or secure deleted.

Some of the main features are;

  • Sort data with colour schema – different colours for normal data, deleted data, unallocated data, etc
  • Manage multiple custodians
  • Recover associated journal files
  • Indexing of SQLite databases for further investigation or judicial proceeding
  • Mutiple options for export, e.g. csv/pdf

6. SQLite Viewer

SQLite-Forensic-Explorer_database-software-tool

Foxton forensics has a free tool called SQLite Viewer that is used for inspecting the contents of SQLite databases.

The forensic software has a database searcher that automatically load all SQLite databases from folder and subfolders. Images are stored in the database are also automatically extracted and viewable by examiners in the built-in gallery interface.

SQLite Viewer has a hex viewer to examine BLOBs and export them to a file for further analysis.

7. dbResponder

dbResponder-database-forensics-software-tool

dbResponder is a free, SQL Server forensics tool that is capable of automated preservation and advanced analysis of database artefacts.

The forensic tool is useful for data breaches preparation & response and is developed by Kevvie Fowler who is a partner and National Cyber Response leader for KPMG.

The software can acquire database artefacts from a single or multiple SQL servers. All artefacts collected are forensically preserved with timestamps, metadata and hashes.

7 Best Database Forensics Software Tools [Recover Deleted] Read More »

Best-cloud-forensics-social-media-extraction-software

5 BEST Cloud Forensics & Social Media Extraction Tools

Best of /

Data in the cloud (e.g. Google Drive, iTunes, webpages, social media sites) are constantly prone to changes or deletion. Therefore, cloud forensics is often referred to as taking a snapshot of the data at that moment in time.

Therefore it is important to use proper cloud forensic software to collect and preserve this digital evidence.

Cloud forensics tools are especially important if you use them for law enforcement cases (criminal offences) or corporate crime investigations, e.g. checks into employee misconduct, data leaks, etc.

Cloud data can be very useful where evidence no longer resides on local storage, e.g. computers & mobile phones, due to deletion or overwriting.

Sub-disciplines of digital forensics include mobile forensics, memory forensics and many more.

What do I need to perform cloud forensics and social media extraction?

You will still need the following;

  • The correct login credentials and authentication token for the software to gain access to the account and begin cloud extraction.
  • A clean computer, preferably with a wired connection (stable connection) and enough storage space (for the extracted cloud data)

What are the Best Cloud Forensics and Social Media Extraction Tools?

These are the five (5) cloud forensics and social media extraction that collect cloud data in a forensically-sound manner and can be used in a court of law as digital evidence.

Table Of Contents
  1. What do I need to perform cloud forensics and social media extraction?
  2. What are the Best Cloud Forensics and Social Media Extraction Tools?

1. Oxygen Forensic® Cloud Extractor

Best-Cloud-Forensics-Social-Media-Extraction

Founded in 2000, Oxygen Forensics is a Russian company headquartered in Alexandria, Virginia and provides mobile forensics capabilities to law enforcement, federal agencies and enterprises.

The digital forensic tool has had a built-in feature called Cloud Extractor since 2014, which acquires data from popular cloud storage and cloud email providers. Gmail, Google Drive, OneDrive, iTunes, Facebook, Instagram, Twitter and many more are some of them.

With the extracted cloud data, Cloud Extractor provides additional analytic features, e.g. Timeline (data in a chronological manner), Social Links (frequently communicated parties) and Image Categorization (sorting of images using built-in AI).

Cloud Support & Features

  • Supports over 100+ cloud services
  • Acquisition from Google, iCloud, Microsoft cloud services, popular SaaS offerings like Dropbox & Box and social media sites like Facebook, Instagram, etc
  • Cloud access via various authorization methods, support 2FA and data decryption
  • Allow users to configure proxy settings for each cloud service

2. X1 Social Discovery

x1-social-discovery-media-extraction-cloud-forensics

XI Social Discovery is a case-centric workflow platform that enables users to correctly capture web content while maintaining data preservation and retaining metadata values.

The social media extraction tool collects and searches data from social networks and online web pages.

Unlike the traditional method of manual webpage exporting and taking screenshots, XI Social Discovery collects the web data, allows users to search & analyse them and aggregates all these data into a single user interface.

Cloud Support & Features

  • Support data types from Facebook, Instagram, Twitter, Youtube, Tumblr, LinkedIn, Webpages, Gmail and many more
  • Reporting feature based on filter and data extraction
  • Data is forensically-sound in the process of cloud extraction
  • Patented web page authentication

3. Magnet AXIOM: Cloud Forensics

Magnet AXIOM offers a comprehensive solution for lawfully recovering and analyzing cloud-based evidence in various ways from suspects, victims, witnesses, and publicly available cloud sources, e.g. social media and webpages.

The social media and cloud extraction tool allow users to extract, recover, analyze and report on their cloud evidence and open-source intelligence (OSINT) data in one single case interface.

Cloud Support & Features

  • Support cloud extraction from over 50+ cloud services
  • Ability to import Warrant Returns formats from Internet Service Providers (ISPs)
  • Support ingestion of user-generated archive files from Facebook and Google (e.g. Google Takeout)
  • Gain access to cloud account via login credentials and 3rd party tokens and keychains

4. Cellebrite UFED Cloud

cellebrite-ufed-cloud-forensics-social-media-extraction

Since entering the mobile forensics industry in 2007, Cellebrite UFED has been the major player in this field for many years.

Cellebrite is an Israeli digital intelligence company focusing mainly on extracting data from mobile devices. The company has several offices across the world, including Washington D.C, Germany and Singapore.

One of Cellebrite’s product, the UFED Cloud, allow users to collect, preserve and analyze popular cloud services, social media data, instant messaging apps, web pages and many more.

Cloud Support & Features

  • Support over 50+ popular cloud services and social media sites
  • Lawful access to time-sensitive online evidence using cloud forensics methodology
  • Ability to import extracted cloud data into the UFED Digital Intelligence platform for further review and analysis
  • Ability to visualise data in a unified format, e.g. timeline format and maps format

5. MSAB XRY Cloud

MSAB-XRY-Cloud-forensics-extraction

MSAB is a Swedish company that specialises in using forensic technology for mobile device examination and analysis. The company’s main product is the XRY, their flagship mobile forensics software for extracting mobile data.

The company has a separate component product called the XRY Cloud, which is used to perform cloud forensics. XRY cloud can be used as a standalone tool or as part of the complete MSAB ecosystem suite of tools.

XRY Cloud offers two (2) modes of cloud extraction. First is the automatic mode, which requires the device to have online access to extract the app token, e.g. Facebook token. The second mode uses the usual login credentials (ID/password) and does not require the device’s presence.

Cloud Support & Features

  • Support over 50+ cloud services
  • Cloud extraction from Whatsapp, Snapchat, iCloud, Facebook, Google services, etc
  • Use of Cloud Tokens to gain access if login credentials cannot be obtained

Related Post

Digital Forensics vs Data Recovery: Key Differences Compared

5 BEST Cloud Forensics & Social Media Extraction Tools Read More »

Best-Mobile-Forensics-Tools-Phone-Extraction

5 BEST Mobile Phone Forensics Tools [Evidence Extraction]

Best of /

Digital Forensics is an application of science to collecting, preserving, analysing, and presenting digital data. Mobile Forensics is a sub-branch under the scope of digital forensics, and it specializes solely in the forensic extraction of mobile devices (smartphones).

There are other sub-disciplines as well, such as cloud forensics, memory forensics and many more.

To examine a mobile device, one needs to overcome and understand the various types of chipsets used (e.g. MTK, Exynos, Snapdragon), the operating system (Android, iOS), the connectivity ports (e.g. USB Type-C), software security version, encryption used, etc.

Commercial tools largely dominate most of the mobile forensics software used in this industry. However, these companies invested heavily into the research & development (R&D) of gaining access to modern-day phones, developing support for thousands of mobile apps and parsing them nicely in an intuitive interface for their users.

What are the Best Mobile Forensics Tools?

Here are the five (5) best mobile forensics software tools used by law enforcement and private organisations worldwide.

1. Cellebrite UFED

cellebrite-ufed-mobile-forensics-extraction-ufed4pc

Since entering the mobile forensics industry in 2007, Cellebrite UFED has been the market leader in this space for many years.

Cellebrite is an Israeli digital intelligence company focusing mainly on extracting data from mobile devices. The company has several offices across the world, including Washington D.C, Germany and Singapore.

The UFED capability is available on desktop computers (UFED4PC) and a standalone handheld console (UFED Touch2).

Cellebrite UFED – Key Features

  • Unlocking of mobile devices via pattern bypass and PIN locks
  • Perform logical, file system and physical extractions
  • Use of bootloaders, automatic EDL capability, smart ADB connection and more
  • Wide range of supported mobile devices across many different brands
  • Extract evidence from mobile phones, SIM cards, drones, SD cards, GPS devices and more

2. Oxygen Forensics

oxygen-forensics-mobile-extraction

Like Cellebrite UFED, Oxygen Forensics is a Russian company headquartered in Alexandria, Virginia and provides mobile forensics capabilities to law enforcement, federal agencies and enterprises.

The forensic software is an all-in-one platform that can extract mobile forensic images, decode them and parse them in its interface for investigators to analyse quickly. Furthermore, multiple extractions can be investigated in a single Oxygen Forensic interface to have a complete picture of all the acquired data.

Oxygen Forensics – Key Features

  • File system level extraction on most mobile devices
  • Drone forensics possible
  • Bypass screen lock on popular Android devices
  • Cloud extraction – Acquire data from cloud services and storage
  • Support import of call data records

3. MSAB XRY

msab-xry-mobile-forensics-extract

MSAB is a Swedish company that specialises in using forensic technology for mobile device examination and analysis. It offers frontline extraction support (i.e. rugged forensic kit model) and forensic lab solution (i.e. software, kiosk or tablet form).

The company’s product is designed to recover and analyze the contents of a digital device in a forensically secure manner and offers three (3) different products, namely;

MSAB ProductFunction
XRYThe extraction of the mobile device and the decoding & indexing of the mobile data
XAMNThe analysis, reporting and filtering of the extracted data
XECThe digital forensics management solution for seamless data distribution between users, locations, departments and other agencies.

MSAB XRY – Key Features

  • Logical and Physical examinations of over 40,000+ mobile devices and app profiles
  • GPS & Memory card examination
  • File Signature Analysis
  • Support for Chinese chipsets

4. Hancom MD-NEXT

hancom-md-next

Hancom has been a Korean company specialising in forensic mobile device extraction since 2005. It offers an integrated digital and mobile forensic solution that supports over 15,000+ mobile phones, particularly Korean-made brands such as Samsung and LG.

The company offers three (3) mobile forensics software, namely;

SoftwareFunction
MD-NEXTThe data extraction software for mobile devices, wearables, drones, IoT devices, etc
MD-REDThe analysis software for data recovery, examination and reporting of the extracted data
MD-LIVEThe first responder software for live data extraction and analysis from mobile devices

Hancom MD-NEXT – Key Features

  • Supports data acquisition for various global smartphone manufacturers (Samsung/Apple/LG/HTC/ZTE etc.) model
  • ADB Pro extraction: Supports data acquisition using vulnerability attacks from Android-based devices
  • Supports Android Live, MTP, iOS full filesystem Backup, Vendor backup protocol, Local backup, USIM
  • Supports Bootloader, Fastboot, MTK, QEDL, etc

5. MOBILedit Forensic

MOBILedit-mobile-forensics-extraction

MOBILedit is an all-in-one solution for data extraction from mobile devices, smartwatches and cloud services. It has built-in security bypassing feature that allows users to acquire supported phone models without needing a pattern or pattern unlock.

Another valuable and unique feature is their open database of supported mobile apps. Users can quickly check against this database to see if MOBILedit current supports a particular app. If it doesn’t, there is a request button to ask the company to research that new app.

MOBILedit – Key Features

  • Physical and Logical data acquisition
  • Automated deleted data recovery
  • Cloud forensics acquisition, e.g. Google Drive, OneDrive, Instagram and many others
  • Integrates with camera ballistics technology to scientifically analyze photo origins
  • Concurrent extractions with the new 64-bit engine

Related Post

Key Differences between Data Recovery and Digital Forensics

5 BEST Mobile Phone Forensics Tools [Evidence Extraction] Read More »