Mobile Forensic Software

MD-Live

MD-LIVE is the forensic software for the live data extraction and analysis from the smartphone, which helps the first responder to get the evidence easily on the spot.

MD-NEXT

MD-NEXT is the forensic software for the data extraction of mobile devices.

MD-RED

MD-RED is the forensic software for the recovery, analysis and reporting of the extracted data from mobile devices.

MD-LIVE

Mobile forensic software for on-the-spot investigation which performs live extraction and analysis on a mobile device MD-LIVE is a mobile live forensic product with a smooth user experience which can support logical extraction and quick data analysis. It also supports the selective acquisition from the evidence without privacy infringement, the screen capture and recording of smartphone display mirrored and forensic process recording by an external camera of the internal recording feature.

System Requirements

OS: Windows 7/8/10 (64 bit)

CPU: i5 or faster

RAM: 4GB or above

SSD: 512G or more

Display: 1024×768 or higher

USB: 2 or more USB 2.0/3.0/3.1 ports

Microsoft.Net Framework 4.5

 

Product components

MD-LIVE Installation Software (CD/USB/Online)

USB Dongle Key 1 EA

Warranty 1 Year

Specification Product Highlights

Mobile forensic software for on-the-spot investigation and triage

Best forensic tool for a smartphone of the witnesses or victims

Selective acquisition of evidence data for privacy protection

Recording and capturing of mirrored smartphone display
Screen recording for audit or justification of the forensic process

Convenient and straightforward usage with an intuitive user interface

Minimize work time with automated steps using high-speed analysis engine

Selective extraction and analysis of evidence data

–  Only data related to the case can be selected and analyzed.

–  Minimization of unnecessary data extraction to protect privacy and to reduce the time spent on the site

–  Scan of important apps based on time and frequency of use

Analysis data view just like looking at a real smartphone screen

–  Quick evidence data identification by providing data view themes similar to that of a smartphone app

Integrated data viewers

–  Includes the viewers to display files such as photo, video, audio, document, map and website browsing history

Mirroring and remote control of smartphone display

–  Smartphone screen mirroring and remote control can be used when smartphone display is broken or the prevention of unwanted operation on the phone

–  The mirrored screen can be captured and also recorded as an evidence

Screen recording of MD-LIVE software

–  PC screen recording of MD-LIVE to reproduce and verify its forensic process

Easy and concise process

–  Intuitive user interface

–  Auto-detection of smartphone model

–  Automated analysis after extraction which makes the fast investigation process

Reporting features

–  Supports reports such as PDF, Excel and SQLite DB

–  Supports saving of reports and dump image on USB/DVD

–  Supports’ Witness Document’ generation

–  Supports a wide range of HASH algorithms

–  MD5, SHA1/224/256/384/512, RIPEMD128/160/256/320

Screen recording of MD-LIVE software

–  PC screen recording of MD-LIVE to reproduce and verify its forensic process

External standing camera (Option)

–  For taking a photo of the evidence and its display or recording the investigation procedure

–  Hardware-based auto-focusing

–  Anti-reflection pad

MD-LIVE Demo

MD-Next

Data extraction software for Smartphone, Feature phone, Drone, Smart TV, Wearable, IoT device, USIM card, SD memory card, JTAG board, and Chip-off memory MD-NEXT is the forensic software for the data extraction of diverse mobile and digital device. It supports physical and logical extraction methods for Android, iOS, Windows OS, Tizen OS, and other mobile OS

System Requirements

OS: Windows 7/8/10 (64 bit)

CPU: i5 or faster

RAM: 4GB or above

SSD: 512G or above

Display: 1024×768 or higher

USB: 2 or more USB 2.0/3.0/3.1 ports

Microsoft.Net Framework 4.5

 

Product components

MD-NEXT Installation Software (CD/USB/Online)

USB Dongle Key 1 EA

Warranty 1 Year

Specification

Product Highlights

– Data extraction from Smartphone, Feature phone, IoT device, Smart TV, Drone, Chip-off memory and JTAG board

– Powerful extraction tool for Asian manufacturers (Samsung/LG/Chinese brands)

– Supports all physical extraction methods – Bootloader, Fastboot, MTK, QEDL, Custom image, ADB Pro, iOS Physical, DL, JTAG, Chip-off, SD Card, SIM, Removable Media

– Supports all logical extraction – Filesystem, Android backup, iOS Backup, Vendor backup protocol, Local backup, MTP

– Unlock of latest Samsung and Chinese phone (Oppo/Vivo/Huawei/Xiaomi)

– iOS backup file decryption and keychain extraction

– Selective extraction of partition, file, category, and app

Perfect data extraction tool for diverse mobiles and digital devices

–  Supports more than 15,000 models of Global smartphone manufactures (Samsung/Apple/LG/Nokia, etc.) models including 500 or more models from

Chinese manufacturers (Huawei/Xiaomi/Oppo/Vivo, etc.)

–  Supports extraction of IoT device, AI Speaker, Smart TV, Drone and Car

Advanced physical extraction features

–  Supports Bootloader, Fastboot, MTK, QEDL, Custom Image android rooted, iOS Physical, ADB Pro, DL, JTAG, Chip-off, SD Card, USIM, Removable Media

–  JTAG pin map viewer and connection scanning with AP

–  Drone SD Card extraction – DJI Phantom, Maverik series/Parrot/PixHawk

–  AI Speaker Chip-off extraction – Amazon Echo, Kakao Mini, Naver Clova

Supports diverse physical data reader hardware

–  JTAG Reader (MD-BOX, Trace32)

–  Memory Chip Reader (MD-READER, UP828)

–  SD Memory Reader and USIM Reader

Advanced logical extraction features

–  Supports Android Live, MTP, iOS Backup, Vendor backup protocol, Local backup

Unlock of latest smartphone model

–  Supports Samsung, LG, Oppo, Vivo, Huawei, Xiaomi

Supports extraction and decryption of the latest Asian phone

–  KNOX bypassing physical extraction – Samsung Galaxy S series

–  Screen lock bypass MTP extraction – Samsung Galaxy S Series

–  ADB Pro physical KNOX bypass – Samsung Galaxy S series

–  FBE Decryption service – Huawei unlocked phone

–  Vendor Backup protocol extraction – Huawei

–  Local backup extraction – Huawei, Xiaomi, Oppo, Gionee

–  Physical extraction for Japanese manufacturer model – Sharp, Sony

Supports the latest iPhone logical extraction

–  iOS keychain extraction

–  Logical extraction for iPhone up to XS/XR model

–  The decryption of backed up data for the latest version of the iOS device

Selective extraction for privacy protection

–  Supports selection of partition, file, category, and app

–  Selection in filesystem physical extraction method

–  Selection in all logical extraction methods

Special extraction features

–  Supports custom extraction for unlisted models using pre-defined methods

–  Supports Google cloud drive extraction

Useful extraction utilities

–  Supports auto recognition of partition table and encrypted partition

–  Supports automatic firmware restoration and retrial after restoration failure

–  Supports resume of extraction

–  SSupports merge of multiple image file – MDF and binary file

–  Supports the creation of MDF file from PC backup

Assurance of evidence data integrity

–  Supports write-protection to every evidence data

–  Supports 10 hash algorithms such as MD5, SHA1/224/256/384/512, RIPEMD128/160/256/320 Excellent extraction performance

–  Max. 32GB/20min extraction performance

–  Multiple device extraction

–  Extraction sequence management – Sequential/Simultaneous

User-friendly and easy to use

–  Intuitive graphical user guide for each extraction method

–  List of recently selected models

Data preview and save

–  Supports preview of the extraction data – Hex viewer, Data viewer

–  A dumped image can be saved as ‘MDF’ and standard binary file format

–  Pre-defined extraction file name

–  Sound alarm for extraction status change

Reporting features

–  Extraction information – Hash value, Time, Method and Filename

–  Supports report format such as PDF, Excel, and HTML

–  Supports ‘Extracted File List’ generation with a hash value of each file

–  Supports’ Witness Document’ generation

–  Re-generation of ‘Extraction Reports’

MD-NEXT Demo

MD-RED

MD-RED Data analysis software for recovery, decoding, decryption, visualization and reporting evidence data from a mobile and digital device MD-RED is the forensic software for the recovery, decryption, visualization, analytic data mining, and reporting evidence data from which are extracted with MD-NEXT or other extraction tools. All the results of the analysis can be exported as the forensic reports for the investigation of crimes and accidents. Also, the analysis module of the latest mobile apps is quickly updated by continuous research.

System Requirements OS:
 

–  OS: Windows 7/8/10 (64 bit)

–  CPU: i7 or faster

–  RAM: 8GB or above

–  HDD: 1TB or above

–  Display: 1024×768 or higher

–  USB: 2 or more USB 2.0/3.0/3.1 ports

–  Microsoft.Net Framework 4.5

Product components
 

–  MD-RED Installation Software (CD/USB/Online)

–  USB Dongle Key 1 EA

–  Warranty 1 Year

Specification Product Highlights
 

–  Analysis and recovery of various filesystem and 1,500 or more apps

–  Decrypt the encrypted SNS message

–  Quick update on a new version of apps

–  Social relation analysis

–  Drone and IoT data analysis

–  Visualization of the analysis result

–  Python editor for the development of analysis script

Supports various mobile OS and devices

–  Supports feature phone, smartphone, and various digital devices

–  Supports iOS, Android, Windows, Tizen and other mobile OS

Parsing and recovery of various filesystem

–  FAT12/16/32, exFAT, NTFS, ext3/4, HFS+, EFS, YAFFS, FSR, XSR, F2FS, VDFS, XFS, DVR filesystem (e.g., Dahua and Hikvision)

–  Data carving for an unused area

Analyze 1,500 or more popular mobile apps and mobile data

–  Multimedia files were taken by phone camera

–  Call log, Address book, SMS/MMS, email, Memo, Internet history

–  SNS, Map, Navigation, Health, Banking, and Lifestyle app

–  Anti-forensic app

Maximized analysis performance

–  High performance by multi-core CPU/GPU parallel processing

–  Multiple analysis program execution for each case

The decryption of encrypted data

–  Identifies encrypted document

–  Decrypts encrypted chatting message, email, file and app data

Deep analysis of popular messenger

–  Deserialization, Decryption, and Recovery of data

–  WhatsApp – Multiple backup files analysis

–  WeChat – Multiple account analysis, Rainbow table

–  Skype, Facebook messenger, Telegram, Wickr

–  QQ, Kakaotalk, Line, Zalo, Viber, Snapchat and many other messengers

Decodes screen lock and password information

–  Decodes Pattern, PIN, and Password for unlock

–  Brute forcing by GPU acceleration

–  iPhone keychain data analysis

Multimedia data recovery and analysis

–  Frame recovery for deleted/damaged video file

–  Exclusion of + 6.7M pre-registered images by RDS (Reference Data Set)

–  Audio file converter (From AMR/AUD/QCP/SILK to MP3/AMR/WAV)

–  Supports QCP file play and Silk codec decoding

New digital device analysis

–  Drone data analysis – Flight history, Multimedia data, DJI/Parrot/PixHawk

–  IoT data analysis – AI Speakers, Smart TV, Car Navigation

Social relationship analysis

–  Basic mode for single phone analysis

–  Advanced mode for multiple phone analysis

–  Call, messenger, email communication data analysis

–  Contacts merge and split

–  Filter by the app, period, contacts, types of communication

–  Community analysis by the centrality

–  Visualized relation and automatic rearrangement

–  Easy to access to specific node and communication link

Log analysis

–  Medial log, Search word log

–  System log, Network log (Bluetooth, WiFi, Cell Tower)

Embedded data viewers

–  SQLite database viewer

–  HEX data viewer

–  PList viewer

–  Documents viewer(Text, XML, CDF, PDF, MS office, ZIP, Executable, Encrypted)

–  Photo Gallery

–  Video player

–  Audio player

Visualization of analyzed data

–  Map viewer for GPS data and cell tower location

–  Offline/Online map (Region/Country/City – 3 level)

–  Timeline viewer

–  Link viewer for social relationship visualization

–  Chat viewer for communication visualization

–  Web browser for internet history review

The advanced data filtering option

–  Filter by filesystem, signature, time and more fields

–  Dynamic filtering operators, sorting, grouping

–  Search by regular expression

–  Keyword registration

–  Bookmarking of selected data

Python scripting IDE for user-defined analysis

–  Python script editor for advanced user

–  Code generation, Code execution and debugging and Sample script

Case management and hash value verification

–  Case management feature

–  Grouping extraction images

–  Hash value verification on each extraction image

  • Reporting features

    –  Hash calculation for a selected file

    –  Supports export of analyzed multimedia

    –  Supports report formats of PDF, Excel, HTML and SQLite DB

    –  Supports 3rd party report format like Nuix and Relativity

 
MD-RED Demo