MPE+ Mobile Forensics Software Supports 7000+ Devices, Including iOS®, Android™ and Blackberry® Devices, as well as Devices with Chinese Chipsets
Mobile Forensic Examiner PLUS ®is AccessData’s market leading stand-alone mobile forensics software solution that delivers an intuitive interface, data visualization and smart device support in a single forensic interface. MPE+ supports even the most challenging mobile device profiles and features advanced carving, deleted data recovery, SQLite database browsing , advanced analysis ,filtering options and limitless possibilities with built in query and script building. Furthermore, MPE+® images integrate seamlessly with Forensic Toolkit ® (FTK ®) computer forensics software, allowing you to correlate evidence from multiple mobile devices with evidence from multiple computers within a single interface.
Broad Mobile Device Support and Functionality in a Single, Easy-to-Use Solution
With support for more than 7000 cell phones and mobile devices, including Legacy GSM/CDMA devices, iOS , Android , Blackberry, Windows Mobile™ and Chinese devices, MPE+ enables examiners to perform advanced mobile device investigations without having to purchase an overpriced suite of modules or cumbersome hardware. The robust support and superior analysis tools built into MPE+ puts a new take on examining mobile device data separating itself into a league of its own. MPE+ is the only choice for mobile forensics examiners looking to upgrade their capabilities and to handle the data of today.
Adding MPE+® Velocitor Enables Your MPE+ Solution to Support More Chinese Devices than Any Other Solution on the Market Today.
MPE+ Velocitor is an optional hardware add-on to be used with MPE+ version 5.3 and above. MPE+ Velocitor solves the problem investigators now face when processing cheap generic phones, tablets and Chinese phones as key evidence in critical investigations. MPE+ Velocitor provides physical and logical extraction from 95% of Chinese chipsets, including full flash data extraction. Recover passwords and user data from supported devices. Supported devices include MediaTek, Spreadtrum, MStar, TI, Phillips, and Coolsand.
MPE+® for E-Discovery
In addition, MPE+® is the only mobile forensics solution designed to facilitate mobile device discovery for litigation support personnel addressing e-discovery requirements. The interface is the most intuitive on the market and includes visualization tools that allow you to easily see communication relationships among contacts and automatically construct graphical data timelines.. An intuitive interface, advanced analysis, easy export and robust reporting make MPE+® the tool of choice for e-discovery practitioners.
NOTE: MPE can be purchased with a SIM reader and phone cables. Cable updates are shipped to those who maintain SMS.
Supports 7000 Mobile Devices
MPE+ supports 7000+ devices, including more than 1300 unique profiles that often present challenges to investigators. (Cable kit available separately.)
- Android ™ devices, including full physical extraction from rooted devices
- dLogical™ Enhanced Support allows the acquisition of many sources of Android device data beyond most solutions in the market can deliver
- dSOLO™ support allows acquisition with only a SDcard configured with MPE+. A global first forensic triage tool for Android devices
- Any iOS compatible devices up to iOS 7
- Physical extraction limited to devices up to and including iPhone® 4 and iPad® 1
- iLogical™ Enhanced Support allows the acquisition of many sources of iOS device data beyond what most solutions in the market can deliver.
- iTunes backup parsing
- Windows Mobile® devices
- Blackberry ® devices, including the import of Blackberry BBB (Blackberry Backup) files and select general devices
- Legacy phones including LG, Nokia Series 30/40, Samsung, Motorola, ZTE, Sony Ericsson and others
Adding MPE+ Velocitor* to your MPE+ solution allows the extraction of the file system, call history, messages (SMS/MMS), flash images and device information from mobile devices containing Chinese embedded chipsets including:
- Chinese MediaTek (MTK)
- Coolsand and more.
*MPE+® Velocitor is sold separately and requires a license plus the MPE+® 5.3 Software upgrade
AUTOMATED SMART APPLICATION RECOVERY
MPE+ SQL Builder EVERY iOS and Android device under investigation can possibly contain one, two, or more applications from the more than 800,000 available in associated marketplaces. MPE+ is the only tool on the market that allows you to build simple SQL queries to extract not only ANY application data, but also those that are yet to come.
With the SQL Builder you can:
- Create a custom query
- Save the query
- Upload the query to the AccessData forum
- Share the query with another user
- Import another query built by another user
- Publish the results of the query for reporting
Then any of the queries can be run against that database for immediate results in any dataset that has the application installed
ANDROID® DEVICE ANALYSIS
- MPE+® enables the physical imaging of not only any rooted Android device but also Android devices including both Samsung Galaxy S®II and III devices even if USB debugging is not enabled. This allows MPE+® to bypass any passcodes even if the device is protected with USB debugging in the OFF position.
- dLogical™ Enhanced enhancement capability acquires Android devices 30% faster than market leading tools and uncover more logical data from these devices than any other tool on the market . dLogical collects from ALL Android devices currently available
- dSOLO™ mode allows any investigator (including those not technically savvy and without mobile forensic training) to be sent to perform Android device collections utilizing just a provisioned MicroSD card.
- ALL Android filesystem formats are recognized and viewable in MPE+
IOS ® DEVICE ANALYSIS
- Physical and logical acquisition of iOS devices up to iOS 7 (both CDMA and GSM). Physical extraction is limited to devices up to and including iPhone® 4 and iPad® 1
- No jail breaking required.
- Acquire physical and logical data simultaneously, without the need for iTunes ®.
- On-the-Fly decryption of operating system and logical data
- Logical acquisition of any iOS devices from v.1.0 to up to v.7 utilizing MPE+ iLogical™ Enhanced iDevice Support. MPE+ iLogical Support allows investigators to acquire many sources of data beyond what most logical products on the market are able to deliver. It will facilitate the acquisition of any compatible iOS devices, ranging from iOS v1.0 to the most recent iOS devices. Learn more about MPE+ iLogical Support
- iTunes® Backup Browser
- Import folders and files containing an iTunes Backup.
- Using a mounted image, point to the iTunes folder.
- Support for both encrypted and non-encrypted backups.
- View and parse backups retrieved using AD Triage
- iTunes backup parsing over the network.
- Parse any drive anywhere you can access a network.
- Users can navigate to a local folder, mapped drive, mount a forensic AD1 or E01 file, and even navigate across a computer’s network to parse user’s data stored in an iTunes backup folder
Advanced Analysis Tools
- MPE+ pythonScripter™ extends the overall user capabilities by providing investigators with the easiest and fastest way to create, use, and share python scripts without the need of previous python scripting experience. Investigators are no longer under the mercy of waiting for software upgrades as they can utilize this functionality to perform any specific task needed to solve any challenge during data analysis.
- Register to AccessData User’s Forum to access python scripts available and to upload your own to be shared with other users
- Use the many pre-loaded scripts to scan an image for files by MIMEType, pull location information, search for terms using regular expressions and more.
- Publish the results to the MPE+ interface to save to AD1 or be included in a created report.
- Mobile device file systems are immediately viewable and can be parsed in MPE+ to locate lock code, EXIF and any data contained in the mobile phone’s file system. File systems collected using other solutions are also viewable in the MPE+ interface.
- Filter any column by Data or Values, such as Contains/Is equal to, and more.
- Group column headers to filter collected data using that criteria
- Enhanced Gallery View
- File system will display all images in selected folders.
- Carving Window displays all images.
- Media View shows all images extracted.
- PLIST Viewer Built into Natural View and embedded SQLite Database Browser
- Now you can view data in both binary and standard PLIST files in CHTML.
- Carve Data for Embedded Phone-Specific Data.
- Built-in iOS and Android Parsers
- Feature will allow the parsing of other solutions images to uncover data that may have been missed.
- Parse SQLite Database Files from iOS ® to Android ™ for Deleted Data.
- Right click on any SQLite database and select to parse the free file area.
- All parsed SQLite databases are then displayed for review.
- Hex Interpreter
- Highlight bytes to display common date/time formats.
Ideal System Setup
I really like how easy it was to get the logical and physical acquisition. It’s like “one stop shopping.” No need for a passcode either. Other tools require a passcode or jailbreak to get the logical.
Law Enforcement Officer
The MPE+ nFIELD solution combines the powerful device collection capabilities of Mobile Phone Examiner Plus™ (MPE+) with a simplified user interface to support a broader set of users and on-scene mobile device data collection. MPE+ nFIELD performs logical and physical acquisition of all MPE+ supported mobile devices along with USIM, SIM and mass storage devices; all with a touch of a single button.
In just 7 steps, the MPE+ nFIELD interface visually guides investigators through mobile data collections. The wizard driven interface supports forensically sound data acquisitions with virtually zero training. An AD1 image is automatically created to ensure the information collected can be analyzed in any AccessData solution and the collected data supports a proper chain of custody. Additionally, MPE+ nFIELD automatically creates a customized report of the extracted data for immediate review on scene.
MPE+ nFIELD software can be installed on ANY device running the Windows® 7, 8 and 8.1 x 86 and x64 Operating System including Personal Computers, Laptops and Tablets.
Get the power of MPE+ nFIELD with the MPE+ Tablet
MPE+ nFIELD also comes preinstalled on the MPE+ Tablet*. The MPE+ tablet hardware device allows you to perform simple and fast mobile physical and logical device collections away from the lab. Featuring the same collection capabilities of MPE+, the MPE+ Tablet supports more than 7,000 devices, such as legacy cell phones as well as smart devices. It also includes the MPE+ iLogical™ and dLogical™ support technology which collects iOS® and Android™ devices up to 30% faster than any other solution on the market.
*MPE+ Tablet is sold separately.
The 7 Simple Collection Steps of MPE+ nFIELD
Chances are mobile devices containing Chinese-manufactured chipsets are already part of your forensic investigation. Chances are…
… you haven’t being able to process them. Now you can.
MPE+ Velocitor is an add-on hardware tool that integrates seamlessly with MPE+ to unleash the power of physical and logical extraction from 95% of Chinese mobile devices. The MPE+ Velocitor appliance enables MPE+ to support more Chinese devices than any other mobile forensics tool
The manufacture, export and purchase of cheap, generic, phones and tablets are becoming more and more common these days. In 2011 alone, over 800 million mobile devices and close to 40,000 models were manufactured in China. In 2012, more than half of those were exported to world markets, comprising more than 30% of the global cell phone market. As result, these devices are becoming one of the most prominent sources of forensic evidence.
MPE+ Velocitor assists mobile forensics labs with critical examinations involving these devices. In many cases a mobile device may look like a mainstream smart device, but it is actually a cloned or counterfeit phone containing Chinese components. In those instances, most mobile forensics solutions fall short, making it impossible to process critical data. MPE+ Velocitor enables full flash data extraction from these devices, exposing critical evidence quickly and effectively, without the need for a third-party tool or software.MPE+ Velocitor Highlights
Physical and logical extraction from 95% of Chinese chipsets, including but not limited to:
- Infineon, TI, Phillips and Coolsand and more
Parse user data to include:
- SMS, MMS, Media, Contacts and Call Logs. Deleted data is also accessible.
- Passwords, Chip ID, IMEI numbers and device information
The MPE+ Velocitor solution includes…
- MPE+ Velocitor License
- MPE+ Velocitor Hardware Device
- MPE+ Velocitor Cable Kit
- MPE+ Carrying Case
MPE+ Velocitor User Guide