MPE+® Mobile Forensics Software Supports 6800+ Devices, Including iOS®, Android ™ and Blackberry ®Devices, as well as Devices with Chinese Chipsets

MPE+® is a stand-alone mobile forensics software solution that is also available on a preconfigured touch-screen tablet for on-scene mobile forensics triage. Furthermore, Mobile Phone Examiner Plus ® images integrate seamlessly with Forensic Toolkit ® (FTK ®) computer forensics software, allowing you to correlate evidence from multiple mobile devices with evidence from multiple computers within a single interface.

Adding MPE+® Velocitor Enables Your MPE+® Solution to Support More Chinese Devices than Any Other Solution on the Market Today.

MPE+® Velocitor is an optional hardware add-on that integrates seamlessly with MPE+® version 5.3 and above. MPE+® Velocitor solves the problem investigators now face when processing cheap generic phones, tablets and Chinese phones as key evidence in critical investigations. MPE+® Velocitor provides physical and logical extraction from 95% of Chinese chipsets, including full flash data extraction. Supported devices include MediaTek, Spreadtrum, MStar, TI, Phillips, Coolsand and more.

Broad Mobile Device Support and Functionality in a Single, Easy-to-Use Solution

With support for more than 6800 cell phones and mobile devices, including iOS ®, Android ®, Blackberry ®, Windows Mobile and Chinese devices, MPE+® enables examiners to perform advanced mobile device investigations without having to purchase an overpriced suite of modules or cumbersome hardware. Advanced carving and filtering options, as well as broad support for even the most challenging mobile device profiles, facilitate thorough analysis and reporting. Plus its integration with FTK and the touch tablet option make it the intelligent choice for mobile forensics examiners looking to upgrade their capabilities.

MPE+® for E-Discovery

In addition, MPE+® is the only mobile forensics solution designed to facilitate mobile device discovery for litigation support personnel addressing e-discovery requirements. The interface is the most intuitive on the market and includes visualization tools that allow you to easily see communication relationships among contacts and automatically construct graphical data timelines.. An intuitive interface, advanced analysis, easy export and robust reporting make MPE+® the tool of choice for e-discovery practitioners.

NOTE: MPE can be purchased with a SIM reader and phone cables. Cable updates are shipped to those who maintain SMS.

Supports 6800 Mobile Devices

MPE+® supports 6800+ devices, including more than 1300 unique profiles that often present challenges to investigators. (Cable kit available separately.)

  • Motorola including Atrix HD, Photon Q, Razr M,and Razr I and others
  • Android devices, including full user data extraction from rooted devices
  • iOS devices up to 6.1.3 including physical and logical extraction
    • Physical extraction limited to devices up to and including iPhone® 4 and iPad® 1 )
  • Windows Mobile® devices
  • Blackberry ® devices, including the import of Blackberry BBB (Blackberry Backup) files and select general devices
  • Legacy phones including LG, Nokia Series 30/40, Samsung, Motorola, ZTE, Sony Ericsson and others

SUPPORTS 95% OF MOBILE DEVICES CONTAINING CHINESE CHIPSETS

Adding MPE+ Velocitor* to your MPE+ solution allows the extraction of the file system, call history, messages (SMS/MMS), flash images and  device information from mobile devices containing Chinese embedded chipsets including:

  • Chinese MediaTek (MTK)
  • Spreadtrum,
  • MStar,
  • TI,
  • Phillips,
  • Coolsand and more. 

*MPE+® Velocitor is sold separately and requires a license plus the MPE+® 5.3 Software upgrade

AUTOMATED SMART APPLICATION RECOVERY

MPE+® allows for the one-click recovery of application data, including but not limited to:

  • LinkedIn
  • Twitter
  • Facebook
  • GoogleVoice
  • Skype
  • WeChat
  • QQ and more

PHYSICAL IMAGING OF ANDROID DEVICES

MPE+® enables the physical imaging of Android devices including both Samsung Galaxy S® II and III devices even if USB debugging is not enabled. This allows MPE+® to bypass any passcodes even if the device is protected with USB debugging in the OFF position. MPE+® provides an extraction wizard when extracting both Samsung Galaxy SII and SIII Android devices.

IOS ® DEVICE ANALYSIS

  • Physical and logical acquisition of iOS devices up to 6.1.3 (both CDMA and GSM). Physical extraction is limited to devices up to and including iPhone® 4 and iPad® 1
    • No jail breaking required.
    • Acquire physical and logical data simultaneously, without the need for iTunes ®.
    • On-the-Fly decryption of operating system and logical data
  • iTunes® Backup Browser
    • Import folders and files containing an iTunes Backup.
    • Using a mounted image, point to the iTunes folder.
    • Support for both encrypted and non-encrypted backups.

GRAPHICAL INTERFACE FOR MORE INTUITIVE ACQUISITION AND ANALYSIS

  • Home “Launch Area”:
    • User Guide
    • RSS Feeds for MPE+ Support Videos
    • Recent Collections and Quick Links
    • Training, Forum and Product web interface

Visualization Tools

  • Timeline Viewer illustrates SMS, EMAIL, MMS and Call Logs for any selected timeframe.
  • Social Analyzer illustrates SMS, EMAIL, MMS and Call Logs for selected contacts – comparing each with all selected.

Advanced Analysis Tools

File systems are immediately viewable and can be parsed in MPE+® to locate lock code, EXIF and any data contained in the mobile phone’s file system.

  • Filter any column by Data or Values, such as Contains/Is equal to, and more.
  • New Data View Tabs
  • Enhanced Gallery View
    • File system will display all images in selected folders.
    • Carving Window displays all images.
    • Media View shows all images extracted.
  • PLIST Viewer Built into Natural View and embedded SQLite Database Browser
    • Now you can view data in both binary and standard PLIST files in CHTML.
    • View tables within SQLite databases in CHTML.
    • Ability to export the viewed data in several formats including Microsoft Excel
  • Carve Data for Embedded Phone-Specific Data.
  • Built-in iOS and Android Parsers
  • Carve ALL SQLite Database Files from iOS ® to Android for Deleted Data.
  • Right click on any SQLite database and select to parse the free file area.
  • All parsed SQLite databases are then displayed for review.
  • Hex Interpreter
    • Highlight bytes to display common date/time formats.
  • SIM and USIM support, with Forensic SIM cloner for Phone Processing without Altering Data
  • Import Many File Types, Including AD1 Forensic Containers, Back into MPE+ to View Data as if the Device is Connected.

ADVANCED ALERT MANAGER

The Alert Manager allows you to create keywords that MPE+® will use to flag and label extracted data that matches those keywords. Users can create alerts from within MPE+®, import folders containing alerts, create a single alert file and import into the alerts, and even export all the alerts into a folder to share with other MPE+® users. With this feature you can…

  • Tag Information that is located when running alerts.
  • Manually or automatically run alerts for every device extraction, import, and parse conducted in MPE+®.  This feature will allow the user to immediately be notified of alerts when parsing images, collecting from a device or running our built-in parsers.
  • Have the option to activate or deactivate alerts.
  • Have multiple alerts selected to run on each data set and more.

The Alerts Manager View allows you to manage filter dictionaries, import and export filter dictionaries, and then stylize the alert hits. You can also view specific alerts and their associated settings and keywords, create alerts, activate and deactivate alerts and more.

Ideal System Setup

Software
Operation System
Windows 7 64-bit (all versions)
Hardware
Processor
Core2 Duo 2GHz+ (or equivalent)
Memory
4GB
Disk Space
500GB (Additional storage may be needed for physical Apple device acquisitions)
Expansion Ports
QTY x4 USB 3.0 ports
Dedicated Video Memory
128MB or higher
SC Magazine 5 star recommendation

Webinars





I really like how easy it was to get the logical and physical acquisition. It’s like “one stop shopping.” No need for a passcode either. Other tools require a passcode or jailbreak to get the logical.
Bruce Downey,
Law Enforcement Officer

The MPE+ nFIELD solution combines the powerful device collection capabilities of Mobile Phone Examiner Plus™ (MPE+) with a simplified user interface to support a broader set of users and on-scene mobile device data collection. MPE+ nFIELD performs logical and physical acquisition of all MPE+ supported mobile devices along with USIM, SIM and mass storage devices; all with a touch of a single button.

In just 7 steps, the MPE+ nFIELD interface visually guides investigators through mobile data collections. The wizard driven interface supports forensically sound data acquisitions with virtually zero training. An AD1 image is automatically created to ensure the information collected can be analyzed in any AccessData solution and the collected data supports a proper chain of custody. Additionally, MPE+ nFIELD automatically creates a customized report of the extracted data for immediate review on scene.

MPE+ nFIELD software can be installed on ANY device running the Windows® 7, 8 and 8.1 x 86 and x64 Operating System including Personal Computers, Laptops and Tablets.

Get the power of MPE+ nFIELD with the MPE+ Tablet

MPE+ nFIELD also comes preinstalled on the MPE+ Tablet*. The MPE+ tablet hardware device allows you to perform simple and fast mobile physical and logical device collections away from the lab. Featuring the same collection capabilities of MPE+, the MPE+ Tablet supports more than 7,000 devices, such as legacy cell phones as well as smart devices. It also includes the MPE+ iLogical™ and dLogical™ support technology which collects iOS® and Android™ devices up to 30% faster than any other solution on the market.

*MPE+ Tablet is sold separately.

The 7 Simple Collection Steps of MPE+ nFIELD

Chances are mobile devices containing Chinese-manufactured chipsets are already part of your forensic investigation. Chances are…
… you haven’t being able to process them. Now you can.

MPE+ Velocitor is an add-on hardware tool that integrates seamlessly with MPE+ to unleash the power of physical and logical extraction from 95% of Chinese mobile devices.  The MPE+ Velocitor appliance enables MPE+ to support more Chinese devices than any other mobile forensics tool

The manufacture, export and purchase of cheap, generic, phones and tablets are becoming more and more common these days. In 2011 alone, over 800 million mobile devices and close to 40,000 models were manufactured in China. In 2012, more than half of those were exported to world markets, comprising more than 30% of the global cell phone market. As result, these devices are becoming one of the most prominent sources of forensic evidence.

MPE+ Velocitor assists mobile forensics labs with critical examinations involving these devices. In many cases a mobile device may look like a mainstream smart device, but it is actually a cloned or counterfeit phone containing Chinese components. In those instances, most mobile forensics solutions fall short, making it impossible to process critical data.  MPE+ Velocitor enables full flash data extraction from these devices, exposing critical evidence quickly and effectively, without the need for a third-party tool or software.  

MPE+ Velocitor Highlights

Physical and logical extraction from 95% of Chinese chipsets, including but not limited to:

  • MediaTek
  • Spreadtrum
  • MStar
  • Infineon, TI, Phillips and Coolsand and more

Auto-detect pin-out

Parse user data to include:

  • SMS, MMS, Media, Contacts and Call Logs. Deleted data is also accessible.
  • Passwords, Chip ID, IMEI numbers and device information

The MPE+ Velocitor solution includes…

  • MPE+ Velocitor License
  • MPE+ Velocitor Hardware Device
  • MPE+ Velocitor Cable Kit
  • MPE+ Carrying Case
    MPE+ Velocitor User Guide