Designed for forensic examiners and trained investigators in law enforcement & government, as well as IT security personnel in corporations who are conducting full forensic examinations of Android and iOS mobile devices as well as Windows and Mac computers.
IEF Advanced offers support for mobile devices, in addition to including all of the PC and Mac artifact support, and software features of IEF Standard.
Mobile Forensics (Exclusive to IEF Advanced)
- iOS and Android (including Kindle Fire) platform support
- Standardized support for raw images (dd, bin, dmg) and UFED logical file dumps saved as zip archives
- Search for artifacts in file system dumps and physical images (with physical images IEF can carve artifact from unallocated space)
Computer Forensics (IEF Advanced and IEF Standard)
- Windows and Mac OSX file system support
- Primarily used in a forensic lab environment
- Native image support for E01, Ex01, L01, Lx01, AD1, dd and dmg format
- Search live and deleted artifacts on hard drives and in live RAM captures
iOS and Android Artifact Support
- Carving & Parsing of artifacts from a file dump or physical image acquired with existing mobile forensic tools like Cellebrite’s UFED
- Proprietary carving technique recovers more data from unallocated space than existing mobile forensic tools
- Searches dd, bin and dmg images
- Recovers data from native phone applications including SMS, Email, Voicemail, Browsers, Mapping, Pictures, Notes, Phone (call logs)
- Also recovers data from 3rd party apps including popular chat, social networking and cloud services
- The Artifacts Supported page has all the specific details for iOS and Android artifact support
Dynamic App Finder (Exclusive to IEF Advanced)
- Searches for any potential mobile chat app databases on images or file dumps of iOS or Android mobile devices
- Identifies the app name and maps the four key fields to interpret results from most chat apps; sender, receiver, date/time and message
- Displays discovered chat app names and recommends field mapping for each chat database; field mappings can be modified and are saved by IEF for future searches/cases
- Displays full search results with all recovered records for each discovered chat app in IEF Report Viewer
Includes all the Features of IEF Standard
- Powerful Search Capabilities: Single search for 250+ Windows and Mac Internet artifacts
- Find Evidence Quickly: Get immediate search results, work with the found data in real-time
- Simple to Use: Get to key evidence in 3 easy steps
- Comprehensive Reporting: Create standardized and straightforward reports
- The Artifacts Supported page has all the specific details for Windows and Mac artifact support
Integrated Analysis & Reporting of Evidence From Mobile Devices and Computers
- Load multiple images from mobile devices and computers into a single IEF case file
- Consolidate reporting of Internet evidence from all computers and mobile devices related to your investigation into a single case file within IEF Report Viewer
- IEF’s Timeline tool time sequences all the evidence in the case file into an integrated visualized timeline so Internet activity on mobile devices and computers can be viewed together
- Plot geo-tagged mobile artifacts (i.e. Foursquare) on World Map to add time and location context to investigations
- IEF’s reporting and visualization tools help examiners build an overall understanding of when, where and how computers and mobile devices were used
Advanced is now called IEF and you will need to add the mobile module.
Magnet Forensics will now offer three editions of IEF:
1.Internet Evidence Finder
2.Internet Evidence Finder Triage
3.Internet Evidence Finder Bundle (includes IEF and IEF Triage)
Which you can then customize by adding-on two (optional) artifact modules:
1. IEF Mobile Artifacts Module (available for IEF and the IEF Bundle. Not available for IEF Triage)
2. IEF Business Applications & OS Artifact Module
Here’s more information on what our artifact modules will include, and how they can be used with other tools.
1.Mobile Artifacts Module:
Recover 165+ types of mobile artifacts from iOS and Android powered smartphones and tablets, including more 3rd party mobile apps than you can recover with traditional mobile forensic tools (because of our innovative approach to carving evidence from deleted space)
This module is designed to analyze images acquired from mobile phones via popular mobile forensic tools like Cellebrite’s UFED, Micro Systemation’s XRY and AccessData’s MPE+
2.Business Applications and OS Artifacts Module:
Recover Business and OS artifacts from computers and mobile devices, including: corporate email and instant messaging artifacts like Outlook OST & PST files, mbox email archives, and Microsoft Lync/OCS IM; documents like .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx; and operating system artifacts like user accounts, USB device history, lnk files, prefetch files, shellbags, jumplists, event logs and more
This module extends IEF’s search capabilities to include recovery of business application artifacts, so you can get a more complete view of the user’s activity on a computer and/or mobile device.