Internet Evidence Finder v6.3
Wed, 02/26/2014 - 2:54pm
Magnet Forensics has released Internet Evidence Finder™ (IEF) v6.3. Key release updates include enhanced tools for investigation of pictures; additional support for volume shadow copies, support for an expanded range of mobile chat and social networking artifacts; as well as support for analysis of Kindle Fire tablets.
New IEF Platform Features
Enhanced Tools for Investigation of Pictures
IEF v6.3 includes a new set of integrated features intended to assist law enforcement with identification and categorization of pictures:
- Hashing of Recovered Pictures — PhotoDNA, MD5 and SHA-1 hashes are provided for picture files recovered by IEF
- Access to the PhotoDNA feature is available at no additional cost for qualified Law Enforcement Customers. Go to www.magnetforensics.com/photodnaregistration to request access.
- Import custom hash databases to automate the identification and categorization of picture files
- Import Project Vic databases to automate the identification and categorization of picture files for law enforcement customers working on child exploitation cases
- Export pictures from the IEF report viewer for customers using third party picture analysis software (for example C4All)
Other New Features
- Native support for the AD1 logical image format created by AccessData’s FTK
- Volume shadow copies can now be analyzed as a standalone source of evidence with more granularity and native parsing (no image mounting required)
- Native support for analysis of zip archives (no longer necessary to extract the data from a zip archive prior to analysis). This is particularly useful for analyzing Cellebrite logical file dumps saved as zip archives
This release adds support for 76 new artifacts, bringing the total number of artifacts supported by IEF to 431. IEF now recovers 263 types of Internet artifacts on Windows and Mac computers and 168 types of mobile artifacts for iOS and Android powered smartphones and tablets (IEF Advanced required for mobile investigations).
Expanded Set of Mobile Messenger & Mobile Social-Networking Artifacts
The use of mobile messenger and mobile social-networking applications has exploded in the past year. With this release, IEF adds support for the recovery of artifacts from a host of additional mobile chat and social-networking applications, including: WeChat, LINE, BlackBerry Messenger (BBM), Viber, textPlus, Growlr, Grindr, QQ Chat, AIM for iOS, Touch, WhatsApp support expanded to include recovery of WhatsApp encrypted backups and Kik Messenger support expanded to include recovery of attachments.
Support Added for Kindle Fire
IEF v6.3 adds support for the analysis of Kindle Fire tablets which are powered by a custom version of the Android Ice Cream Sandwich OS. This release includes the addition of 18 new Kindle Fire specific artifacts, like the Silk Browser, email, downloads, pictures, video, and Kindle versions of popular third-party applications like: AIM, Dropbox, Facebook, Gmail, Instagram, Kik Messenger, Sina Weibo, Skype and Twitter.
IEF Advanced is required for analysis of mobile devices. For a full list of mobile artifacts supported by IEF Advanced visit: www.magnetforensics.com/software/internet-evidence-finder/supported-artifacts/
Other New Artifacts
- Dropbox decryption support for Windows 7 (Dropbox decryption now supported for Windows XP, Vista and 7 on images, as well as Windows 8 on live systems)
- Dropbox config.dbx decrypti
- Windows Phone artifacts — Recover browser history, browser based social networking artifacts, webmail, Skype artifacts, and pictures/videos from Windows Phone images/file system dumps