07 - Examination Tools Flashcards
Name the two distinct categories of Non-Forensic Tools?
- Data Suites (e.g. iTunes)
- Mobile Device Managers (e.g. MobileMaster)
Name a few Manual Capture Tools?
- ZRT
- Eclipse
- Project-a-Phone
Name a few Integrated Manual Capture Tools?
- XRY Camera
- UFED Camera
Name a few SIM/UICC Only Examination Tools?
- SIMTools - (3G Forensics)
- USIMdetective (Quantaq)
- CPA SIM Analyser (BK Forensics)
- SIMCON (Paraben)
What is a SIM Clone Tool?
Enables an examination of a mobile device:
- without the original SIM card
- with a PIN locked SIM card
- without connecting to a network
Some forensic tools use rewritable cards. Other forensic tools use write once cards.
Name a few Logical Examination Forensic Tools?
- XRY Logical (Microsystemation)
- UFED Standard (Cellebrite)
- Device Seizure (Paraben)
- Secure View Kit (Susteen)
- Oxygen Forensic Suite (Oxygen)
- Santoku
What is/can XRY?
- Logical, Physical and Cloud versions available
- Allows the examination of three different items such as mobile device, SIM and memory card simultaneously
- XRY provides a device manual which identifies the potential data of mobile devices it supports
- USB or Bluetooth connection, IR no longer supported
- Pinpoint add on for MTK and Spreadtrum devices
- Supports iOS backup import decoding
- Available in standard, kiosk, tablet and field versions
What is/can Universal Forensic Extraction Device (UFED)?
- Logical, Physical and Cloud Analyzer versions available
- Chinex add on for MTK, Infineon, Spreadtrum devices
- Standalone with no computer required for extraction using Touch version
- Integrated Malware Scanner / Screen capture
- Supports USB, Bluetooth and IR Interface
- Available in 4PC, Touch, Kiosk and Ruggedized versions
What is/can Oxygen Forensics Detective?
- Integrates functionality from earlier versions
- Extracts data from devices and offline and online backups
- Extracts data from online storage areas
- Built in Plist, SQLite viewer
- Integrated Timeline Function
- Supports a wide range of phone operating systems
- Integrated communications statistics reporting
What is/can Device Seizure?
- Supports a wide range of mobile devices
- USB, Bluetooth or IR Connection
- Available in different versions
- Logical and Physical Support
What is/can AXIOM?
- Smartphone based
- Evolution of Internet Evidence Finder product
- Modular options of Smartphone, Computer and Cloud
- Logical and Physical acquisition
- Import acquisitions from other tools and binary images
- Dynamic App Finder for unsupported artefacts
What is/can MOBILedit Forensic?
- Retrieves handset data and SIM data
- Cable, IR, Bluetooth
- Retrieve data from SIM Card using SIM Card Reader
- Software only version with an optional cable kit
- Forensic Express version
- Concurrent Extractions
Name a few Single and Multi OS Tools?
- Internet Evidence Finder/AXIOM
- iOS Forensic Toolkit
- Belkasoft Evidence Center
- NowSecure
- Autopsy
- Andriller
Name a few SQLite Tools?
- Forensic Toolkit for SQLite
- SQlite Forensics Explorer
- Epilog
Name a few Offline / Online Backup Files?
- Elcomsoft Mobile Forensic Bundle
- XRY
- Oxygen
- Belkasoft Evidence Centre
- MobilEdit
- Internet Evidence Finder/AXIOM
Name a few Online Cloud Access Tools?
- UFED Cloud Analyzer
- Oxygen Forensic Detective
- XRY Cloud
- Elcomsoft Mobile Forensic Bundle
- Belkasoft Evidence Centre
- MobilEdit
- AXIOM
Name a few Flasher/JTAG/ISP Tools?
- Advanced Turbo Flasher
- Z3X Box
- NCK
- GPGEMMC
- RIFF
- GPGOrt
- UFST Box
Name a few Physical Examination Forensic Tools?
- XRY Physical (Microsystemation)
- UFED Ultimate (Cellebrite)
- Device Seizure (Paraben)
- Encase (Guidance Software)
- AXIOM
- Belkasoft Evidence Center
- Mobile Phone Examiner Plus (Access Data)
- MOBILedit Forensic – (Compelson)
Name a few Memory Card Examination Tools?
- XRY Physical (Microsystemation)
- UFED Ultimate (Cellebrite)
- Forensic Tool Kit Imager (Accessdata)
- Forensic Toolkit (Accessdata)
- Encase (Guidance Software)
- X-Ways Forensics
- Autopsy
- PhotoRec
