Another one of these from in the air. Was there not a movie about this? Anyway…
We have been doing this for a while and have seen a few pieces of software come and a few go.
Take for example:
If you guys were witness to Neutrino and shortly there-after Mobile Phone Examiner (version 1) you know where I am coming from. These entries in the mobile phone arena did not even get a second look. They were tools that came from a computer forensics company and not too many people in the “know” looked at them with any amount of seriousness. Same goes with many others, some I may not mention due to the thin skin issues. There might be finally one of the big ones getting it right.
I first qualify this with a statement I always make in my training courses and hope my instructors preach the same: there is no one tool that will be your only tool in processing a mobile device, there are too many variables.
Because of the afore mentioned issue in cellphone processing, multiple tools must be used. If you ever run into a salesperson telling you one tool is all you need to process all cellphones I suggest you run. They are obviously not practitioners and buying software from a sales person without intimate knowledge of the processing of these devices most likely will sell you short. I have been able to look at AccessData’s MPE+ software prior to it’s release on September 14, 2010. Here is what I have seen so far and also what I have been told.
The MPE+ comes both in a mobile style called the MPE+ Mobile Field tablet and also the stand alone PC version. I am told the stand alone is for the office while the field version is for on scene work. Both are using the same underlying code with just a different User Graphical Interface. The mobile unit had larger buttons to allow the examiner to use the stylus or finger, but all the functionality is consistent with either choice.
The initial software release will support over 1200+ phones of either CDMA or GSM flavor. The best feature that will sooth the MFI student is the ability to take all the data, filesystems included, into FTK like a glove. This will allow for the easy processing of the artifacts missed or just overlooked by many software titles in the cellphone market. The subsequent release in the fourth quarter 2010 will bring around 900 more phones to the supported field to include full iPhone, iPad and iTouch full physical imaging. Also on the agenda will be the addition of Android and Windows Mobile, Blackberry and many other handsets. Comparing the first version of the Mobile Phone Examiner to the new plus version is night and day.
I been told a comparative list will be on the web soon. If I find it I will post it for everyone via an update.
If you are doing the HTCIA international conference in a week or so jump into the MFI basic class or jump to the AccessData booth for a demo.