Analyze and Review the Data of ‘MeWe’ and ‘Threema’

We’ve been keeping up with the research on the globally rising social media apps, today we’ll introduce MeWe and Threema. MD-RED is supporting data analysis of MeWe Android from MD-RED v3.7.29 and Threema Android, MD-RED v3.7.31. Follow the below article and find out major features and how MD-RED displays the analysis results. 

 

1. MeWe 

 

  • What’s MeWe?

MeWe is the uplifting social network service app with awesome social features people love along with no ads, no targeting, and no newsfeed manipulation.  It has a timeline, groups, pages you can join, friends can make, a built-in messaging tool, and a profile page for users to customize.

 

  • Major features of MeWe and Analysis results of MD-RED

 

 

2. Threema

 

  • What’s Threema?

 

Threema is a paid open-source end-to-end encrypted instant messaging application for iOS and Android. The software is based on privacy by design principles as it does not require a phone number or any other personally identifiable information. Data is stored in an encrypted DB, and more security settings can be added to the settings. Users can do text messaging, make voice, and video calls, send multimedia, locations, voice messages, and files.

 

  • Major features of Threema and Analysis results of MD-RED

 

If you want to read the full article, please download the PDF file.

Analyze and Review the Data of ‘Zepeto’ and ‘Clubhouse’ using MD-RED

Today, Zepeto and Clubhouse are the rising apps, the app user is growing fast, and it’s recognized as a new generation of social media. MD-RED is supporting the data analysis of Zepeto (Android) from v3.7.26, Zepeto (iOS) from v3.7.31, and Clubhouse (iOS) from v3.7.20.  Through this article, you may learn the basic features of Zepeto, Clubhouse, and how MD-RED can analyze and display the data.

 

  • What’s Zepeto

The Zepeto app is a metaverse (virtual platform) of a creative studio developed by Naver Z Corporation. The friends in Zepeto can share a common room and have fun activities by creating 3D avatars with displayed items available in this environment. The pictures and videos taken in the various maps in Zepeto world can be shared through the feed.

– Account information

Account information is displayed in ‘Account’ and you can find out the user’s name, Inner ID, and creation date and time.

– Chat data: Message

Click the speech bubble on the screen to display the chat list. Conversation supports 1:1, group chat and is analyzed as follows. Chat data such as chat room name, chat room ID, group chat status, chat room creation date, participant, chat room creator are analyzed.

In chat rooms, users can send text, images, and video files. MD-RED analyzes and displays those contents as message type, creation date, content, attachment, sender, message ID, chat room.

 

  • What’s Clubhouse

Clubhouse is social audio app which is a voice networking app developed by Alpha Exploration. It’s designed to have audio/voice communication in real-time in the chat room. MD-RED supports Clubhouse (iOS) analysis from v3.7.20, supported targets are the account, contact, and notification message. And a text-based chat room ‘Backchannel’ feature will be supported by MD-RED soon.

 – Account Information

Supports to analyze the Account name, ID, Inner ID, and Profile image.

– Contacts

The information of the chat room participants in the list is displayed in the contact analysis result.

– Alarm message

An alarm message is analyzed and displayed in the message analysis result. This allows us to infer the user’s activity.

 

If you want to read the whole article, download the PDF.

Recognize and Capture the Character using Timestamp/Channel OCR feature in MD-VIDEO

How can Timestamp/Channel OCR feature support video forensic investigators? In the situation of the time information of a file in the filesystem is damaged or there is no time/channel information in the recovered frame, OCR can be very useful. Follow the below article and find out how MD-VIDEO recognizes and captures the time and channel information displayed on the frame using the OCR feature.

 

How to operate Timestamp/Channel OCR feature?
Check the target to be analyzed and click Time/Channel OCR from the menu. Select the Range of the target and drag to include the Time or Channel information on the frame.
After selecting the range, set the timestamp format accordingly, if you don’t see the matching timestamp format, select ‘Custom template’ and make a new one.

 

Review the Timestamp/Channel OCR analysis results
The OCR analysis results are displayed in OCR Timestamp and OCR Channel. If the OCR result is not correct, it can be modified by entering a value in the Attribute tab.

 

Download PDF – Timestamp,Channel OCR feature in MD-VIDEO

2Q 2021 MD-Series Release Note Highlights

MD-NEXT v1.89.19~v1.90.02 

Samsung Full Filesystem Extraction for Android 11 – Supports 20 models of Galaxy S10, Galaxy Note10 Series with Exynos Chipset.
Huawei Kirin 970/980/990/9905G Chipset Full Filesystem extraction – Supports 32 models including Honor Note 10, P20, P20 Pro, Mate 10, Mate 10 Pro, Mate 20, Mate 30 Series.
Physical Extraction for Windows mobile – Supports 63 models including Lumia 540, Lumia 1520.
Android Live enhancement – Scan for apps in Secure folder, improved App Downgrade, enhanced notification, and restoration.
Image Filesystem Verification

 

MD-RED v3.7.23~v3.7.36

Extraction images acquired by Cellebrite UFED – Improvements of iOS analysis script set up when adding .dar image(iOS Full Filesystem image file acquired with Cellebrite tool) to case. Improved analysis of extracted image information stored in UFED PA data file (*.ufd).

 

MD-LIVE v3.4.1∼v3.4.3

Watch List – New feature for users to manage the Watch List of major apps to investigate.
Keyword management – Various keywords can be imported and exported.

 

MD-VIDEO v3.6.0v3.6.2

Car plate number recognition – Recognizes the car plate numbers in the low-resolution video stream can be guessed by the accuracy percentage.
MD-VIDEO AI analysis performance – Improved by over 45%.
New model support – DVR(3 Models), Dashcam(7 Models).

 

MD-CLOUD v1.6.0

Location Information & Timeline – Improved analysis performance of Location Information and Timeline display.

 

Download the document and find out more about released features!

Improve video with advanced enhancement feature in MD-VIDEO

In this article, you can learn how to enhance video and image using advanced enhancement features in MD-VIDEO. Even if the video you are investigating is blurry, shaky, dark, small, MD-VIDEO can improve and secure better visibility with various enhancement features. It’s a powerful feature to find the key frame from multi aspects including basic adjustment features, deblurring, super-resolution, and perspective transformation. You don’t need to find other video or image editors. Follow the below how-to tips, MD-VIDEO can help you to increase your video investigation efficiency and let you get close to the key evidence! If you want to learn more about enhancement features, go find our Youtube channel. 

 

Basic Enhancement

Basic enhancement feature includes Brightness/Contrast/Gamma/Color/Edge Sharpening/Noise Reduction. You can apply these filters to the dark videos like this sample video as below. We hardly see the people beside the highway, but after the brightness adjustment, we can clearly find people on the bridge and even the text on the vehicles.

 

Advanced Enhancement – a. Super Resolution

Super-resolution can magnify the analysis results with high quality compared to the common magnification. With this sample video, we’ll try a super-resolution feature to the car plate on the taxi. MD-VIDEO supports 3 types of super-resolution, EDSR/ESPCN/FSRCNN. EDSR has the best quality of performance, but it may take a lot of time, so we recommend using a GPU. Apply crop and rotate feature in advanced, and select super-resolution then set the scale level. You can check the adjustment result from the canvas and try additional enhancements to have better visibility.

 

Advanced Enhancement – b. Motion Deblur

Shaky images can be improved with the Motion Deblurring feature. If you want to have the clear text from the moving object, the following enhancement tips can help you. Capture the frame and crop the only necessary part then select the Motion Deblur menu. Make an adjustment of Length, Angle, SNR(Signal to Noise) until you get the clearest result.

 

Advanced Enhancement – c. Perspective Transformation

The tilted objects can be flattened with the Perspective Transformation feature. We’ll apply on this sample video, you may need this feature frequently on the car plate. After cropping the image, go click the Perspective Transformation menu. Select the four coordinates of the area where perspective transformation is performed and click the apply button.

Download PDF – Improve video with Advanced Enhancement feature in MD-VIDEO

Detect, Classify, Summarize and Review with Intelligence features in MD-VIDEO AI

Today, one of the most compelling types of evidence is video. As video evidence becomes more and more common, MD-VIDEO AI is an essential tool for organizations that handle huge volumes of video footage but have limited resources to accurately review the massive amount of data buried in it.

Here we introduce MD-VIDEO AI features that can perform many tasks for you, more accurately and efficiently. The current version of MD-VIDEO AI is highly focused on the detection of various types of objects and colors that are related to the crime scene, this object detection feature is accelerated with a multi-core GPU. And with those labels classified scenes, users can review the summarized results. Also, check out our How-to video on the MD-VIDEO AI and find out how you can be benefited!

 

How to Run AI Analysis

Check the video to be analyzed and click AI Analysis in the menu.

 

AI Analysis Settings

Before starting AI analysis, the user can set the options. Select file to be analyzed, preview the selected file and set the object detection type confidence threshold and the frame differential percentage. Also, the date range of each file can be selected by dragging or typing directly.

 

Display of AI Detected Object

Analysis result consists of File List, Gallery Filter, Event Gallery, and Frame View. Users can directly select the same object and group them and the label can be changed when the label is different from the user’s intention. And if the user is already aware of the color looking for, can set filter only frames that contain that specific color. Filter by selecting objects can be done directly in the Frame View by mouse drawing on the object.

 

Review on AI Analysis Results

Analysis results are organized into Scene List, Scene Gallery, and Detailed view. Users can remove unnecessary frames from the scene. And the image enhancement feature is supported for the image of frames included in the scene.

Scenes can be merged to create a new scene and unneeded scenes can be removed by pressing Remove. Users can create a movie that contains only scenes. Especially when the video to be analyzed has a long playback time, this function can generate a shortened video containing only meaningful objects.

To learn more about MD-VIDEO AI features, go check our Youtube channel!

 

The Smart feature to find Numbers from Car Plate using MD-VIDEO AI

Numberplate Enhancement Forensics

The Number Plate Analysis is a feature that is machine-learned from low-quality of number (0 to 9) images and predicts the number when a low-quality image is added. An existing enhancement feature in MD-VIDEO also can help you to identify numbers from the low-quality images by applying various enhancement options such as Super Resolution and Motion Deblurring feature.

However, this smart feature can support you to get the data without any complicated steps, it’s much easier, time-saving and you’ll get the most reliable results!

 

 

How to Analyze Blurred License Plates                                                            

 

On the frame, drag the area you want to crop on the canvas then right-click in the [Number Plate] area. Click [Add new bounding box] to specify the area for each number then click Analyze.

You can also check why MD-VIDEO got the result via [Show Detail], it shows you the probabilities of each number analyzed by the number plate analysis model.

 

Review the Image Enhancement results

 

You can check the analyzed result from ‘Image Enhancement Results’, it shows Image, Probability, and Attribute.

  1. Image is the number plate file you select to analyze.
  2. Probability shows each number’s numerical probability determined by the number plate analysis model.
  3. Attribute shows the name, source file path, location, resolution of the improved image, history and user can add comment.

 

To read the full article, please download the PDF.

New Release highlight of MD-NEXT v1.90.1

New Release highlight of MD-NEXT v1.90.1

 New Extraction Support for Big 3 Manufacturers.

  • Huawei Full Filesystem Extraction for Kirin chipset
  • Samsung Full Filesystem Extraction for Android 11
  • Physical Extraction for Windows mobile

 

1. Huawei Full Filesystem Extraction for Kirin chipset

  • Chipset (OS Version): Kirin 980 (EMUI 9 ~ 11), Kirin 990, 990 5G (EMUI 10 ~ 11)
  • Model: 27 models including Mate 20, Mate 30 Series
Huawei (45) Honor Note 10 (RVL-AL09), P20 (EML-TL00), P20 Pro (CLT-AL00L), Mate 10 (ALP-AL00, ALP-L09, ALP-L29), Mate 10 Pro (BLA-AL00, BLA-L09, BLA-L29), P20 (EML-AL00, EML-L09, EML-L29), P20 Pro (CLT-AL00, CLT-AL01, CLT-L09, CLT-L29), P40 (ANA-LX4), Nova 3 (PAR-AL00), Mate 30 (TAS-AL00, TAS-TL00), Mate 30 5G (TAS-AN00), Mate 30 Pro (LIO-AL00, LIO-L29, LIO-TL00), Mate 30 Pro 5G (LIO-AN00, LIO-N29), P40 Pro (ELS-NX9), Honor 20 (YAL-AL00, YAL-TL00), Honor 20 Pro (YAL-AL10), Honor View 20 (PCT-AL10, PCT-L29, PCT-TL10), Mate 20 Dual Sim (HMA-AL00, HMA-TL00), Mate 20 Pro (LYA-AL00, LYA-AL10, LYA-L09), Nova 5T (YAL-L21), P30 Dual SIM (ELE-AL00, ELE-L04, ELE-TL00), P30 Pro (VOG-AL00, VOG-AL10, VOG-TL00)

 

2. Samsung Full Filesystem Extraction for Android 11

  • Model: 20 models of Galaxy S10, Galaxy Note10 Series with Exynos Chipset
SAMSUNG (20) Galaxy Note 10 5G (SM-N971F, SM-N971N), Galaxy Note 10 LTE (SM-N970F, SM-N970F_DS, SM-N970N), Galaxy Note 10+ 5G (SM-N976F, SM-N976N), Galaxy Note 10+ LTE (SM-N975F, SM-N975F_DS, SM-N975N), Galaxy S10 (SM-G973F, SM-G973N), Galaxy S10 5G (SM-G977N), Galaxy S10 Dual SIM (SM-G973F_DS), Galaxy S10+ (SM-G975F, SM-G975N), Galaxy S10+ Dual SIM (SM-G975F_DS), Galaxy S10E (SM-G970F, SM-G970N), Galaxy S10E Dual SIM (SM-G970F_DS)

 

3. Physical Extraction for Windows mobile

  • Version: 8.1, 10
  • Model: 63 models including Lumia 540, Lumia 1520
Microsoft (37) Lumia 430 Dual SIM (RM-1099), Lumia 435 (RM-1068, RM-1070, RM-1071), Lumia 435 Dual SIM (RM-1069, RM-1114), Lumia 532 (RM-1032, RM-1034), Lumia 532 Dual SIM (RM-1031, RM-1115), Lumia 540 Dual SIM (RM-1140, RM-1141), Lumia 550 (RM-1127, RM-1128), Lumia 640 (RM-1109), Lumia 640 Dual SIM (RM-1075, RM-1077), Lumia 640 LTE (RM-1072, RM-1073, RM-1074), Lumia 640 LTE Dual SIM (RM-1113), Lumia 640 XL (RM-1066), Lumia 640 XL Dual SIM (RM-1065, RM-1067), Lumia 640 XL LTE (RM-1062, RM-1063, RM-1064), Lumia 640 XL LTE Dual SIM (RM-1096), Lumia 735 (RM-1039, RM-1041, RM-1078), Lumia 735 4G (RM-1038), Lumia 950 (RM-1104, RM-1105), Lumia 950 Dual SIM (RM-1118), Lumia 950 XL (RM-1085), Lumia 950 XL Dual SIM (RM-1116)
Nokia (24) Lumia 1520 (RM-937, RM-938, RM-939, RM-940), Lumia 530 (RM-1017, RM-1018), Lumia 530 Dual SIM (RM-1019, RM-1020), Lumia 630 (RM-976, RM-977), Lumia 630 Dual SIM (RM-978, RM-979), Lumia 635 (RM-974, RM-975), Lumia 636 (RM-1027), Lumia 638 (RM-1010), Lumia 730 Dual SIM (RM-1040), Lumia 830 (RM-1049, RM-983, RM-984, RM-985), Lumia 929 Icon (RM-927), Lumia 930 (RM-1045, RM-1087)

Approach to the Hidden Data in ‘Samsung Secure Folder’ with MD-NEXT  

Why forensic investigators must keep their eye on the Samsung Secure Folder? Like the word ‘Secure Folder’, Samsung Secure Folder is separated from the normal storage space and encrypted based on Samsung’s security technology ‘Knox’. PIN/pattern/password or biometric verification is required to access the secure folder. The data in the secure folder is not accessible from outside and is not visible even when the device is connected to the PC. This means, personal or confidential data can be stored in Samsung Secure Folder, and this can be the core data for your forensic investigation. Today we introduce how MD-NEXT can help you to approach Samsung Secure Folder with various methods by models, MD-NEXT will support Android version 11 soon, and you’ll get more meaningful data!

*’The ‘Knox’ space manages the entire space variably just like many apps manage data in their DB. And when data is deleted from the Knox, it is returned to the non-allocated area of the basic storage space, therefore, ‘Logical Extraction’ is carried out in file unit.

 

MD-NEXT Extraction methods by Models

  • Galaxy A5/S7/S8/S9/Note8/Note9 Series (Exynos & Qualcomm)

If the Android security patch level is before August 2019, you can obtain the security folder using the ADB Pro T4 method. The USERDATA partition is acquired as a physical image, and additionally, the files stored in the secure folder are decrypted and acquired as a separate logical image.

 

  • Galaxy A6/A7/S9/J6/Note9 Series (Exynos)

If the Android OS version is 10, you can obtain the secure folder using the Bootloader Pro method. Like the ADB Pro T4 method, the USERDATA partition is acquired as a physical image, and additionally, the files stored in the secure folder are decrypted and acquired as a separate logical image.

 

  • Galaxy A30/A40/A50/S10/Note10 Series + Galaxy Tab A 10.1 Series (Exynos)

Samsung Galaxy S10 and Note 10 series of devices and some A series of devices, you can obtain a secure folder by using the Full Filesystem (Bootloader Pro2) method (Supports both Android 9,10 and 11). When acquiring the active files of the USERDATA partition, the files stored in the secure folder are decrypted and acquired as a single logical image.

 

How to Review Data?

The data in the secure folder is acquired as a separate logical image from the physical image of the USERDATA partition. The file naming scheme for logical images has been changed in MD-NEXT version 1.89.5(Released date Jul.15, 2020), so the file name may differ depending on the version. Information on the file name and extension of the acquired images can be checked in the acquisition report.

Download PDF_MD-NEXT – Samsung Secure Folder

‘MD-LIVE’ New features to Save your Onsite Investigation Time

‘MD-LIVE’ New features to Save your Onsite Investigation Time

Whenever to access the evidence phone at the crime scene, you may always suffer from insufficient time and its complicated steps to use the mobile forensic tool. The search on the apps to watch and the pinpoint of the keywords from the piles of text messages are getting crucial for the first responders. MD-LIVE has armed itself with two useful features to save the investigation time and to meet these needs for smartphone forensics.

 

  1. ‘Keyword’

The keywords that are frequently searched such as drug, sexual assault, murder cases can be grouped and registered by category. Users can select a category that matches the case, it can save much time from repetitive searching keyword routine and prevent missing important search terms. Moreover, user can continuously update the keyword list and share with their colleagues by Import/Export feature.

–                How to register keywords?

Click the ‘Keyword’ icon in the upper right corner of MD-LIVE. Enter the keyword group name in ‘Name’ and list the search terms to be included in the ‘keyword’, separated by ‘;’, and click the ‘Add keyword’ button.

 –                How to search with keywords?

Select the target you want to search from the list of registered keywords and click the ‘Search by selected keyword’. Then MD-LIVE performs a multi-search on the targets registered in the keyword group.

 

  1. ‘Watch List’

If there are apps to be scanned every time or need to quickly scan a specific list of apps according to your institution’s needs, ‘Watch List’ is a preferentially considerable feature. This supports you to easily determine whether a specific app is installed in the device in advance. By selecting a forensic target at a time, it saves you a lot of time from searching multiple apps each time and selecting them as targets. And once app scanning is completed you can quickly determine whether an in-depth forensic investigation is needed on the specific target.

–                How to use Watch List feature?

Connect the device and operate Watch List feature on the [Select Data] step. Target apps can be added by right-clicking on the desired app and the list of apps can be managed by ‘Manage Watch List’ at the top right of MD-LIVE. Select ‘Manage Watch List’ and add the package name of the app you want to specify.

An eye-shaped badge will be displayed next to the app, and you can easily review all the listed apps through the ‘Watch List’ filter and select them as an extraction target at once.