New Release highlight of MD-NEXT v1.90.1

New Release highlight of MD-NEXT v1.90.1

 New Extraction Support for Big 3 Manufacturers.

  • Huawei Full Filesystem Extraction for Kirin chipset
  • Samsung Full Filesystem Extraction for Android 11
  • Physical Extraction for Windows mobile

 

1. Huawei Full Filesystem Extraction for Kirin chipset

  • Chipset (OS Version): Kirin 980 (EMUI 9 ~ 11), Kirin 990, 990 5G (EMUI 10 ~ 11)
  • Model: 27 models including Mate 20, Mate 30 Series
Huawei (45) Honor Note 10 (RVL-AL09), P20 (EML-TL00), P20 Pro (CLT-AL00L), Mate 10 (ALP-AL00, ALP-L09, ALP-L29), Mate 10 Pro (BLA-AL00, BLA-L09, BLA-L29), P20 (EML-AL00, EML-L09, EML-L29), P20 Pro (CLT-AL00, CLT-AL01, CLT-L09, CLT-L29), P40 (ANA-LX4), Nova 3 (PAR-AL00), Mate 30 (TAS-AL00, TAS-TL00), Mate 30 5G (TAS-AN00), Mate 30 Pro (LIO-AL00, LIO-L29, LIO-TL00), Mate 30 Pro 5G (LIO-AN00, LIO-N29), P40 Pro (ELS-NX9), Honor 20 (YAL-AL00, YAL-TL00), Honor 20 Pro (YAL-AL10), Honor View 20 (PCT-AL10, PCT-L29, PCT-TL10), Mate 20 Dual Sim (HMA-AL00, HMA-TL00), Mate 20 Pro (LYA-AL00, LYA-AL10, LYA-L09), Nova 5T (YAL-L21), P30 Dual SIM (ELE-AL00, ELE-L04, ELE-TL00), P30 Pro (VOG-AL00, VOG-AL10, VOG-TL00)

 

2. Samsung Full Filesystem Extraction for Android 11

  • Model: 20 models of Galaxy S10, Galaxy Note10 Series with Exynos Chipset
SAMSUNG (20) Galaxy Note 10 5G (SM-N971F, SM-N971N), Galaxy Note 10 LTE (SM-N970F, SM-N970F_DS, SM-N970N), Galaxy Note 10+ 5G (SM-N976F, SM-N976N), Galaxy Note 10+ LTE (SM-N975F, SM-N975F_DS, SM-N975N), Galaxy S10 (SM-G973F, SM-G973N), Galaxy S10 5G (SM-G977N), Galaxy S10 Dual SIM (SM-G973F_DS), Galaxy S10+ (SM-G975F, SM-G975N), Galaxy S10+ Dual SIM (SM-G975F_DS), Galaxy S10E (SM-G970F, SM-G970N), Galaxy S10E Dual SIM (SM-G970F_DS)

 

3. Physical Extraction for Windows mobile

  • Version: 8.1, 10
  • Model: 63 models including Lumia 540, Lumia 1520
Microsoft (37) Lumia 430 Dual SIM (RM-1099), Lumia 435 (RM-1068, RM-1070, RM-1071), Lumia 435 Dual SIM (RM-1069, RM-1114), Lumia 532 (RM-1032, RM-1034), Lumia 532 Dual SIM (RM-1031, RM-1115), Lumia 540 Dual SIM (RM-1140, RM-1141), Lumia 550 (RM-1127, RM-1128), Lumia 640 (RM-1109), Lumia 640 Dual SIM (RM-1075, RM-1077), Lumia 640 LTE (RM-1072, RM-1073, RM-1074), Lumia 640 LTE Dual SIM (RM-1113), Lumia 640 XL (RM-1066), Lumia 640 XL Dual SIM (RM-1065, RM-1067), Lumia 640 XL LTE (RM-1062, RM-1063, RM-1064), Lumia 640 XL LTE Dual SIM (RM-1096), Lumia 735 (RM-1039, RM-1041, RM-1078), Lumia 735 4G (RM-1038), Lumia 950 (RM-1104, RM-1105), Lumia 950 Dual SIM (RM-1118), Lumia 950 XL (RM-1085), Lumia 950 XL Dual SIM (RM-1116)
Nokia (24) Lumia 1520 (RM-937, RM-938, RM-939, RM-940), Lumia 530 (RM-1017, RM-1018), Lumia 530 Dual SIM (RM-1019, RM-1020), Lumia 630 (RM-976, RM-977), Lumia 630 Dual SIM (RM-978, RM-979), Lumia 635 (RM-974, RM-975), Lumia 636 (RM-1027), Lumia 638 (RM-1010), Lumia 730 Dual SIM (RM-1040), Lumia 830 (RM-1049, RM-983, RM-984, RM-985), Lumia 929 Icon (RM-927), Lumia 930 (RM-1045, RM-1087)

Approach to the Hidden Data in ‘Samsung Secure Folder’ with MD-NEXT  

Why forensic investigators must keep their eye on the Samsung Secure Folder? Like the word ‘Secure Folder’, Samsung Secure Folder is separated from the normal storage space and encrypted based on Samsung’s security technology ‘Knox’. PIN/pattern/password or biometric verification is required to access the secure folder. The data in the secure folder is not accessible from outside and is not visible even when the device is connected to the PC. This means, personal or confidential data can be stored in Samsung Secure Folder, and this can be the core data for your forensic investigation. Today we introduce how MD-NEXT can help you to approach Samsung Secure Folder with various methods by models, MD-NEXT will support Android version 11 soon, and you’ll get more meaningful data!

*’The ‘Knox’ space manages the entire space variably just like many apps manage data in their DB. And when data is deleted from the Knox, it is returned to the non-allocated area of the basic storage space, therefore, ‘Logical Extraction’ is carried out in file unit.

 

MD-NEXT Extraction methods by Models

  • Galaxy A5/S7/S8/S9/Note8/Note9 Series (Exynos & Qualcomm)

If the Android security patch level is before August 2019, you can obtain the security folder using the ADB Pro T4 method. The USERDATA partition is acquired as a physical image, and additionally, the files stored in the secure folder are decrypted and acquired as a separate logical image.

 

  • Galaxy A6/A7/S9/J6/Note9 Series (Exynos)

If the Android OS version is 10, you can obtain the secure folder using the Bootloader Pro method. Like the ADB Pro T4 method, the USERDATA partition is acquired as a physical image, and additionally, the files stored in the secure folder are decrypted and acquired as a separate logical image.

 

  • Galaxy A30/A40/A50/S10/Note10 Series + Galaxy Tab A 10.1 Series (Exynos)

Samsung Galaxy S10 and Note 10 series of devices and some A series of devices, you can obtain a secure folder by using the Full Filesystem (Bootloader Pro2) method (Supports both Android 9,10 and 11). When acquiring the active files of the USERDATA partition, the files stored in the secure folder are decrypted and acquired as a single logical image.

 

How to Review Data?

The data in the secure folder is acquired as a separate logical image from the physical image of the USERDATA partition. The file naming scheme for logical images has been changed in MD-NEXT version 1.89.5(Released date Jul.15, 2020), so the file name may differ depending on the version. Information on the file name and extension of the acquired images can be checked in the acquisition report.

Download PDF_MD-NEXT – Samsung Secure Folder

‘MD-LIVE’ New features to Save your Onsite Investigation Time

‘MD-LIVE’ New features to Save your Onsite Investigation Time

Whenever to access the evidence phone at the crime scene, you may always suffer from insufficient time and its complicated steps to use the mobile forensic tool. The search on the apps to watch and the pinpoint of the keywords from the piles of text messages are getting crucial for the first responders. MD-LIVE has armed itself with two useful features to save the investigation time and to meet these needs for smartphone forensics.

 

  1. ‘Keyword’

The keywords that are frequently searched such as drug, sexual assault, murder cases can be grouped and registered by category. Users can select a category that matches the case, it can save much time from repetitive searching keyword routine and prevent missing important search terms. Moreover, user can continuously update the keyword list and share with their colleagues by Import/Export feature.

–                How to register keywords?

Click the ‘Keyword’ icon in the upper right corner of MD-LIVE. Enter the keyword group name in ‘Name’ and list the search terms to be included in the ‘keyword’, separated by ‘;’, and click the ‘Add keyword’ button.

 –                How to search with keywords?

Select the target you want to search from the list of registered keywords and click the ‘Search by selected keyword’. Then MD-LIVE performs a multi-search on the targets registered in the keyword group.

 

  1. ‘Watch List’

If there are apps to be scanned every time or need to quickly scan a specific list of apps according to your institution’s needs, ‘Watch List’ is a preferentially considerable feature. This supports you to easily determine whether a specific app is installed in the device in advance. By selecting a forensic target at a time, it saves you a lot of time from searching multiple apps each time and selecting them as targets. And once app scanning is completed you can quickly determine whether an in-depth forensic investigation is needed on the specific target.

–                How to use Watch List feature?

Connect the device and operate Watch List feature on the [Select Data] step. Target apps can be added by right-clicking on the desired app and the list of apps can be managed by ‘Manage Watch List’ at the top right of MD-LIVE. Select ‘Manage Watch List’ and add the package name of the app you want to specify.

An eye-shaped badge will be displayed next to the app, and you can easily review all the listed apps through the ‘Watch List’ filter and select them as an extraction target at once.

 

 

Introduction of MD-VIDEO(Episode 4)_How to Improve Video and Image?

You may have some experience of having trouble acquiring data from unclear video evidence.

In this video, you can learn how to enhance video and image using MD-VIDEO.

Even the video you are investigating is blurry, shaky, dark, small, MD-VIDEO can improve and secure better visibility with various enhancement features.’

 

Part 1. Basic Enhancement

Part 2. Advanced Enhancement -Rotation/Super resolution/Motion Deblur/Perspective Transformation

Part 3. Review Enhancement Results

 

 

Learn more about MD-VIDEO, and get more forensically meaningful data!

If you need any support, feel free to contact our team.

sales@gmdsoft.com

2021 1Q MD-Series Product Highlights

MD-NEXT v1.89.13 – v1.89.18

iOS Full Filesystem​(Checkm8) – Improved and supports iPhone 6 (iOS 12.X), version: iOS ~14.5.
MTP extraction – Supports pop-up guidance to extract media files not accessible by ADB from Android 11.
Major Apps selection – Improved to select major apps from supported apps list.
FAQ – Added New Troubleshooting guide (FAQ) feature.

 

MD-RED v3.7.12 – v3.7.22

Filesystem – Supports mounting of the MTP image on the Android Live image extracted from the same Samsung device.
DB Viewer – Supports Base64 string decoding and BLOB data interpretation that stored in SQLite DB.
Report – Added ‘Information file(.pdf)’ while ‘Imaging analysis result files’ and ‘Verify Image’ menu.

 

MD-LIVE v3.3.20 – v3.4.0

Keyword – Added ‘Keyword’ feature for managing keywords set and multiple searches.
Analysis result – Improved check-reaction performance of analysis results.
HashSet – Added search button for new search even after analysis is completed.

 

MD-VIDEO v3.5.0 – v3.5.2

OCR – Support for timestamp and channel number in each video frame.
Media enhancement – Various functions to zoom in and out of frame.
New DVR model support – COMMAX/Swann/EGPIS/Q-SEE/S-1/Honeywell (HRHQ-1040L) – Hikvision FS/Zmodo(ZMD-DT-SIL4) – EXT2/IDIS

 

MD-CLOUD v1.5.0

Extraction – Supports Google calendar extraction by credentials which is extracted from MD-RED and multiple google accounts saved in credential.
Data Viewer – Added a video viewer.
Analysis – Improved data control performance of big amount of data and selection speed.

 

Check the major features of MD-Series released in 1Q 2020, if you would like to know more go download PDF file.

Download PDF

Introduction of MD-VIDEO(Episode3)_How to recover files and frames?

Have you got any trouble finding the meaningful videos or frames from the evidence case?
Watch the video, and find how MD-VIDEO recovers damaged files and frames.
– How to recover files
– How to recover frames
– Create a video with recovered frames
If you want to learn more about MD-VIDEO, feel free the contact our team.

Introduction of MD-VIDEO(Episode2)_How to review the analyzed result?

In this video, we introduce how MD-VIDEO displays the analyzed result and how you can use various features to review multiple videos efficiently.
And for those whom are interested in MD-VIDEO, please send us your inquiry for the trial.
Don’t miss the next episode, we’ll share how you can recover the damaged videos!
If you want to know more about MD-VIDEO, please contact us!
sales@gmdsoft.com

Introduction of MD-VIDEO(Episode1)_How to select and analyze video data?

Replay, Recover, Enhance, Analyze. The Completion of Video Forensics.

In this video we introduce how MD-VIDEO operates to select and analyze various type of video files.

Find the tutorial video below and don’t miss our next How-to episode!

If you have any further inquiry, please contact our team.