Whitepaper – Data extraction and analysis of Samsung Secure Folder

Data extraction and analysis of Samsung Secure Folder

 

Secure Folder is a separate storage space within the device, protected by ‘Knox’—a security technology of Samsung.

By keeping sensitive data or personal contents and apps in Secure Folder, users can protect one’s personal data from being unintentionally exposed by external factors(e.g., attacks from malicious apps).

 

This whitepaper deals with data extraction and analysis of Samsung Secure Folder. Learn the extraction methods of Samsung Secure Folder which varies with the model, OS version, and security patch level by MD-NEXT. Find out how you can discover meaningful data from the analyzed result by MD-RED.

Submit Inquiry

2021 Review – MD-Series Release Note Highlights

Go check how MD-Series got new and improved features in 2021.
If you want to read the full version of 2021 Release Note Highlights, download the PDF below!

 

MD-NEXT v1.89.13-v1.90.17

Supports 1,500 new models and updated 261 models. Supports 66 downgrade apps

 

MD-RED v3.7.23-v3.8.9

Supports 74 new apps and updated 190 apps (Android)

Supports 50 new apps and updated 141 apps (iOS)

 

MD-LIVE v3.3.20-v3.4.12

 

MD-VIDEO v3.4.0-v3.9.0

Supports 29 new models – DVR (16), NVR (8), Dashcam (5)

 

MD-CLOUD v1.4.0-v1.8.1

Supports 23 cloud-based services – Cloud drive (9), Email (4), SNS (3), IoT (2)

 

MD-DRONE (v.1.0.0)

Supports 23 new models – Manufacturers (7), Extraction sources (5)

 

 

2021 Review - MD-Series Release Note Highlights

2021 4Q MD-Series Release note highlights

Check the major features of MD-Series released in 2021 4Q, if you would like to know more go download the PDF file.

 

MD-NEXT v1.90.12 ~ v1.90.17

  • Bootloader supports extraction of feature phone which based Spreadtrum Chipset.
  • Android Full Filesystem extraction supports 21 models (Exynos) of Galaxy Note20, S20, S21 Series.
  • Improved Android Live extraction for Huawei Harmony OS 2.0.
  • Improved Downgrade app restore process of application that installed by ‘Stub’ version.
  • Improved manufacturer backup for Android 10 or higher version of devices.
  • Added ‘Realme’ for the ‘manufacturer backup’ feature when creating an MDF.
  • Updated MediaTek driver pack.
  • Supports 1,019 new models and updated 92 models.

MD-RED v3.7.49 ~ v3.8.9

  • Supports new features in iOS 15 – Video/Photo meta information, Message effects, Memories in Photos.
  • Supports Huawei Harmony OS 2.0.
  • Supports iOS Skype Multi-account.
  • Supports 21 new apps and updated 47 apps (Android).
  • Supports 14 new apps and updated 39 apps (iOS). 

MD-LIVE v3.4.8 ∼ v3.4.12

  • Supports user-defined filter of App list.
  • Added audio sync control function for recorded video play during the recording investigation process.
  • Improved App Downgrade and Restoring process.
  • Manufacturer backup for Android 10 or later version.
  • Enhanced iOS 15 analysis – Health, Memo, Reminders, Safari
  • Added ‘Export Multimedia Only’ option as user’s selection.

MD-VIDEO v3.8.0 v3.9.0

  • Supports image quality enhancement that overlying selected frames from the consecutive frames.
  • Added Image Filter – Color ‘Auto’ option, and ‘Opacity’.
  • Added Lens Distortion Correction – Adjust radial or tangential distorted frame.
  • Added Deinterlacing – Reconverts odd lines or even lines of interlaced video.
  • Added Deblurring – Recovers a sharp image from a blurred image.

MD-CLOUD v1.8.0 v1.8.1

  • Improved Google Drive analysis – Description, Owner, Deleted/Shared information.
Download PDF

Empower Your On-Site Investigation with MD-LIVE

Whenever to access the evidence phone at the crime scene, you may always suffer from insufficient time and its complicated steps to use the mobile forensic tool.
MD-LIVE has armed itself with various useful features to save the investigation time and to meet these needs for smartphone forensics.
Go check the features and find out how you can empower your investigation with MD-LIVE.

Check our YouTube channel and catch up with our latest product videos!

 

White paper – ‘Factory Reset(iOS, Android)’

In this whitepaper, you can find the definition of Factory Reset, how its method differs by OS and device environment, and why mobile forensic investigators should understand important meanings of Factory Reset, and lastly how MD-RED analyzes the log of Factory Reset.

This is the preview version of the white paper, and if you want to find out the full version please contact our team. 

sales@gmdsoft.com

 

Submit Inquiry

Report and Media Exportation with MD-VIDEO

This is the last episode of the how-to video of MD-VIDEO.

You can learn how to export reports and media from MD-VIDEO.

 

Part1. Generating reports

Part2. Reviewing the data in the report

Part3. Exporting media

 

If you want to know more about our product, feel free to contact our team!

sales@gmdsoft.com

3Q 2021 MD-Series Release Note Highlights

MD-NEXT v1.90.3 ~ v1.90.11

  • Android Full Filesystem extraction for Android 11 Galaxy A series – Supports A10, A11, A30, A40, A50, Jean2, Wide4 series.
  • Increased iOS FFS extraction success ratio by improving the stability of Checkm8 method
  • Supports ‘Before First Unlock(BFU)’ extraction process when screen lock can’t be unlocked.
  • Supports HiSuite backup protocol for the devices with Android 10 or higher versions
  • Improved App Downgrade and Restoring process for Samsung Android version 11 or above

 

MD-RED v3.7.37 ~ v3.7.48

  • Supports analysis of Recycle Bin in Samsung devices with Android 11
  • Nokia feature phone analysis: TA-1017, TA-1034
  • Improved metadata analysis of image/video – MD-RED displays the time zone information next to the date/time
  • Supports ‘Unclassified file’ artifacts
  • Supports batch checking of related chat room/contact from the analysis results

 

MD-LIVE v3.4.4 ∼ v3.4.7 

  • Supports Video/Audio recording by HDMI capture card
  • Supports DB Report (SQLite)
  • Supports HiSuite backup protocol for the devices with Android 10 or higher versions
  • Added Keywords Search by Regular Expression

 

MD-VIDEO v3.7.0 v3.7.2

  • Supports video recovery from the file slack area of FAT32-based format free filesystem
  • Supports automatic detection of bounding box of each digit in the selected area
  • Improvements of MD-VIDEO AI – Timeline UI/UX, Added SRGAN model for super-resolution, Number Plate Analysis, Viewer UI, Comments UI
  • Added new models – DVR(5), Dashcam(5)

-DVR: Hanwha Techwin (XRN-1610A), ITX Security (UTM5HGB), NADATEL (AP-0405R), WEBGATE (HAC430F)

-Dashcam: Apeman (C450), COMTEC (ZDR-015), Garmin (66W), KENWOOD (DRV-MR745), Nextbase (622GW)

 

MD-CLOUD v1.7.0

  • Improved analysis of recurring information in Google Calendar
  • Enhanced preview function by adding additional media formats

 

Download the full release note highlights!

Analyze and Review the Data of ‘MeWe’ and ‘Threema’

We’ve been keeping up with the research on the globally rising social media apps, today we’ll introduce MeWe and Threema. MD-RED is supporting data analysis of MeWe Android from MD-RED v3.7.29 and Threema Android, MD-RED v3.7.31. Follow the below article and find out major features and how MD-RED displays the analysis results. 

 

1. MeWe 

 

  • What’s MeWe?

MeWe is the uplifting social network service app with awesome social features people love along with no ads, no targeting, and no newsfeed manipulation.  It has a timeline, groups, pages you can join, friends can make, a built-in messaging tool, and a profile page for users to customize.

 

  • Major features of MeWe and Analysis results of MD-RED

 

 

2. Threema

 

  • What’s Threema?

 

Threema is a paid open-source end-to-end encrypted instant messaging application for iOS and Android. The software is based on privacy by design principles as it does not require a phone number or any other personally identifiable information. Data is stored in an encrypted DB, and more security settings can be added to the settings. Users can do text messaging, make voice, and video calls, send multimedia, locations, voice messages, and files.

 

  • Major features of Threema and Analysis results of MD-RED

 

If you want to read the full article, please download the PDF file.

Analyze and Review the Data of ‘Zepeto’ and ‘Clubhouse’ using MD-RED

Today, Zepeto and Clubhouse are the rising apps, the app user is growing fast, and it’s recognized as a new generation of social media. MD-RED is supporting the data analysis of Zepeto (Android) from v3.7.26, Zepeto (iOS) from v3.7.31, and Clubhouse (iOS) from v3.7.20.  Through this article, you may learn the basic features of Zepeto, Clubhouse, and how MD-RED can analyze and display the data.

 

  • What’s Zepeto

The Zepeto app is a metaverse (virtual platform) of a creative studio developed by Naver Z Corporation. The friends in Zepeto can share a common room and have fun activities by creating 3D avatars with displayed items available in this environment. The pictures and videos taken in the various maps in Zepeto world can be shared through the feed.

– Account information

Account information is displayed in ‘Account’ and you can find out the user’s name, Inner ID, and creation date and time.

– Chat data: Message

Click the speech bubble on the screen to display the chat list. Conversation supports 1:1, group chat and is analyzed as follows. Chat data such as chat room name, chat room ID, group chat status, chat room creation date, participant, chat room creator are analyzed.

In chat rooms, users can send text, images, and video files. MD-RED analyzes and displays those contents as message type, creation date, content, attachment, sender, message ID, chat room.

 

  • What’s Clubhouse

Clubhouse is social audio app which is a voice networking app developed by Alpha Exploration. It’s designed to have audio/voice communication in real-time in the chat room. MD-RED supports Clubhouse (iOS) analysis from v3.7.20, supported targets are the account, contact, and notification message. And a text-based chat room ‘Backchannel’ feature will be supported by MD-RED soon.

 – Account Information

Supports to analyze the Account name, ID, Inner ID, and Profile image.

– Contacts

The information of the chat room participants in the list is displayed in the contact analysis result.

– Alarm message

An alarm message is analyzed and displayed in the message analysis result. This allows us to infer the user’s activity.

 

If you want to read the whole article, download the PDF.

Recognize and Capture the Character using Timestamp/Channel OCR feature in MD-VIDEO

How can Timestamp/Channel OCR feature support video forensic investigators? In the situation of the time information of a file in the filesystem is damaged or there is no time/channel information in the recovered frame, OCR can be very useful. Follow the below article and find out how MD-VIDEO recognizes and captures the time and channel information displayed on the frame using the OCR feature.

 

How to operate Timestamp/Channel OCR feature?
Check the target to be analyzed and click Time/Channel OCR from the menu. Select the Range of the target and drag to include the Time or Channel information on the frame.
After selecting the range, set the timestamp format accordingly, if you don’t see the matching timestamp format, select ‘Custom template’ and make a new one.

 

Review the Timestamp/Channel OCR analysis results
The OCR analysis results are displayed in OCR Timestamp and OCR Channel. If the OCR result is not correct, it can be modified by entering a value in the Attribute tab.

 

Download PDF – Timestamp,Channel OCR feature in MD-VIDEO