This white paper provides a technical explanation of WhatsApp’s encryption system, major features of WhatsApp that
needs advanced research and how those data can be recovered/decrypted and viewed by MD-RED.
If you want to have full version of our research on WhatsApp send us your inquiry!
Check the major features of MD-Series released in 2Q 2020, if you would like to know more go download PDF file.
MD-NEXT v1.88.1-1.89.4
MD-RED v3.5.3-3.6.8
MD-LIVE v3.3.10-3.3.14
MD-VIDEO v3.1.0-3.2.0
MD-CLOUD v1.3.0
Download PDF File – Releasenote 2Q 2020 Final
Check the major features of MD-Series released in 1Q 2020, if you would like to know more go download PDF file.
MD-NEXT -v1.88.0
Screen Unlock and physical extraction methods for Android devices and Full Filesystem extraction for iOS have released. These features will allow users to access and extract more data from a wide range of Android devices, devices with MediaTek chipset, and Samsung Secure Folder.
MD-RED v3.4.17-3.5.2
Filters for multimedia are supported; ‘Attribute Filter’ and ‘Path Filter’. These new filters allow users to investigate more time efficiently by filtering the multimedia data by its’ type and path.
MD-LIVE v3.3.3-3.3.9
Hash verification and app downgrade extraction support for Android are released in MD-LIVE. Hash verification feature will allow users to manage criminal evidence-related file list via hash and quickly find harmful files during the analysis process.
MD-VIDEO v2.10.0-3.0.0
TAT32, WFS0.4 fllesystem analysis is available for MD-VIDEO, and ‘Region Filter’ and ‘Time Filter’ are added in MD-VIDEO AI analysis.
MD-CLOUD v1.2.0
Cloud data from GoogleHome and SamsungThings are supported. Users can extract and analyze IoT Device information and activity data from those sources.
Download PDF File – Releasenote_1Q_2020_Final
‘175 Zettabytes’, this is the number of data IDC estimates will be generated annually by 2025, and among those numbers, the cloud traffic is expected to grow and reach ‘18.9 Zettabytes’ by 2021.
This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies, IoT devices including sensors in our bodies, homes, factories, and cities, creating high-resolution content for 360 video and augmented reality and 5G communications globally.
As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators. Cloud forensics is no more optional but an essential solution since many law enforcement professionals work on the cases with devices with deleted data, which needs further investigation on the backup data. Plus, there is tremendous growing number of smartphones, IoT devices, automobile and many more smart things which stores the whole data only stored in cloud services.
This article is to introduce cloud forensic solution of GMDSOFT, a step by step guide about data extraction and data view using MD-CLOUD. Various cloud and email services are supported, and data stored in social networking services such as Twitter, Facebook, Tumblr can be extracted by MD-CLOUD.
MD-CLOUD Overview
Product Highlights– Supports extraction from global cloud services such as Google and iCloud – Supports extraction of Cloud-based IoT device data – Supports extraction from cloud services based in East Asia, such as Baidu and Naver Cloud – Authenticates via ID and password, two-factor authentication, Captcha, and token credential information found locally on smartphone images, such as iOS Keychain – Includes automated web scraping tool for recursively capturing public webpages – Provides automatic evidence-tagging feature for intuitive searching – Natively integrates with MD-RED
Key FeaturesSupports a wide variety of cloud services Google, iCloud, Samsung Cloud, Naver Cloud, Evernote, One Drive, Baidu Supports email extraction POP3 and IMAP, as well as specific support for Gmail and Naver Mail Supports extraction from social media services Current support for Twitter and Tumblr, with Facebook support under active development Specializes in East Asian cloud services Baidu Cloud in China Naver Cloud in South Korea Acquisition of cloud-based IoT device data IoT data extraction from AI Speakers and Smart Home equipment Supports authentication via both public and unofficial APIs Supports various authentication methods ID and Password Captcha image tests Two-Factor Authentication messages Credential data pulled from smartphone dump images (such as iOS Keychain) Provides automated web capture feature Automated web-crawler capable of recursively extracting from a target web page Real-time extraction progress monitoring Displays the progress of ongoing extraction jobs in real time, from zero to one hundred percent User-friendly interface Features a simple, intuitive, and effective user experience that warrants little training Native MD-RED integration Imports credential information found in suspect smartphone images that have been analyzed in MD-RED Intuitive ‘Evidence Tagging’ based search feature Automatically tags and categorizes data as it’s extracted from the cloud so that it can be quickly searched, grouped, and organized. Built-In data preview Supports previewing any selected image, video, document, web page, email, and many more Supports filtering by date range and file type Allows users to limit the results of their analysis only to the time period and file types relevant to their case Hash based data integrity assurance Guarantees the integrity of the evidence data through powerful hash algorithms such as MD5 and SHA256 Report generation Provides simple-yet-powerful report generation tool that supports both PDF and Excel formats Here comes also simple but useful guide on MD-CLOUD for those investigators who would like to maximize their digital forensic skills and be prepared for the cloud data Tsunami. |
MD-CLOUD can access cloud services in several ways, specific services may ask the user to complete an additional verification process such as a Captcha entry or Two-factor authentication process. To start new cloud data acquisition, select ‘New Case’ and set the case name and its’ path. This time we’ll try accessing using credential information.
Various services such as Cloud, Email, SNS, IoT devices are supported by MD-CLOUD and those are displayed and categorized by types.
In this sample case we will try extracting data from Google. Select Google icon on the left side of the screen, and with the checkboxes user can perform selective data extraction. Date range and extraction type can be set before proceeding the extraction process, then the result data will be collected on the extraction filter conditions. Furthermore, even after the extraction is completed additional data sources can be added to the existing case without having to create a new case.
Once you start the extraction a Summary View will appear and display the progress of ongoing
extractions and some other miscellaneous information.
Displays contact information such as Contact Name, Nick Name, Contact Numbers, Email Address, Address, Profile, Birthdays, etc.
Event data such as Birthdays, Shopping, Meeting, Driving, Celebrations, Conference, Seminar, and other events.
Displays notes collected from Cloud services such as iCloud Notes, Evernotes, etc.
Email View allows users to apply to group and sort based on Date, Subject, From, Credential, etc. Email items can be searched by using the inline search box.
Posts, multimedia, files and other information extracted from Social Network Services such as Twitter, Facebook, etc. are displayed here.
Contents that have been extracted through data crawling on the provided links and their sublinks will be displayed in the Web (Web Capture) View. Multimedia, Posts and other public contents can be extracted from some sites like Facebook, Instagram, LinkedIn or any other webpages. It displays the below information.
Displays the data from every category and arranges them by the Date(Default), Subject, Content, Type or Credential.
When searching keys from anywhere in the entire application, those search keys are maintained in the Search View. Double-clicking on the search key, you can see a list of the search results.
After the data extraction, user can generate a PDF report of that particular case which will display all the information of the extracted files and thumbnails of multimedia data. Below we have attached the screenshot of extraction report for Google Home.
The call for MD-CLOUD will gradually increase as it has great practical value and importance as a complimentary data acquisition tool that can investigate mobile data backup and new data stored only in cloud storage. Our effort to add various data extraction sources and product advancement on MD-CLOUD will continue.
If you are interested in cloud forensics and want to learn more about MD-CLOUD, please check the product specification from the below link and reach our team via sales@gmdsoft..com
Rapidly growing needs of securing a safe environment, ‘Digital surveillance systems’ are everywhere. Hence, a significant number of new surveillance systems being installed each year, and the importance of acquiring data from these digital devices is being emphasized worldwide.
According to the recent article states that the number of surveillance videos recovered jumped 66% between 2017 and 2018. This proves and explains the video data is becoming critical more and more. Therefore, the solution to acquire these data complying with the digital forensic regulation shall give a great benefit to law enforcement.
To investigate the epic scale of digital video data, supporting various media format is one of the top priority features for video forensic solution to secure. MD-VIDEO supports video taken from the global manufacturers’ IP-CCTV, Car dashboard camera, Smartphone, Desktop, Camera, Camcorder, Drone and Wearable device. Moreover, various DVR manufacturer’s filesystem such as HikVision, Dahua, Zhiling, Samsung, Bosch, Honeywell, Sony, and Panasonic are supported.
We are excited to introduce our video recovery solution ‘MD-VIDEO’, check the below acquisition and recovery sequences of Car Dashboard Camera. If you are seeking for ease of use tool and have dramatically improved digital video investigation, MD-VIDEO is a proved successful choice!
You can select the recovery target among three options, Storage, Image and Damaged file. We will select ‘Image’ option to recover video data from acquired disk image. GMDSOFT
You’ll get to the Directory exploring screen. If you click ‘Open’ button, the target image file will be shown based on the extension type such as mdf, bin and E01.
Once the image file is selected, a name, size and file system for the image file will be identified in the attribute tab.
MD-VIDEO will show you the file signature and codec which are identified from the filesystem. If the file or codec is not recognized, it’ll be labelled as ‘Unknown’. On this sequence we will select ‘Skip Recovery’ option.
You can access the directory of disk images through ‘Filesystem’ and check the file status via ‘File viewer’.
The Audio and Video speed can be controlled and Viewer size can be adjusted.
In ‘Analysis Results’ section, you can see recognized video files by format. You can select all of the sorted video files or individually.
Also, in the media viewer section, there is several tabs that helps user to recognize file specifications such as “Attribute”, “Data”, “Leave Comments” and “Custom”. On the “Attribute”, there is file information and file hex value appears on the “Data” tab. Also, user can easily leave comment to log description for the file. On top of that, custom codec can be imported on the “Custom” tab.
Also, there are ‘Export function.’ With this function, there are 2 ways to exporting. One is ‘Export File’ to export the file from the filesystem to the location set by user. It will also provide converting function as you can see in the figure. The other one is ‘Export Report’ to make report as PDF or XLSX format for guaranteeing integrity as evidence. Also, you can decide how to design the report. We choose the default way to export report.
The result is shown in figure. Firstly, MD-VIDEO will make cover page of report. Secondly, there will be the table of contents of report. As last, it will show about the video which we analyze in MD-VIDEO. Each video have the hash values to guarantee these video have integrity
To recover video data from damaged file, you can select third option ‘Damaged File’.
With those buttons, you can put files or folders to recover the video from. We put a damaged file named ‘2017_09_04_07h_27m_42s_F_event_Broken.avi.’
Once you put a file, MD-VIDEO will automatically scan the file and show these results, file signature and codec in the file. Due to the file is damaged, there was no file signature and codec identified from this file. To see ‘frame recovery function,’ we will skip recovery in this process.
So, the damaged video will be recovered by MD-VIDEO’s frame recovery function. To recover with frame, select the files which need recovery and have to click “Recovery” button on the left side. After option screen pops up, you can select ‘Frame Recovery’ menu. Also, to get precise recovery result, you have to know specific codec of video file. In this case, the codec was identified as ‘H.264’ based on other active video files’ codec.
After select codec, MD-VIDEO starts the frame recovery process
After ‘frame recovery’, list of recovered frames will appear as ‘Analysis Results. Based on the extracted frames appeared above, MD-VIDEO can recrate video.
MD-NEXT has export function for both source-result files and report. With export function, you can convert recovered frames to video formats. Also, you can still export each of recovered frames to photo file, even for sound formats.
In case of report generation, the generated reports contain about the case and evidence information. For strong integrity, MD-NEXT calculates each of hash value for the extracted frames and the hash value data is also contained into the report.
Product Document Inquiry
Please submit your information to get the documents.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
Your inquiry is submitted,
our team will get back to you shortly!
