A toolkit for iOS and Android forensics, the Mobile Verification Tool (MVT) can extract information from a device’s databases to facilitate an investigation. Key features include: decrypting encrypted backups; processing records in various system logs or apps with unparalleled precision through its user interface - which also allows it to be used as part of larger inspection processes such as those conducted during malware analysis sessions where remote wipe capabilities come into play too! It is constantly evolving but some popular examples are extraction of installed applications on suspect devices that may need deletion before they become problematic again along with extracts containing diagnostic data made available over USB cables via adb protocol communication channels between mobile computing products and the investigator’s forensic platform under review. This allows an analyst to better identify and track a device throughout the course of a forensic examination to ensure that resultant reports are as comprehensive as possible in terms of all evidence collected in parallel with collection processes.
“The ability to extract information from a mobile device in a forensically sound manner is not only key when examining potential data but also when using commercial mobile investigation tools.” James Richards
In addition, MVT can also be used for parsing web history logs containing historical location data accessible from third-party apps associated with websites visited along with decoded application receipts containing authentication tokens enabling access to paid-for purchases made within apps installed onto devices being examined. Furthermore, text messages retrieved from the device under scrutiny can be parsed and their text-based contents extracted to facilitate evidentiary review as part of a full examination of a mobile computing product.
Using MVT for this purpose involves first obtaining a binary image dump from a mobile phone, tablet or other mobile computing product running an iOS or Android operating system. This is achieved through one of many commercial tools available on the market today such as Cellebrite’s UFED range that connect directly into the Lightning port on Apple devices if they are unlocked or via USB cables for those that are not. MVT can then be used as part of the forensic review process to acquire data-at-rest stored within the device (and where supported by physical extraction processes, below its surface).