E3:DS provides everything for mobile forensics
Stop wasting your time with tools that don’t offer everything you need for mobile forensics in a single license. Logical imaging, physical imaging, chip dumps, bypass options, cloud, and App processing together in E3:DS.
E3:DS makes mobile processing Easy and Efficient
The E3 Forensic Platform seamlessly adds a large variety of evidence into a single interface to be able to search, parse, review and report on the digital data from most digital sources.
Mobile processing can be done with multiple devices at one time as well as parsing to make triage and processing seamless.
Apple Device Forensics
Apple has created one of the largest issues when dealing with mobile devices. With difficult blocks on file system access to mass migration to the cloud. When dealing with Apple iOS having a variety of options is key to make sure you get the most data possible.
E3:DS works with logical data from its own acquisition engines as well as the import of data from other popular tools such as Cellebrite. After the device data is brought in the powerful analytic engines in the E3 Forensic Platform go to work to parse Apps, carve data, and OCR the contents.
Apple Keychain Data
When working with Apple data parsing and recovery of the Apple Keychain data is crucial to know that you processed the most data possible from the device. With data such as Wi-Fi access points, website passwords and more having a tool that supports this data makes all the difference.
File System & Jailbreak Support
With data splitting into the Apple iOS file system, you want to ensure your tool has the ability to process that file system and recover the data. E3:DS supports the latest jailbreak options such as Checkra1n and more to be able to provide you the most file system data possible.
Android devices are the most popular device in the world and provide a wealth of digital evidence with their availability under contract or pay-as-you-go. When processing Android devices having an array of techniques to access the variety of devices is needed.
Gaining file system access it the most difficult objective when it comes to processing mobiles. Paraben’s E3:DS has a unique function that allows you to root devices with our internal root system. These options are done as the first line of access with multiple second-tier choices in the Android acquisition process. Triage options for quick access are also part of the Android Imaging process.
Paraben is the only tool that allows you to easily and while in the forensic environment deploy 3rd party rooting tools. The Paraben E3 Root Utility Engine is included with the E3:DS software license and allows quick upload of rooting options from other sources. In addition, the E3:DS software comes with the internal rooting engine that gains access to devices all the way through the latest firmware release. When it comes to rooting it is all about options and those are found in E3:DS.
Within the E3:DS system custom bootloaders are available to be able to bypass protection on certain devices. With the expanding options in mobile forensics being able to have the most choices for access is key to a good toolbox for any lab.
Cloud Forensics on Smartphones
As more of the world’s data moves to the cloud understanding the mobile device access to this data is paramount for doing your investigation. Data can be spread between device storage and cloud storage creating one more step in the process for smartphone forensics.
One of the most popular email tools of it’s time Gmail can also be a huge source of potential digital evidence. With E3:DS you have the ability to recover internal keys from the mobile device on both Android and iOS that allow access to the wealth of information found in the G-Suite.
More devices are connecting every day and understanding the data that is linked from that device to the smartphone is essential in your investigation. The cloud functions in E3:DS allows you to see data from popular IoT devices such as Amazon Alexa (Echo) devices.
The social media wave is here and getting the most accurate data on this evidence is crucial. The E3:DS system can recover available keys from the mobile device to access cloud accounts. In addition, the processing of social media archives from the social media provider is also available in E3:DS.
90% of the time on a smartphone is spent in an App sharing data. This data could be what makes or breaks your case. Being able to look through the data and understand what it can offer to you comes with having a variety of options for that data to be reviewed.
When parsing Apps, it is important to make sure that you not only can see popular Apps but that your searching and scanning capabilities get inside the App data. With E3:DS you can do full-text indexes of data to search including App data as well as OCR the data for the important text that might be missed with other tools.
Putting together a puzzle like that with SQLite App data happens one piece at a time. With the SQLite viewers built-in, you have an easy to navigate the process to find the content. From messages, pictures, user names and more SQLite parsing is an easy to follow the process.
Many Apps offer more than meet the eye and with the E3:DS App access control list you see exactly what an App can and cannot do on a device. Automated malware ranking based on App access control is done within the E3:DS software.
Bypass through Chip Dump
One of the biggest barriers to smartphone forensics is the ability to bypass locks on the device. With increasing issues with firmware locks and protections, new methods need to be employed to be able to capture device data. The Chip Bypass method is the latest method with direct communication to the chip to bypass any protection on the device.
The Spreadtrum chipset is most common in India and full lock bypass options are available in the E3 Forensic Platform to circumvent locks with this acquisition method.
The MediaTek chipset is one of the most common chipsets in the world and is seen often in “burner” devices. Full lock bypass options are available in the E3 Forensic Platform to circumvent locks with this acquisition method.
The EDL chipset is most common in North America and is seen in many of the newer Android devices. Full lock bypass options are available in the E3 Forensic Platform to circumvent locks with this acquisition method.
- E3:DS Feature
- File System Parsing
- Windows Artifact Processing
- Local Email Processing
- Network Email Processing
- Internet Data Processing
- Registry Data
- Mobile Data Imaging (Logical & Physical)
- JTAG & Chip Dump Processing
- Chip Bypass Acquisitions
- Android Root Imaging
- Jailbreak Processing
- Cloud Data Processing (Office365, Amazon Alexa, G-Suite, Twitter)
- IoT Data Processing (DJI Drone, Fitbit, Smartwatches, Xbox)
- 12+ Reporting Options (Localization with Reports)