Mobius Forensic Toolkit v2.6 released

• Added new evidence type: Wireless Connection
• Added new evidence type: Wireless Network (click here for a complete list of supported evidence types)
• Fixed bugs in datasource-vfs module
• Source code of the extensions are more easily available now. Take a look into the src/extensions distribution directory

Mobius Forensic Toolkit v2.5 released

This release adds support for Cellebrite's UFDR report files. Now, you can set a UFDR datasource, you can have access to the evidences available in UFDR report files, and you can process UFDR files using IPED, through the iped-frontend extension.

Mobius Forensic Toolkit v2.4 released

• Added new evidence type: Installed Programs
• ant.ip_addresses: Changed to retrieve external IP addresses from HTTP cookies
• ant.accounts: Added support for Ares Galaxy user accounts
• ant.autofill: Added support for Ares Galaxy's search history
• >evidence-viewer: Changed to use evidence model to define evidences being shown

Mobius Forensic Toolkit v2.3 released

• Added new module app.itubego to retrieve artifacts from iTubeGo app
• ant.text_autocomplete: Added support for iTubeGo URL history entries
• ant.received_files: Added support for iTubeGo download history
• ant.cookies: Changed to automatically decrypt "v10" encrypted cookies
• app.chromium: Changed to retrieve cookies from Network/Cookies files
• Added support for libgcrypt message digest algorithms in class crypt::hash
• Added support for libgcrypt HMAC algorithms in class crypt::hmac

Mobius Forensic Toolkit v2.2 released

• ant.turing automatically decrypts "v10" passwords from newest Chromium based browsers
• ant.trash_can_entries retrieves data from deleted $I entries
• Libmobius: Class crypt::cipher_impl_gcrypt adds support for libgcrypt ciphers
• Libmobius: Added support for ciphers Idea, Cast5, Twofish, Serpent, Seed, Camellia, Salsa, Gost28147, Chacha20 and SM4
• Libmobius: Added support for cipher modes CTR, CBC-CTS, GCM, and OFB

Mobius Forensic Toolkit v2.1 released

• VFS: New extension vfs.block.bitlocker adds support for Bitlocker Volumes. It detect, decode and retrieve metadata from Bitlocker Volumes, including protectors info.
• VFS: New extension vfs-block-view-bitlocker is the counterpart to the vfs.block.bitlocker extension. It shows Bitlocker Volume protectors, replacing the bdeinfo tool.
• VFS: Fixed decoding of DOS extended partitions.
• VFS: Fixed detection of FAT16 filesystems.
• app.chromium: Better automatic datetime conversion, that handles all known versions date/time values.
• ant.accounts: Changed to retrieve Login Data from Chromium based browsers.

Mobius Forensic Toolkit v2.0 released

New module mobius::vfs, implemented in C++, replaces the old item.datasource structure. This development is an important milestone for Mobius Forensic Toolkit because:

• mobius::vfs implements a very powerful data block detection and decoding framework.
• mobius::vfs is highly modular. You can easily implement new data block detection modules as C++ extensions.
• mobius::vfs data block detection algorithm is fully recursive and support palimpsest structures, such as ISOHybrid disks, detecting multiple block types for each data block found.
• mobius::vfs handles multiblock structures, and as such, is fit for future detection and decoding of RAID, LVM, and Fusion disks, for example.
• mobius::vfs features a full Python C API, under mobius.vfs Python module.
• mobius::vfs shows all data blocks detected and has option to export individual blocks, for use with other tools.

<< older entries