Mobius Forensic Toolkit v2.12 released

This release adds a new C++ extension called app-shareaza that decodes the following Shareaza control files:

• Profile.xml
• Library1.dat
• Library2.dat
• Library.dat
• Searches.dat
• Shareaza.db3
• *.sd files

The app-shareaza C++ extension builds a unified data model using all the files listed above to retrieve the following evidences:

• Autofill data
• Local Files
• P2P Remote Files
• Received Files
• Searched Texts
• Sent Files
• Shared Files
• User Accounts

Click here for a complete list of supported evidence types

Mobius Forensic Toolkit v2.11 released

• Added new C++ extension app-emuletorrent that retrieves evidences from Emule Torrent application control files
• Added new UI widget: mobius.ui.button
• Added new UI widget: mobius.ui.window
• ant.evidence.ufdr retrieves file hashes from chat message attachments
• Evidence Viewer: Added new details panel to show evidence hashes

Mobius Forensic Toolkit v2.10 released

• Added new evidence type: Credit Card
• Added new evidence type: P2P Remote Files
• ant.evidence.ufdr retrieves Credit Card info from Cellebrite's UFDR files
• app-ares decodes torrenth.dat files
• app-ares decodes tempdl/pbthash_*.dat files
• app-ares decodes tempul/UDPPHash_*.dat files
• app-ares retrieves sent files and P2P remote files

Click here for a complete list of supported evidence types

Mobius Forensic Toolkit v2.9 released

This release adds a new C++ extension called app-ares that decodes the following Ares Galaxy's control files:

• ShareH.dat
• ShareL.dat
• PHashIdx.dat
• ___ARESTRA___*.*
• TempDL/PHash_*.dat

app-ares C++ extension builds a unified data model using all the files listed above and it uses this model to retrieve the following evidences:

• Autofill data
• Local Files
• Received Files
• Shared Files
• User Accounts

Click here for a complete list of supported evidence types

Mobius Forensic Toolkit v2.8 released

• ant.evidence.ufdr retrieves Contacts from Cellebrite's UFDR files
• ant.evidence.ufdr retrieves Passwords from Cellebrite's UFDR files
• ant.evidence.ufdr retrieves Encryption Keys from Cellebrite's UFDR files
• ant.evidence.ufdr retrieves Crypto Wallets from Cellebrite's UFDR files

Click here for a complete list of supported evidence types

Mobius Forensic Toolkit v2.7 released

• mobius.ui: New widgets: label, box, container, and stacked_container
• datasource.ufdr.parser: Added support for metadata section "Extraction Data"
• evidence-viewer: A simplified navigation panel has been implemented
• evidence-viewer: DND generates bookmarks to evidences

Mobius Forensic Toolkit v2.6 released

• Added new evidence type: Wireless Connection
• Added new evidence type: Wireless Network (click here for a complete list of supported evidence types)
• Fixed bugs in datasource-vfs module
• Source code of the extensions are more easily available now. Take a look into the src/extensions distribution directory

Mobius Forensic Toolkit v2.5 released

This release adds support for Cellebrite's UFDR report files. Now, you can set a UFDR datasource, you can have access to the evidences available in UFDR report files, and you can process UFDR files using IPED, through the iped-frontend extension.

Mobius Forensic Toolkit v2.4 released

• Added new evidence type: Installed Programs
• ant.ip_addresses: Changed to retrieve external IP addresses from HTTP cookies
• ant.accounts: Added support for Ares Galaxy user accounts
• ant.autofill: Added support for Ares Galaxy's search history
• >evidence-viewer: Changed to use evidence model to define evidences being shown

Mobius Forensic Toolkit v2.3 released

• Added new module app.itubego to retrieve artifacts from iTubeGo app
• ant.text_autocomplete: Added support for iTubeGo URL history entries
• ant.received_files: Added support for iTubeGo download history
• ant.cookies: Changed to automatically decrypt "v10" encrypted cookies
• app.chromium: Changed to retrieve cookies from Network/Cookies files
• Added support for libgcrypt message digest algorithms in class crypt::hash
• Added support for libgcrypt HMAC algorithms in class crypt::hmac

Mobius Forensic Toolkit v2.2 released

• ant.turing automatically decrypts "v10" passwords from newest Chromium based browsers
• ant.trash_can_entries retrieves data from deleted $I entries
• Libmobius: Class crypt::cipher_impl_gcrypt adds support for libgcrypt ciphers
• Libmobius: Added support for ciphers Idea, Cast5, Twofish, Serpent, Seed, Camellia, Salsa, Gost28147, Chacha20 and SM4
• Libmobius: Added support for cipher modes CTR, CBC-CTS, GCM, and OFB

Mobius Forensic Toolkit v2.1 released

• VFS: New extension vfs.block.bitlocker adds support for Bitlocker Volumes. It detect, decode and retrieve metadata from Bitlocker Volumes, including protectors info.
• VFS: New extension vfs-block-view-bitlocker is the counterpart to the vfs.block.bitlocker extension. It shows Bitlocker Volume protectors, replacing the bdeinfo tool.
• VFS: Fixed decoding of DOS extended partitions.
• VFS: Fixed detection of FAT16 filesystems.
• app.chromium: Better automatic datetime conversion, that handles all known versions date/time values.
• ant.accounts: Changed to retrieve Login Data from Chromium based browsers.

Mobius Forensic Toolkit v2.0 released

New module mobius::vfs, implemented in C++, replaces the old item.datasource structure. This development is an important milestone for Mobius Forensic Toolkit because:

• mobius::vfs implements a very powerful data block detection and decoding framework.
• mobius::vfs is highly modular. You can easily implement new data block detection modules as C++ extensions.
• mobius::vfs data block detection algorithm is fully recursive and support palimpsest structures, such as ISOHybrid disks, detecting multiple block types for each data block found.
• mobius::vfs handles multiblock structures, and as such, is fit for future detection and decoding of RAID, LVM, and Fusion disks, for example.
• mobius::vfs features a full Python C API, under mobius.vfs Python module.
• mobius::vfs shows all data blocks detected and has option to export individual blocks, for use with other tools.

<< older entries