AccessData further expands its forensics reach into mobile devices with MPE+ - The 451 ...

Page 1 of 3

Search
BROWSE >>>

CONTACT US | SITEMAP | CAREERS | APPLY FOR TRIAL ACCESS

You have successfully logged in.

Market Development

AccessData further expands its forensics reach into mobile devices with MPE+

Sectors
Information management > Info retrieval > Ediscovery (110) Security > Other (9) Mobility > Mobile application development > Other (2) All sectors (638)

Analyst: Andrew Hay Date: 3 Sep 2010 Email This Report: to colleagues / to yourself 451 Report Folder: File report View my folder Looking to get a piece of the lucrative mobile forensics market, Lindon, Utah-based AccessData Group has released an update to its Mobile Phone Examiner (MPE) software, including a new self-contained touchscreen tablet. Dubbed the Mobile Phone Examiner Plus (MPE+), the product allows forensic analysts and incident responders to quickly discover and surgically extract forensic artifacts on suspect devices. The 451 take The proliferation of mobile phones has exploded in recent years. As such, consumers, businesses and even criminals have adopted the advanced mobile computing capabilities available to them. As traditional forensics shifts from a stationary workstation-centric world, we feel that embracing mobile forensics is a requirement for any vendor rooted in, or moving into, the forensic and incident-response sector. Although still an outlying subsector, we suspect that as enterprise incident response programs ramp up to include mobile devices, adoption of mobile forensic and incident-response tools will follow suit. Allowing on-the-fly forensic analysis without first having to acquire the entire logical image of the suspect device lets analysts strategically extract important artifacts during timesensitive investigations. This reduces the chance of analysts being caught by the parties being investigated and accelerates the entire investigatory process. One limitation that may complicate widespread adoption is the products' lack of support for physical-data acquisition. Competitors, such as Cellebrite, Guidance Software and others, currently support physical-data acquisition, which is a necessity when corrupted or obfuscated data is located on the suspect device. AccessData's MPE+ product allows forensic investigators and incident responders to perform traditional forensic acquisition as they would on a physical workstation. MPE+ is available as a software-only package requiring a Forensic Tool Kit (FTK) version 3 virtual or physical dongle or bundled as a rugged Windows XP embedded tablet. Although the product supports more than 1,200 different phones, MPE+ does not currently support the popular Apple iOS-, Google Android- or Microsoft Windows Mobile-based devices. The company admits that this support is coming for additional 'smart' mobile devices, which we feel will likely be needed for continued adoption of MPE+ by law enforcement, military and enterprise forensic analysis. Although pricing has not been finalized for the MPE+ software and tablet, the company states that an upgrade from the original MPE will cost roughly $840, including the product's annual maintenance fee. Cables for mobile acquisition are included with the tablet version of MPE+, but are also available for purchase, at a cost of $300, to allow owners of the software-only edition to acquire mobile device data. Although the traditional FTK interface is what most forensic analysts who use AccessData's products are comfortable with, the company was careful not to shoehorn its workstationoriented application onto a tablet. The company states that the MPE+ interface was purposebuilt, and as such, it presents users with a more mobile-device-focused investigatory experience. Where MPE+ excels is in its ability to immediately view data on the suspect device when leveraging the company's embedded tablet. Traditionally, a full image of a mobile device was required to perform a detailed forensic investigation and retrieve call history, messages, photos, voice recordings, video files, calendars, tasks and other artifacts. MPE+, however, allows the examiner to inspect key forensic artifacts on demand. The device's file system becomes immediately viewable, and its data is parsed within to locate lock codes, digital images and stored files. Leveraging the FTK3

More ESP coverage

Today's MIS/TDM Research

http://www.the451group.com/report_view/report_view.php?entity_id=64148&source=daily... 9/3/2010

AccessData further expands its forensics reach into mobile devices with MPE+ - The 451 ... Page 2 of 3

imager engine and framework, forensic data can be selectively extracted and sorted to help build a timeline of events to help reconstruct the incident. Images of the mobile devices, stored in AD1 forensic containers, can be imported back into the MPE+ for detailed analysis and artifact extraction as if the physical device was still connected. Although the tablet is optional, we feel that incident responders who float from incident to incident would likely find the portable unit indispensible for short-notice triage examinations. AccessData utilizes several popular libraries for its access to mobile devices, including technology licensed from COMPELSON Laboratories. The company admits, however, that it will likely be unable to keep pace with the mobile market. AccessData instead relies on its network of users, partners and instructors in the field to help define the support roadmap for its MPE+ platform. Competition AccessData is playing in a relatively new subsector of traditional computer-based forensics. With somewhere in the neighborhood of 3.5 billion mobile devices in the world (300 million in the United States alone), there is sure to be fierce competition from rivals. Guidance Software's EnCase Neutrino is designed for law enforcement and security analysts who need to collect and analyze device settings, contacts, call logs, messages, calendars and other files stored on mobile devices. Cellebrite has its Universal Forensics Extraction Device (UFED), which supports the logical extraction of forensic information from more than 9,000 devices, and physical extraction from more than 900 devices. Paraben has several products aimed at mobile-device acquisition, triage and in-depth forensics. Its Device Seizure product supports a wide variety of mobile products, including over 2,200 phones, PDAs and GPS devices. Susteen's SecureView for Forensics is a hardware and software solution that claims to support the logical extraction of over 2,200 mobile devices. The company also boasts a Secure View Mobile product that provides standalone mobile forensics with a touchscreen portable form factor for over 800 mobile device types. Logicube's CellDEK and CellDEK TEK products support over 1,700 mobile devices, including those from Apple, Nokia, Garmin and others. The CellDEK software automatically performs forensic extraction of data. Micro Systemation's XRAY product supports the logical data extraction from roughly 1,450 devices, and physical extraction from more than 400. Oxygen Software Company's Oxygen Forensic Suite supports more than 1,650 GSM, CDMA and legacy D-AMPS-based devices, including Symbian OS, Windows Mobile, BlackBerry, Android and Apple smartphones. Direct Hit Systems' THREADS was designed to determine the organizational structures of gangs, narcotics groups and terrorist cells using its proprietary 'temporal analysis' probability-focused mobile analytics. The company also has an automated importer for the Cellebrite UFED. Envisage Systems, Radio Tactics, FINALDATA and Mobile Forensics Inc, in addition to free tools MOBILedit! (COMPELSON Labs), Manifest Explorer (ISEC Partners), Forensic Card Reader, floAt's Mobile Agent, ChipIT and open source BitPim also compete. Search Criteria This report falls under the following categories. Click on a link below to find similar documents. Company: AccessData Group Other Companies: Apple Inc, Cellebrite Mobile Synchronization, COMPELSON Laboratories, Direct Hit Systems, Envisage Systems, FINALDATA, Garmin International, Google, Guidance Software, ISEC Partners, Logicube, Micro Systemation, Microsoft Corporation, Mobile Forensics Inc, Nokia, Oxygen Software, Paraben, Radio Tactics, Susteen, Symbian Analyst: Andrew Hay Sector: Information management / Info retrieval / E-discovery Security / Other Mobility / Mobile application development / Other

Related analysis

451 Market Insight Service

LogLogic adds some much-needed polish to its interface, introduces logging framework With LogLogic 5.0 comes a UI refresh, an easy-to-use log-labeling feature and the introduction of the company's unified collection framework vision. (1 Sep 2010) Cloudy with a chance of ESIM? Tripwire and Terremark team up Tripwire and Terremark bring cloud-based ESIM into the companies' hosted and cloud infrastructure. (30 Aug 2010)

http://www.the451group.com/report_view/report_view.php?entity_id=64148&source=daily... 9/3/2010

AccessData further expands its forensics reach into mobile devices with MPE+ - The 451 ... Page 3 of 3

Is Emerging Threats applying a new shade of lipstick to an old pig? The open source community project looks to commercialize its open source success by launching a licensed Snort IDS rule set. (27 Aug 2010) CA Technologies bolsters privileged-identity feature set and solidifies virtualization In its initial instantiation, the ripples from CA's foray into the privileged-identity market were muted. The company is now hoping to dislodge PIM pure plays on functionality. With virtualization potentially redrawing the market, the race is on. (26 Aug 2010) What color are eIQnetworks' ESIM stripes? Can the company successfully re-brand itself as a unified threat and compliance product, or is the moniker an unneeded reclassification? (25 Aug 2010) Recommind rallies with strong growth and more hosted e-discovery traction The vendor rebounds with 250% year-over-year growth for the first half of 2010, a major marketing push and more widespread adoption of its innovative Axcelerate review tool through a hosted option. (25 Aug 2010) kCura courts corporate e-discovery with on-premises and SaaS legal hold The e-discovery vendor tackles legal hold with a new add-on to its fast-growing Relativity review platform, now available for on-premises deals, as well as on-demand through hosting partners. (17 Aug 2010)

CONTACT US | SITEMAP | TERMS OF USE | PRIVACY POLICY | SPAM POLICY | COPYRIGHT 2000-2010 THE 451 GROUP

http://www.the451group.com/report_view/report_view.php?entity_id=64148&source=daily... 9/3/2010