• There are no suggestions because the search field is empty.

Digital Forensic News & Events

Bringing investigators digital forensics and cybersecurity related news from around the world. #AllinForensics
Back to News

How to Create Search Profiles with Mobile Device Investigator

Posted by Richard T. Frawley on November 7, 2019
Richard T. Frawley

Mobile Device Investigator (MDI) is the leading digital forensic triage tool for iOS and Android devices. In this short "How To" video, ADF's digital forensic specialist and trainer, Rich Frawley, will show you how to create a Search Profile with MDI. 

In this smartphone forensic example, you'll learn how to create a Search profile that collects all the Communications Captures and the Device Information.  

To get started:

  1. Click on the New Profile button in the Function Toolbar
  2. Enter a unique name for the profile
  3. Optional - Enter notes describing what the search profile will do

The left hand side of the Define Search Profile view contains categories of Captures available.

  • Clicking on a Capture category displays the Captures on the right hand side.
  • Clicking on an Artifact Capture allows the option to Expand: this shows further details for the type of data the Artifact Capture will collect. Clicking Collapse will return to the Capture selection view

To select a Capture click on the check box next to it. To select all Captures within a Category, Click on the check box next to the Category. When the desired Captures for the Search Profile have been selected, click the Next button to continue.

It is now possible to add or delete custom fields of information that the user enters at the point of starting a scan or to use scan information fields setup in the Settings view. By default there are three mandatory fields: Scan Name, Scan Date, and Scan Time. Additional fields can be added to prompt for more information by typing in the “enter new field name” text box. It is possible to include a default value and make this new field mandatory. To delete a custom field, click on the Delete button alongside it.

6 Other Scan Options:

  1. Skip files processed for more than is where you can set a time value for when files that are taking too long to process are skipped. This feature is useful if corrupt files are stopping scans from completing quickly. Type a numerical value and select minutes or seconds
  2. Collect skipped files – collects files less than 2GB that were skipped during a scan
  3. Collect protected files – this copies any password protected files detected by Captures to the Scan Results
  4. Collect files that crashed parser – this copies any files that Captures cannot read to the Scan Results
  5. Activate Bitlocker on Collection Key – this will encrypt any Scan Results written to the key securing the data against loss or theft
  6. Whitelists – add a whitelist based on a folder of files, a CSV file containing hash values or a JSON file of hash values

Once your selections have been made select Save. You profile is now part of your Search Profile Library. You can now Export, delete, copy, or edit the Search Profile. Search Profiles can also be customized by clicking the New Capture Button on the function toolbar. You can create captures to Collect files, Search for files by Hash and Search by Keyword. 

Watch: Create Custom Search Profiles

Topics: Cyber Crime, Digital Forensics, BitLocker, Triage, Mobile Device Forensics, Mobile Triage Kits, Mobile Forensics, How To Video, Mobile Device Investigator, Field Forensics, Mobile Forensics Video

Posts by Tag

See all

Recent Posts

New ADF Free Trial Website Ad

  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?

  • Purchase