Mobile Device Investigator (MDI) is the leading digital forensic triage tool for iOS and Android devices. In this short "How To" video, ADF's digital forensic specialist and trainer, Rich Frawley, will show you how to create a Search Profile with MDI.
In this smartphone forensic example, you'll learn how to create a Search profile that collects all the Communications Captures and the Device Information.
To get started:
The left hand side of the Define Search Profile view contains categories of Captures available.
To select a Capture click on the check box next to it. To select all Captures within a Category, Click on the check box next to the Category. When the desired Captures for the Search Profile have been selected, click the Next button to continue.
It is now possible to add or delete custom fields of information that the user enters at the point of starting a scan or to use scan information fields setup in the Settings view. By default there are three mandatory fields: Scan Name, Scan Date, and Scan Time. Additional fields can be added to prompt for more information by typing in the “enter new field name” text box. It is possible to include a default value and make this new field mandatory. To delete a custom field, click on the Delete button alongside it.
Once your selections have been made select Save. You profile is now part of your Search Profile Library. You can now Export, delete, copy, or edit the Search Profile. Search Profiles can also be customized by clicking the New Capture Button on the function toolbar. You can create captures to Collect files, Search for files by Hash and Search by Keyword.