A Year in Review: A Closer Look at the Top Updates to Our Product Range in 2023
2023 has been a year of innovation, growth, and an unwavering commitment to delivering excellence.
Our dedicated team has been working passionately to elevate our product range, introducing groundbreaking features and enhancements that not only met but exceeded the evolving needs of our valued customers.
As we stand at the dawn of this year, looking forward to new opportunities and challenges, we wanted to take a moment to cast a retrospective glance at some of the great features and improvements that were brough to XRY, XAMN, and XEC in 2023.
Let’s dive right into it.
The Biggest News of the Year: We released XRY PRO!
XRY Pro is a pioneering tool when it comes to data extraction and decoding, offering unparalleled access to some of the most challenging and secure mobile devices. This advanced solution provides users with the flexibility to select a predefined number of unlocks or opt for unlimited unlocks and extractions, using state-of-the-art unique exploits from MSAB.
With XRY Pro, you can access data from the most difficult to breach mobile devices, even as security measures become more sophisticated. XRY Pro offers vast Android support from USA, Canada, Europe, and Asia, including Japan.
Top Updates to XRY
In 2023, XRY experienced significant improvements in functionality, performance, usability, and overall quality. Using our powerful and intuitive mobile data extraction software you can extract and decode more mobile data, in less time, with full integrity.
Here are some of the highlights from our 2023 XRY releases:
Speech-to-Text
We have added the ability to transcribe video and audio files, so they become searchable within XAMN.
Apple Photos OCR and Text recognition
Apple Photos utilizes OCR and content recognition across all images stored in the media partition. This makes it possible for us to identify and decode both machine and handwritten text in pictures, making them searchable within XAMN. Performing keyword searches, content searching, and examining images containing text is now more efficient.
For a quick tutorial on how to harness this feature and save yourself a lot of time during your investigations, check out the #MSABMonday episode below:
RAM Extractions
While computer forensic examiners have relied heavily on RAM analysis to discover valuable evidence, the mobile forensics industry is yet to catch up. At MSAB, we’re leading those efforts.
RAM decoding has the potential to revolutionize mobile forensic investigations. By extracting RAM, you can tap into up to an extra 12 GB of crucial data. And XRY is the perfect tool to help in this endeavor.
Wondering how to find those breakthrough RAM extractions? This short tutorial provides a brief walkthrough, empowering you to confidently review and analyze the RAM data you extract.
UNISOC extended support
Back in May, we came up with a massive breakthrough for the mobile forensics industry – we started offering broad support for UNISOC chipsets, allowing you to dump, bruteforce and decode at record speed a wide range of UNISOC chipsets. With every release from that point forward, we kept on expanding on XRY Pro’s capabilities and adding more UNISOC-based devices to the list of supported devices.
Android FFS Consent solution
You can do a Full File System extraction for Android consent devices. This feature is selected by default for devices where this is applicable. A huge advantage to this type of extraction is that it is a lot faster than a physical extraction. If you want to learn more about this awesome new functionality, we have just the thing:
Additionally, you have selective extraction possibilities when you’re using an FFS Consent. You can select from which specific apps to extract data for Full File System extractions. This is invaluable for cases where only a fraction of the data on the device is relevant to your case and you want to speed up the data extraction process. If you only need data from a specific app, you can now accomplish this feat in as little as two minutes. Moreover, the ability to selectively extract data from specific apps of interest helps ensure strict compliance with any legal requirements.
iOS 17.1 and Android 14
iOS 17 and Android 14 introduced some novel changes and features, which inadvertently has significant implications for the mobile forensics sector. But as long as phone users consistently pursue updates and major phone manufacturers respond in kind, it becomes imperative for both our team and our products to adapt accordingly. And we do.
XRY offers support for iOS 17.1 and the iOS 17.2 Beta, as well as Android 14.
Improved UX flow for Python script usage
Our exceptional team at MSAB has created FREE, game-changing scripts available exclusively on the MSAB Forum. For a step-by-step guide to help you access and use our valuable Python scripts, watch this installment of the #MSABMonday tutorials:
New apps supported
We’ve added support for a wide array of new apps, the overarching count of supported apps now extending to over 460 apps and over 4500 app versions. Apple Weather app, Samsung Weather app, Proton email, Threema Libre, imo, Mastodon, Olvid, Bumble, Skred, Apple Journal are just some of the newly supported apps.
Wasted app detection
The Wasted app is a data wiping application that poses real challenges for investigators. However, thanks to XRY Pro, it is now possible to disable it on Pixel phones.
Samsung, AT&T, and Verizon warrant return import support
In response to the evolving needs of forensic investigators, we’ve expanded our warrant return import support. Samsung, AT&T, and Verizon warrant returns are all supported in XRY.
Imports of other vendor tools
We recognize the tremendous value that comes with having a wide range of tools at your disposal. So, imports of other vendor tools has been focused on to ensure you can review all your case data within XAMN.
Given the growing demand for vehicle forensics, it’s good news that XRY supports the import of Berla iVe files for vehicle forensics data. Watch more on the topic below.
Take the next step. There’s an impressive range of formats available to be imported in XAMN. Whether it’s an .XRY file, a binary dump from another tool, call record data, warrant returns, GrayKey or Cellebrite files, you can easily import any of these formats (and more) and use them seamlessly in an XAMN case. How to do that? All it takes to find out is to press play on the video below.
Don’t let Generic Profiles pass you by
We know that XRY is great at suggesting the device profile when choosing how to extract your device. But if that is not successful, don’t fear. Generic Profiles has you covered for all events. Our Generic Profiles continue to evolve with each update, seeing support for Samsung Generic Exynos, Android Qualcomm Generic, MediaTek and many others.
Top XAMN Updates
Throughout the year, we dedicated ongoing efforts to enhance XAMN, streamline the user experience and help investigators reach results quicker by using our premium analysis tool. Some of the new features and updates include but are not limited to:
Exclusion of system & application files
You can effortlessly exclude Known Data Library files, System files, and Application files to narrow down the focus of your investigations. These types of files are pre-installed and unmodified by the user, thus bearing no importance on your analysis. This feature allows you to significantly reduce the number of artefacts required to be examined, optimizing your workflow immensely.
Granular artifact redaction
XAMN also brings the capability for granular artifact reduction. In cases where you are handling data that is sensitive or legally/regulatorily required to be concealed (such as legal privilege), it is now possible to selectively redact that specific information and omit it from the case. The granular redaction process is applied to individual properties of an artifact. This enhanced feature makes it easier to securely share files, ensuring compliance with legal privilege and handling sensitive cases.
Complete makeover of the MAPS view
XAMN has undergone a comprehensive transformation in its Maps view, introducing numerous enhancements throughout the year. Some of the improved features include:
- Improved artifact presentation in Maps
- Customizable areas of interest with various shapes, which are easy to move and edit
- External reference data in Maps
- Centralized storage of offline maps
For a closer look at the Areas of Interest feature and to see just how easy it is to deal with locations in XAMN Pro, check out this #MSABMonday episode:
Gallery view improvements
We strive to make XAMN the most powerful and user-friendly analysis platform for digital examiners. The improvements brought to our Gallery view has seen a significant stride in that direction. We’ve introduced a new page mode in the Gallery view, which allows you to swiftly step through pages of pictures and videos using your mouse or keyboard. It’s more intuitive and less straining on the eyes. This will make a big difference especially when reviewing high quantities of media files, for example, in a CSAM investigation.
Watch this feature in action and gain additional insights from this episode of our tutorial series:
Video content preview feature
If you want an overview of video file content, all it takes is hovering your mouse over the file for a preview.
Case review tracking
Case review tracking allows you to keep track of your review progress. When enabled, you can easily identify artifacts that have been viewed and artifacts that have not yet been viewed.
Camera filter
Filters are a powerhouse in XAMN, and this new Camera Filter is no exception. This filter allows you to find pictures based on the manufacturer and model of the camera that was used to take the pictures. Want to learn more? It’s all below.
Import vehicle data
The Berla iVe import in XAMN makes it possible to import vehicle data, extracted using Berla iVe. This data includes what locations the vehicle has visited and the recorded speed, but also vehicle events like when the doors have been opened or closed and what mobile devices have been connected to the vehicle’s entertainment system.
Importing the vehicle data to XAMN is useful to view vehicle data side by side with data from a mobile device, or to view the data from multiple vehicles at the same time.
Discover how to easily import Berla iVe files, how it can enhance your investigations, and more – all in the short tutorial below.
Export extracted data to Relativity or Detego output format
You can now select to export artifacts for import into Relativity and Detego.
If you’re an eDiscovery professional looking to learn more about the new export format into Relativity, check out this episode:
Meanwhile, the dynamic partnership between MSAB and Detego Global provides a comprehensive digital forensics solution that covers mobile devices and computers to simplify your investigations. Learn more about it in the product sheet.
Improved database source reference
A more seamless data validation experience is crucial to digital investigators and we’re here to make it happen. With XAMN, validation – a cornerstone of good investigations – is easier to achieve. XAMN 7.8 allows you to get detailed information about the table, column, and row, allowing you to pinpoint the exact origin of your decoded data. This makes it easier than ever to navigate the SQLite database, which makes for a more streamlined and efficient validation process.
Curious to learn more? We’ve got you covered.
Report Builder
The Repot Builder in XAMN Pro is an incredibly useful feature for your investigations, significantly streamlining your reporting capabilities. With it, it’s also very straightforward to share your findings with your investigative team and pertinent stakeholders for better collaboration. Plus, the reports you create are courtroom-ready, allowing you to present your findings with confidence in court proceedings.
For a quick look at the step-by-step process to create professional, error-free, and customized reports effortlessly with ‘drag and drop’ technology watch the tutorial below.
Top XEC Updates:
In 2023, we worked to augment XEC Director with the goal to put in your hands the most effective and powerful way to manage mobile forensics. We’ve added more crucial functions and made it easier to use. Here are some of the changes:
Improved User Level functionality in XEC Director to simplify settings for different User Levels
Greater control over user levels in user groups? Yes, please!
XEC Director makes it easy to define which extraction actions different users can access in XRY as part of a workflow. You can set permissions based on user levels thus ensuring that people in your teams only perform work that corresponds to their training level. Additionally, you can count on more dynamic user levels.
Full XRY Pro support in XEC Director
XRY Pro is supported as a client system type in XEC Director. This makes it possible for you to manage XRY Pro installations from XEC Director.
Centrally managed Known Data library files to be used by XEC-connected client systems
During the device extraction process, a significant portion of the data will be system and application files, which by default contain no valuable information. MSAB offers a hash library file of known data, helping examiners eliminate irrelevant system and application files from the case.
This known data library can now be distributed via XEC, allowing for more efficient analysis and distribution of the library.
Customize texts to appear on login screen on Kiosks and Tablets
Now, it is possible to configure messages that will be displayed on the login screen for individual or multiple kiosks, tablets, or Express client systems.
Support for multiple scheduled reports
You can set up and schedule multiple reports, automating the process, improving productivity and effortlessly sharing your efficiency reports with key stakeholders.
XEC Director settings for 256-bit encryption in XRY on XEC-connected clients
We have added support to XEC Director to allow administrators to control the encryption level for the client systems.
Increased logging of XAMN actions to XEC log
The number of XAMN actions logged to XEC Director has seen an outstanding 800% increase. For instance, you have significantly more possibilities to filter and report on who did what in XAMN, from what part of the system, and at what time. That is also applicable for installations that are not connected to XEC.
Top Updates in KTE
2023 has marked a year of numerous enhancements brought to the workflows in Kiosks, Tablets, and XRY Express. These are some of the most significant:
- We’ve added the ability to review PDF documents
- Improved automatic document generation of the Forensic Process, driven by the workflow.
- Possibility to add a client system alias when joining a client to an XEC system.
- Possibility to lock Kiosks and Tablets from XEC Director
- .NET 7 update.
For detailed release notes and a closer look at all our products’ capabilities head over to the Customer Portal:
The top updates we’ve covered in this blogpost are only a small part of the many great things our dedicated team has achieved. Looking ahead, we are committed to build upon the achievements of 2023 as we welcome even more opportunities for development and innovation in 2024.
Thank you for allowing us to be your trusted partner in digital forensics.