Stolen GPS helps solve crimes

XRY used on GPS device found in car of suspects, leads police to evidence of 8 burglaries

"Thanks to the coordinates, we have been able to follow their journey north and tie them to the eight burglaries in different places, from Karlskrona to Tanumshede in Bohuslän, Billingsfors in Dalsland, and Edsvalla, Bergsäng and Gunnerud in Värmland," said investigators Håkan Nyberg at police in Sunne to Sydöstran.

The suspected gang was made up of two men and two women. The men were arrested in the act during a residential burglary north of Karlstad, the women nearby. All four suspects have been charged with eight burglaries over a 500km journey.

For more information about this story please visit News

Why Chipsets rather than Devices?

Why do we specify support for chipsets instead of devices?

We are sometimes asked why we mention support for chipsets rather than specific mobile devices. We thought it would be helpful to have a more detailed explanation of the reasons.


A mobile device "chipset" is the set of electronic components on the integrated circuit board that manages the data flow between the processor, memory and peripherals. It is usually constructed as a complete system on a chip.

A chipset combines a memory chip with software embedded during manufacture called a ROM (read only memory). ROM is the non-volatile memory retained when the power is removed, embedded on the chipset and can’t easily be changed.

The boot chain of mobile devices generally consists of a central processor which contains, and initially boots from, read only memory. Followed by later stage boot loaders and the operating system contained in flash memory. For each stage in the boot chain of a mobile device there may be opportunities for loading code or reading out flash memory contents directly.

A bootloader is the software code executed before the operating system runs, designed to put the system in a state in which it can perform its primary function. Boot loaders package the instructions to boot up an operating system kernel and most of them also have their own debugging or modification environment. This usually requires hardware initialization coupled with the correct image to load from flash. Because of its key role, the bootloader is usually installed in a part of the Flash that is protected from accidental erasure or corruption. Bootloaders are however, replaceable and cheaper to replace compared to ROMs.

The mobile operating system (OS) is the software which acts as the primary platform on which other application programs are executed. 

The boot sequence generally begins with the ROM. The ROM then passes control to the Flash memory which contains a sequence of boot loaders. The first stage bootloader is always attached to the Chipset. The total number of bootloaders is variable, but all bootloaders have to run to activate the operating system. Security issues at each stage will determine which level may present the greatest opportunity for access to the device and eventual data recovery. But it is prudent to look at the chipset or operating system in order to gain the advantage of covering multiple mobile devices.


To save on component costs many vendors have implemented similar chipsets across a wider range of modern devices in an effort to speed up development and offer lower prices to customers.

Asian chipsets manufacturers like MediaTek and Spreadtrum etc. have been particularly successful and that means many vendors now have similar chipsets embedded in their devices. For example both Nokia and Motorola now buy MTK chipsets, so there is an obvious advantage in having a forensic solution cutting across both vendors. Thus tackling chipsets rather than just devices opens up greater opportunities for device support in XRY.

Our research and development teams have discovered that many of these chipsets, whilst capable of secure modes, generally don’t have them implemented. For those chipsets which are accessible, our engineers naturally take advantage of the opportunity.

Where security measures are implemented, the bootloader level is the second stage of research to seek access to a group of devices. XRY communicates with the bootloader or firmware installed on the device to ascertain its status. Some manufacturers have a built in debug functionality which allows us to read out the memory by sending code to the bootloader.

The Operating System level is the third line of attack. This is in most cases the most difficult option as more complex security systems are likely to be active compared to both the chipset and bootloader levels. Conversely gaining access into this level will of course give a much wider range on support for devices. A good example is the Android Generic profile in XRY which can be used on most Androids irrespective of the version, chipset and manufacturer.


The three levels of attack produce solutions which in some cases may overlap. In a nutshell, all three solutions are dependent on each other and the famous "It depends" answer is still applicable.

MSAB documents support for chipsets when our engineers find opportunities at that level which cut across most devices.If a chipset is supported irrespective of the Phone vendor and operating system, XRY can usually extract the data.

Guilty Of Plotting To Behead Soldier

Forensic examination of phone showed online search for information on military bases

A teenage Muslim convert has been found guilty of planning his own attack on members of the British military.

Brusthom Ziamani, 19, was arrested by counter terrorism officers on 19 August last year, carrying a rucksack containing a 12-inch knife, a large hammer and an Islamic flag.

He was arrested by police later that day, purely by chance, as officers had been planning to detain him for the extremist messages he was continuing to post on Facebook.

Forensic examination of his mobile phone also discovered that he had searched online for information on army cadet and other military bases in his local area.

For more details on this story please visit Sky News >

New XRY Tablet

A lightweight solution for faster examinations

Introducing the new XRY Tablet from MSAB purpose designed for frontline users who need immediate access to data.

With a new touch screen interface, the XRY Tablet is designed to quickly and easily recover data from mobile devices.

With its ease of use the Tablet provides first responders with real-time evidence and intelligence gathering capability in the most flexible form factor to date. 

For more details please visit the product page - XRY Tablet

Overcome delays in accessing evidence from mobile devices

XRY Kiosk– built to prevent delays in access to evidence from mobile devices

In the Annual Assessment of Policing in England and Wales 2013/14 published today by Her Majesty’s Chief Inspector of Constabulary, concerns were raised regarding the forensic support capabilities available to officers to ensure vital evidence from mobile devices was provided in a timely manner. This concern focused on the significant delays in receiving evidence back from forensic support services which has failed to keep pace with the growing demand for phone analysis.

In particular the report highlighted:

2.54 - The forensic support services available to officers have not kept pace with the ways in which crimes are now committed. This is especially so in relation to technology. Officers told HMIC that in most investigations, they need to be able to retrieve from seized digital devices (whether a mobile phone, tablet or computer) data and information in ways that meet the standards of admissible evidence in court. This is done by trained and specialist staff. Officers told of significant delays in receiving evidence from digital devices. The absence of this evidence can cause unacceptable delays in investigations and prosecutions. This problem has an adverse effect on police officers’ ability to investigate the crimes that affect the public every day. It is not acceptable that evidential material that happens to be stored digitally cannot be made available to investigating officers for weeks, and sometimes months, after the crime. Forces cannot be properly effective without timely access to evidence held on mobile and other devices.


There are now more mobile devices in circulation than people in the world and as use of these devices, and accompanying applications, continues to expand rapidly, so too will the use of digital forensics as an invaluable tool for gathering evidence of crimes.

MSAB is the manufacturer of the mobile forensic tool XRY which is used by over 95% of UK law enforcement agencies. We are well aware of the growing demand currently being placed on the police. The potential volumes of evidence available usually far exceed the operational capabilities of specialist officers in traditional organizational structures to acquire it quickly and efficiently in order to meet the time requirements of day to day crime investigations.

To meet the next generation of demand for rapid and immediate access to evidence – MSAB has introduced the XRY KIOSK to help officers on the frontline, get mobile evidence faster than ever before:

The Kiosk unit is purpose built for ease of use and forensic integrity, to allow frontline police officers access to the contents of mobile devices within minutes. Designed to be installed at a local police station and used by multiple officers through the use of secure access – officers can see the contents as soon as the examination is complete to allow for quicker decision making.

Recently there have been a number of high profile cases where cutting-edge digital forensics tools have played a key role.  In the Oscar Pistorius trial, Reeva Steenkamp admitted to being scared of the South African track star in a message three weeks before he shot her dead.  In a WhatsApp conversation in January of 2103, Ms. Steenkamp wrote: “I’m scared of you sometimes and how you snap at me.”  Thanks to XRY this evidence was recovered and used by the South African Police which including over 35,000 pages worth messages between the couple. 

In England & Wales police officers have powers to seize and search mobile devices as evidence in the correct circumstances provided they have reasonable grounds to believe they may contain evidence of a crime. As the number of smartphone messaging apps continues to explode, it is essential that investigators have tools that can allow them keep pace and afford them access to the latest data.  More and more, investigators are turning to technologies like XRY that ensure they have seamless access to not just the latest apps but also the latest versions of those apps.

 1 2 3 >  Last ›