Not so **SECRETIVE** answer: By listening to the challenges faced by the Indian Customers and finding the solutions, for Once and All.
This blog-post talks about one such incident which led to addition of an unsupported App to the default list of Supported Apps which can be decoded by MSAB XRY Mobile Forensics Tool.
To begin with, one of the most reputed Customers of MSAB in India had extracted data from a Mobile Phone using certain Mobile Forensic Tools. Other apps were decoded as per the Customer's expectation, however, one app caught their attention which could not be Decoded but contained a huge amount of data. The app was Graph Messenger. The amount of data couldn't simply be ignored and therefore the Customer, after unable to decode the data contacted the MSAB's Technical Team in India for a solution.
Till then, nobody had anticipated the amount of mystery contained in this single app, which was solved of-course!, and the best possible outcome was achieved and presented to the Customer, to their delight!
Graph Messenger: A short background
Simple idea of the app: Use Telegram's API and add new features like real multi account system, download manager and timeline.
Graph Messenger, by the looks of it, is just like one of those umpteen other messaging app on the Play Store. The description on their Website reads as an UNOFFICIAL messaging app that uses Telegram's API (Application Programming Interface) with some additional features to make it more lethal and anti-forensics (if used with wrong intentions).
Tackling the Situation-in-Hand:
Upon receiving the Support call from the Customer, the MSAB's Technical team created a similar scenario in their own "Test Device" at their location in India and backtracked the exact process followed by the Customer.
They were successfully able to decode the data at their location and called up the Customer to tell them the exact steps to be followed.
However, the Customer was still unable to decode the data, and it being an important case, the customer requested the MSAB's Technical Person to visit their facility in person to provide a resolution.
Next day, upon visiting the Customer Location, the team was astonished to find that there were a surplus of 100 User Accounts logged into the App from that Mobile Device.
"The App had not 1 or 2 but 100+ User accounts logged in." – Not a very commonly seen situation!
Take a Sneak Peak at the Folder Structure:
The extracted data was analysed by the team and this is how the App's Folder Structure looked:
A separate folder for each account can be seen in the Screenshots above apart from several other files required by the App to function.
Upon finding the new information, the team performed some R&D at the Customer's location then and there itself.
The steps were retraced in front of the Customer and ultimately they were able to get the decoded data from all the 100+ accounts which were Used or Logged in on this device.
This whole exercise led to the addition of Graph Messenger in the list of supported Applications in MSAB XRY Mobile Forensics Tool.
You can find the same by searching for "Graph Messenger" in the Application, as depicted in the Image below:
End Result: A better Mobile Forensics Tool & A Happier Customer
This is just one of several stories which resulted in addition of new features in the tool. Although the Tool had capacity to decode the data, the route to that solution was not straightforward and that is where getting support & the role played by the Technical Team from MSAB proved most important.
MSAB's suite of Mobile Forensics solution and Advanced Application Decoding Trainings are available in India through one of the authorised partner Cyint Technologies. You can contact Cyint to know more about such Success Stories and enquire more about the MSAB Products & Trainings in India Region.
To Contact Cyint Technologies: