The Mobile Verification Toolkit (MVT) is a comprehensive set of tools designed to streamline and automate the process of gathering digital evidence, aiding in the identification of potential compromises on both Android and iOS devices.
One of MVT’s primary functions is to scan mobile devices using public indicators of compromise (IOCs). By doing so, it can detect any traces left behind by known spyware campaigns, thereby assisting technologists and investigators in their forensic research. However, it’s important to note that MVT is not meant for end-users seeking to assess their own devices.
Originally developed and released by the Amnesty International Security Lab in July 2021 as part of the Pegasus Project, MVT continues to be maintained by Amnesty International and other contributors. Its release coincided with the introduction of a technical forensic methodology.
MVT boasts a range of powerful features that are regularly updated and expanded. These include the ability to decrypt encrypted iOS backups, process and analyze records from various iOS system and app databases, logs, and system analytics, extract installed applications from Android devices, and retrieve diagnostic information from Android devices via the adb protocol. Moreover, MVT allows users to compare extracted records with a provided list of malicious indicators in STIX2 format, generate JSON logs of extracted records, create separate JSON logs of all detected malicious traces, and compile a unified chronological timeline of extracted records alongside a timeline specifically dedicated to malicious traces.
For those interested in utilizing MVT, it can be downloaded from GitHub. It is worth emphasizing that the developers of MVT have implemented measures to prevent the tool from being misused to violate the privacy of individuals without their consent. To reinforce this, MVT is released under its own license.
CyberSec84 | Cybersecurity news. 
Leave a comment