Mobile Verification Toolkit: Enhancing Digital Forensics for Android and iOS Device

Published by


In an increasingly connected world, the need to protect our digital privacy has never been more critical. With the advent of sophisticated spyware campaigns and potential threats to our personal information, staying ahead of the curve in digital forensics is essential. Mobile Verification Toolkit (MVT) is a powerful solution that has emerged as a game-changer in the forensic analysis of Android and iOS devices. Developed by the Amnesty International Security Lab in July 2021, MVT has since become an invaluable resource for technologists and investigators worldwide.

Understanding MVT

Mobile Verification Toolkit is a comprehensive collection of utilities designed to simplify and automate the process of gathering forensic evidence that can help identify potential compromises in Android and iOS devices. It’s an invaluable tool for anyone involved in digital forensics, but it does require a fundamental understanding of forensic analysis and command-line tools. MVT is not intended for end-user self-assessment, but rather for professionals who are dedicated to safeguarding digital privacy.

The Birth of MVT

MVT was born in the context of the infamous Pegasus Project, a collaborative effort aimed at exposing vulnerabilities in digital security. Its development was spearheaded by the Amnesty International Security Lab, with ongoing support from other contributors. The toolkit has continued to evolve since its release, and it remains a critical resource for the digital forensics community.

Mobile Verification Toolkit (MVT) is a genuine tool. It was developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus Project.It continues to be maintained by Amnesty International and other contributors.

MVT is a forensic research tool intended for technologists and investigators. It is used to identify traces of compromise on Android and iOS devices. This can be useful for investigating cases of targeted surveillance, espionage, and malware infection.

MVT is not intended for end-user self-assessment. It requires understanding the basics of forensic analysis and using command-line tools. If you are concerned with the security of your device, you should seek expert assistance.

MVT is released under a license that prohibits its use for adversarial forensics of non-consenting individuals’ devices. This means that MVT can only be used to investigate devices with the consent of the owner.

Overall, MVT is a reputable tool that can be used to identify traces of compromise on Android and iOS devices. It is important to note that it is a forensic research tool and requires specialized knowledge to use.

Key Features of Mobile Verification Toolkit

MVT boasts a wide range of capabilities, which continue to expand over time. Some of the core features of this toolkit include:

  1. Decrypt Encrypted iOS Backups: MVT can effectively decrypt encrypted iOS backups, unlocking valuable data for forensic analysis.
  2. Process and Parse iOS Data: The toolkit can process and parse records from various iOS system and app databases, logs, and system analytics, providing investigators with crucial insights.
  3. Extract Android Applications: MVT can extract installed applications from Android devices, enabling a deeper understanding of device activity.
  4. Extract Diagnostic Information: Through the Android Debug Bridge (adb) protocol, MVT gathers diagnostic information from Android devices, enhancing the depth of forensic analysis.
  5. Indicators of Compromise (IOCs): MVT supports the use of public IOCs to scan mobile devices for potential traces of targeting or infection by known spyware campaigns.
  6. Malicious Indicator Comparison: The toolkit allows users to compare extracted records to a provided list of malicious indicators in STIX2 format, helping identify potential threats.
  7. Logging Capabilities: MVT generates JSON logs of extracted records and separate JSON logs of all detected malicious traces, streamlining the investigative process.
  8. Chronological Timelines: It creates a unified chronological timeline of extracted records, along with a timeline of all detected malicious traces, making it easier for investigators to understand the sequence of events.

Download MVT on GitHub

The developers of Mobile Verification Toolkit are dedicated to ensuring that this powerful tool does not infringe on the privacy of non-consenting individuals. To achieve this, MVT is released under a specific license, emphasizing ethical and responsible use. The toolkit is freely available for download on GitHub, making it accessible to digital forensics experts and investigators worldwide.


As our digital world becomes increasingly complex, tools like Mobile Verification Toolkit are essential for maintaining our digital privacy and security. Whether you’re an investigator looking to uncover potential compromises in Android and iOS devices or a technologist seeking to strengthen your digital forensics toolkit, MVT provides the necessary capabilities to stay ahead of the curve. With ongoing support from Amnesty International and the broader forensic community, MVT continues to evolve and adapt to the ever-changing digital landscape, making it an indispensable resource in the fight for digital privacy and security.