From 46cc54df74a158e8497b33299df817eab409f0d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Donncha=20=C3=93=20Cearbhaill?= Date: Fri, 30 Jun 2023 19:43:30 +0200 Subject: [PATCH] Add information about public indicators and support avenues to documentation --- docs/index.md | 3 +++ docs/introduction.md | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/docs/index.md b/docs/index.md index 8bca5a9..50c71d1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -6,6 +6,9 @@ Mobile Verification Toolkit (MVT) is a tool to facilitate the [consensual forensic analysis](introduction.md#consensual-forensics) of Android and iOS devices, for the purpose of identifying traces of compromise. +It has been developed and released by the [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) in July 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/) along with [a technical forensic methodology](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/). It continues to be maintained by Amnesty International and other contributors. + + In this documentation you will find instructions on how to install and run the `mvt-ios` and `mvt-android` commands, and guidance on how to interpret the extracted results. ## Resources diff --git a/docs/introduction.md b/docs/introduction.md index 7268cc4..5cc81bf 100644 --- a/docs/introduction.md +++ b/docs/introduction.md @@ -12,6 +12,20 @@ Mobile Verification Toolkit (MVT) is a collection of utilities designed to facil MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. MVT is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance. +## Indicators of Compromise + +MVT supports using [indicators of compromise (IOCs)](https://github.com/mvt-project/mvt-indicators) to scan mobile devices for potential traces of targeting or infection by known spyware campaigns. This includes IOCs published by [Amnesty International](https://github.com/AmnestyTech/investigations/) and other research groups. + +!!! warning + Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security. + + Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence. + + Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/). + +More information about using indicators of compromise with MVT is available in the [documentation](iocs.md). + + ## Consensual Forensics While MVT is capable of extracting and processing various types of very personal records typically found on a mobile phone (such as calls history, SMS and WhatsApp messages, etc.), this is intended to help identify potential attack vectors such as malicious SMS messages leading to exploitation.