Output folders structure

Output folders structure

Output folders structure

All results of the data extraction and analysis are contained in one folder, which is the base folder of all the reports and exports. By default this folder has a name consisting of the phone name, the date and time when the processing started, such as: Samsung Galaxy S7 (2020-03-03 10h36m23s). You can select the destination folder and rename the export before starting the export.



Contents of the folder mainly depends on which output formats has been selected, plus there are a few files that are related to the extraction and analysis in general.


HTML Report

HTML reports are saved in two ways – one is the whole report stored in one file, Report_long.html, and the other one is the full report divided into multiple files (one file per main report section) and the index to the whole report is Report_index.html. The reason for this division is that the reports might be big and some browsers cannot open such big files.

All the images, linked files (which also means all files extracted from the phone, for a given report) are stored in the folder html_files, so this folder belongs to the html reports and if copied all of these folders and files should be kept together, in case such as when you need to make a copy of the specific report.

PDF Reports

PDF report is similar to the html report – in fact it is generated from a special version of the html file – and the name of the report is Report.pdf. In this report all images are stored inside of the PDF, in a suitable resolution so the PDF file itself can be used for distribution of the report, but there are links from the PDF to additional content stored in the folder named pdf_files, such as all the extracted files (application databases and the like) and also the images in their original resolution.

When the resulting pdf report file might be too large causing the pdf generation phase could fail, it is better to use the PDF Report – Multiple Files option, which generates multiple PDF files, one per each report section. The files start with numbers such as 01_Screenshots_of_User_Settings.pdf, 02_Summary.pdf etc., and all the pdf files are again linked to the pdf_files folder.


MS Excel Report

This report format generate multiple files divided by the content of the phone, saved as a .XLSX document (for this you need to have MS Excel installed on your PC). There is no folder related to this format as no additional files are saved during the report, and if you need the related files they have to be taken from the other report folders.

The file names have the format such as xlsReport.xlsx and xlsReport_SIM Card.xlsx.

MOBILedit Backup

MOBILedit Backup is the format which stores all the information that has been extracted from the phone, and that can be opened later to create additional reports, either with different options and parameters, or in a newer version of Forensic Express with improved features such as enhanced recovery of deleted data. The file name is backup.mobiledit, all related files are stored in the folder backup_files, and to open the backup use the option Open file in the main window (when you press Start after launching the application.)


MOBILedit Export

This export format contains all analyzed information from the phone, including data from applications and the recovered deleted data, its file name is export.mobiledit and the related folder with files is mobiledit_export_files.


Report subfolder "Phone"

This subfolder is similar for the mentioned folders above and it contains subfolders:
Name
Content
application0
applications and their data, not user shared galeries
application1
special content, logs from apps or content providers
raw0
the whole phone file system
raw3
file system which is shared with apps, for example images, music, downloads, user galeries
misc
temporary files, icons, thumbnails, contacts pictures, message attachments

You might need this information in case you want to browse the extracted data (image, audio and video files) without opening the report. It also might include a little differencies based on the phone you were extracting (Android or iOS).

Additional backup folders – iTunes, ADB and iCloud

If you specify that you want an Android (ADB) backup or iTunes backup, then these additional phone backups are stored in the output folder as well, in subfolders named adb_backup and apple_backup, respectively. These separate backups can be opened too, using the Open file option. ADB backup is also typically created when any application data are needed, and iTunes backup (which contains lots of useful information) is used for most of the operations with an iPhone or an iPad. 
If you are using the iCloud analyzer, then downloaded iCloud backups are stored in subfolder named icloud_backups.


Logs and other files

There are three specific files in the report folder.

File log_full.txt contains all information that was presented on the screen in the white log window, together with all files copied from the phone, and if the password breaker has been used then it contains the resultant password as well.

In the log_short.txt there is a summary info of the extraction phase, together with a list of failed items indicating what might be missing in the report, such as skipped folders. Contents of this file is also included in the html and pdf reports in the Data Extraction Log section.

File report_configuration.cfg contains all parameters of the whole report, and if you need to create the same report from a different phone you can load this configuration file using the Load report configuration at the start of the report.

Files and long folder paths

All the files in the report subfolders are stored in a tree structure that is based on the original data in the phone, so advanced users might be able to get any files for additional analysis or any other purpose.

When copying the subfolders (or the whole report folder) please be aware that the full paths might be longer than the usual limit of 255 characters still present in the Windows shell. It means that while the file system supports paths as long as 32000 characters (and this is true for many older versions of MS Windows), the standard copy/paste or drag and drop file operation will not work well with these folders. In Windows 10 it seems to be finally addressed, and in other cases you might use either a third party file manager (such as Total Commander), or a zip/archive file manager that can handle these long paths.


    • Related Articles

    • Output - reports, exports and backups

      Reports Create multiple formats of reports and exports after extracting data from a phone, each customizable to your specific needs. To continue you must select at least one format. More information about the structure of each file format can be ...

    • Backup options

      Backups in general Phone Copier Express allows you to save various backups as an output option. This means you can save your data in the packed backup format and restore it to a new phone, or even to the same phone later if and when it is needed. To ...

    • How to make an application backup

      1) Open MOBILedit Forensic Express and click "Start"   2) Plug your phone to USB. You will see that on your phone Forensic Connector screen will show up. MOBILedit will then find the connected phone. [1] Shows the phone type currently connected  [2] ...

    • Data - Deleted data

      We do offer more ways to recover deleted data. The first one is recovering the data from SQLite databases, the second one is recovering the files and folders from physical images. SQL databases allow you to recover the data which were marked as ...

    • System requirements

      To enjoy the best possible user experience, we recommend the minimum system requirements to be as follows: CPU: Intel core i3 is minimum, i7 is recommended for concurrent extractions, CPU with AVX is required for Face Matcher and Photo Recognizer ...