Skip to main content
Site Search
  1. Home
  2. Products
  3. Jamf Mobile Forensics

Jamf Mobile Forensics. Protect high-risk users.

Swiftly detect and respond to advanced mobile attacks.
Start Trial
Digital forensics software interface: Jamf Mobile Forensics dashboard. Features include real-time threat detection, device status monitoring for iPhone and iPad, cybersecurity event logging, and automated response settings for enterprise mobile device man
An Apple iPhone with a Jamf logo on its screen next to a floating digital interface titled

Proactive, actionable protection against sophisticated attacks

Bad actors target employees like government officials, traveling executives and journalists with sophisticated attacks such as:

  • Zero-click attacks
  • Pegasus and other spyware
  • Advanced Persistent Threats (APTs)
  • Exploits and payloads that evade internal security controls

To combat this, organizations must constantly analyze device integrity and indicators of compromise.

Challenges to protecting high-risk users

Limited visibility

MTD and MDM can’t offer the deep system access needed

Manual forensics

Costly, time-consuming, and can violate privacy or PII compliance

Loaner programs

Create a shadow IT and bad user experiences; eat up budgets

A Jamf Mobile Forensics dashboard displays an events summary alongside a list of managed devices, including

The solution: Jamf Mobile Forensics

Jamf stands out as the best choice for iOS and Android forensics, offering advantages only we can provide.

Jamf advantages:

Privacy first

We never collect PII like passwords, photos, messages, contacts, call data — or anything else.

Better usability

We make digital forensics easy to understand and implement.

Time savings

Move from weeks to minutes to detect, analyze and respond to sophisticated attacks.

Jamf Threat Labs

Gain insights from our team of security researchers, analysts and engineers.

Jamf offers the most actionable forensics and detection capabilities:

Advanced detection and response

Known CVEs and proprietary behavioral analytics detect anomalous behaviors and IOCs.

Automated collection and analysis

Instantly collect and analyze comprehensive endpoint telemetry: OS logs, kernel logs, crashes and more.

Remote DFIR

Proactively scan a device to inspect it for signs of attack.

AI Analysis

Use AI-powered forensics to streamline research into device crashes and anomalies.

Security Operations Center

Simplify investigation workflows by automatically grouping events into unified incidents.

MDM deployment

Streamline deployment of corporate-owned and BYOD iOS, iPadOS and Android devices.

Learn details about Jamf Mobile Forensics.

Discover more

Go in-depth on the technology, use-cases, and the attacks Jamf Mobile Forensics defends against.

Read overview blog

What's new

Discover the latest features and functionalities in the latest Jamf Mobile Forensics release.

Read latest release blog

More help for mobile

Jamf for Mobile provides foundational management and security to transform mobile devices.

Discover Jamf for Mobile

Get started with Jamf Mobile Forensics.

Start Trial Contact Us

Frequently asked questions

Who is Jamf Mobile Forensics for?

Jamf Mobile Forensics is for organizations wishing to detect and respond to advanced threats such as APTs, mercenary spyware, zero-clicks and nation-state attacks. It is meant to protect high-target, high-risk users and their devices.

What is the difference between Jamf for Mobile and Jamf Mobile Forensics?

Jamf for Mobile combines device management, mobile security and compliance, and secure application access. It offers new workflows and higher productivity in an experience that users enjoy.

Jamf Mobile Forensics adds an advanced forensic layer to protect users at the highest risk for targeted attacks. This enables security teams to detect and investigate anomalous behaviors, suspicious activity and advanced threats. These threats include: APTs, mercenary spyware, zero-click or nation-state attacks.

What data does Jamf Mobile Forensics collect? What does it never collect?

Jamf Mobile Forensics never collects passwords, photos or videos, text messages (including iMessage), emails, contacts, call data, browser history or data in applications or files.

Jamf Mobile Forensics collects crash, Wi-Fi manager, kernel and App Store logs; spindumps and IPS files, configuration profiles, processes and threads, installed apps and file names, and developer certificates.

Does Jamf Mobile Forensics work on my platform(s)?

Jamf Mobile Forensics detects, analyzes and responds to sophisticated attacks on iOS and Android devices. Jamf Mobile Forensics administrators and analysts can also use macOS and Windows devices to perform inspections and administrative tasks.

Can Jamf Mobile Forensics help detect Pegasus or mercenary spyware?

Jamf Mobile Forensics is specifically designed to detect sophisticated attacks such as Pegasus, Predator, Graphite and other mercenary spyware.

How quickly can my team go from “suspicion” to a usable timeline with Jamf Mobile Forensics?

Jamf Mobile Forensics detects threats within minutes of inspection. It builds incident timelines that include incident severity and status. This allows research, SOC and forensics teams to view suspicious activity impacting mobile devices.