Why Jamf Mobile Forensics?
Jamf Mobile Forensics, formerly Jamf Executive Threat Protection (JETP), fills the advanced detection, forensic, and analysis gap for sophisticated attacks targeting mobile devices. Its threat intelligence and automated analysis capabilities remove the heavy lifting for security teams, enhancing digital forensic investigations and enabling teams to speed up mitigation and remediation steps.
Sophisticated attacks like mercenary spyware, zero-click exploits, advanced persistent threats (APTs), and nation-state attacks target users based on who they are, the type of work they conduct, or the data they can access. These attacks require ample resources and funding to execute, and they more often target high-risk users and organizations.
Who Needs This?
Government & Public Sector
Politicians, senior officials, diplomats, and intelligence personnel. Apple and Google actively notify these users about potential spyware attacks.
C-Level Executives & Board Members
Handling sensitive business decisions daily. Their devices contain strategic information that adversaries want — M&A plans, trade secrets, and confidential negotiations.
Key Employees
Finance, legal, or R&D departments with access to sensitive data. Employees in Technology, Logistics, Natural Resources, Manufacturing, and Financial Services are vulnerable because of the high-value data they hold.
Business Travelers
Employees traveling to countries with heightened espionage risk require fast, in-depth analysis to determine risk, search for IoCs, and respond to threats before damage spreads.
Journalists & Activists
Investigative journalists, human rights lawyers, and civil society figures who are commonly targeted by nation-state actors.
How Does Jamf Mobile Forensics Work?
The combination of deep, automated log collection and a natural user experience simplifies the analysis process, helping security teams quickly understand and respond to sophisticated attacks.
Device Scanning
The Threat Protect mobile app proactively scans devices at intervals set by the organization. It collects and analyzes endpoint telemetry like system logs, kernel logs, certificates, crashes, and software to detect known and unknown threats. Scans take minutes instead of weeks.
Rules Engine
Tag, allow list, or block list different types of indicators of attacks and compromise. Build complex rules based on many attributes including YARA, bundle identifiers, and process names.
AI Analysis
An AI research assistant that reduces manual research required to analyze device crashes and anomalies. It provides rapid, expert-level insight into potential device compromises — including unusual app behaviors, hack detection, and remediation recommendations.
SOC Integration
Simplify investigation workflows by automatically grouping events into unified incidents. Monitor and manage your entire fleet against advanced attacks with contextual information. Integrate with SIEM/SOARs, IdPs, and MDMs via powerful APIs.
Defend your high-risk users from mercenary spyware like Pegasus, Predator, Graphite, and Spyrtacus — with automated forensic analysis that takes minutes, not weeks.
Types of Threats Detected
| Threat Type | Description |
|---|---|
| Mercenary Spyware | Commercial surveillance tools like Pegasus, Predator, and Graphite that infiltrate devices through vulnerabilities |
| Zero-Click Attacks | Attacks that infect mobile devices without any user interaction |
| Advanced Persistent Threats (APTs) | Well-resourced, sophisticated attacks aimed at prolonged network/system intrusion |
| Nation-State Attacks | Government-sponsored attacks using both APTs and mercenary spyware |
| Zero-Day Vulnerabilities | Previously unknown security flaws exploited before patches are available |
| Kernel Attacks | Attacks targeting the operating system core |
| Browser & Network Exploits | Malicious code delivered through browsers or mobile network vulnerabilities |
Privacy-First Design
Jamf Mobile Forensics collects system telemetry (system logs, kernel logs, certificates, crashes, software) to detect threats while never collecting:
- Passwords or credentials
- Photos or videos
- Text messages (including iMessage)
- Contacts or call data
- Data in applications
- Browser history
Common Use Cases
Pre- and Post-Travel Scanning
Employees traveling to countries with heightened espionage risk require fast, in-depth analysis to determine risk, search for IoCs, and respond to threats before damage spreads.
Digital Forensics & Incident Response
Analyze devices to quickly assess device integrity, uncover anomalies, and implement containment measures — going from weeks to minutes.
Mobile Threat Hunting
Proactively scan iOS and Android devices to analyze logs (including at the OS level), inspect devices for IoCs, or write rules to detect malicious attacks before they cause damage.
How It Works
- Deploy — Install the Threat Protect app on mobile devices via MDM (corporately-owned or BYOD)
- Scan — Automated, proactive scans at organization-set intervals collect deep endpoint telemetry
- Analyze — The rules engine with Jamf Threat Labs proprietary behavioral analytics automates analysis
- Detect — Identify zero-click attacks, unknown exploits, IoCs, and mercenary spyware
- Respond — Use SOC workflows, AI Analysis, and integrations to remediate threats quickly
Why KlickKlack?
As Taiwan's only Jamf MSP and Elite Partner, KlickKlack provides:
- Expert deployment and configuration
- Integration with your existing Jamf infrastructure
- Local support in your language and timezone
- Ongoing security consultation
Professional Team
Our team holds multiple vendor and security certifications:
Protect your most important people from the most sophisticated threats.