LUMA

AI-powered forensic platform for comprehensive mobile threat analysis. Designed for security professionals and forensic examiners, LUMA detects state-sponsored spyware, commercial surveillance tools, and Zero-Click / One-Click attack indicators on iOS and Android devices.

Request a Demo Learn More

Threat Actors Detected: Pegasus (NSO), Predator (Cytrox), Candiru, QuaDream, Hermit (RCS Lab), and commercial stalkerware

Deployment Models

Choose Your Edition

Flexible deployment options for every security environment

Mobile Forensics Platform
Pro

LUMA Pro

AI-Enhanced Analysis

  • On-site software with cloud AI analysis capabilities
  • Automatic fallback to local analysis when offline
  • 5-step forensic pipeline powered by advanced AI models
  • Remote scan capability via QR-based secure upload
  • Multi-language forensic reports with Bayesian methodology
Mobile Forensics Platform
Enterprise

LUMA Enterprise

Zero Trust / On Premise

  • Fully offline operation - no internet connection required
  • Local AI processing with deterministic forensic computation engine
  • Air-gapped deployment for classified environments
  • Ideal for government agencies and defense contractors
Analysis Engine

Core Capabilities

Multi-layer forensic analysis powered by AI and deterministic computation

State-Sponsored Detection

Pegasus, Predator, Candiru, QuaDream

Stalkerware Detection

FlexiSpy, mSpy, Cocospy, commercial spyware

Forensic Extraction

Cellebrite, GrayKey, MSAB tool detection

IOC Matching

15,353 indicators from Amnesty, Citizen Lab, MVT

Behavioral Analysis

Anomaly detection, process injection, persistence

SS7 / IMSI Catcher

Network interception, cell tower anomalies

CDR Analysis

Call detail records, telephony surveillance

MDM Detection

Mobile device management, unauthorized control

Permission Audit

TCC database, app permissions, silent grants

Certificate Analysis

Root CA injection, VPN profiles, MITM detection

Jailbreak / Root

Device integrity, bootloader, SELinux status

C2 Communication

Command & control servers, suspicious domains, DGA

Process

How It Works

From device connection to forensic report in three stages

01

Collect

Connect the device via USB or receive a diagnostic file remotely through a secure QR-based upload link. iOS sysdiagnose and Android bugreport capture system-level logs without accessing personal data.

02

Analyze

LUMA runs a multi-layer scan: IOC matching against 15,000+ indicators, behavioral pattern detection across sensors and network, process anomaly scoring, and 8-scenario threat modeling.

03

Report

AI synthesizes findings into a court-admissible forensic report with Bayesian evidence weighting, full methodology documentation, and a clear verdict with confidence level.

Threat Detection

8 Attack Scenarios

Pattern-based detection of real-world attack techniques, from zero-click exploits to physical extraction

Critical

S1: Zero-Click Exploit

System daemon crash followed by covert sensor activation. Consistent with iMessage/WhatsApp zero-click exploitation.

Critical

S2: Night Surveillance

Sensors active during 01:00-06:00 with network data exfiltration. State-sponsored surveillance pattern.

High

S3: Sensor Cascade

Sequential activation of mic, camera, GPS, and Bluetooth within minutes. Programmatic intelligence collection.

Critical

S4: C2 Beaconing

Regular-interval server connections with asymmetric upload volume. Active command-and-control communication.

High

S5: Anti-Forensic

PT_DENY_ATTACH, truncated backtraces, SIGABRT in security processes. Hallmark of state-sponsored tools.

Critical

S6: Process Exploit

Daemon crash followed by anomalous process behavior. Privilege escalation via daemon restart vulnerability.

High

S7: Proximity Attack

WiFi or Bluetooth anomaly indicating close-range attack vector. Hotel, airport, and meeting scenarios.

High

S8: Forensic Extraction

Detection of Cellebrite, GrayKey, MSAB, and Oxygen tools. Identifies unauthorized physical forensic acquisition.

Intelligence

AI-Powered Analysis

Three-tier architecture with automatic failover ensures analysis quality regardless of connectivity

Cloud AI

LUMA AI Online

5-step forensic pipeline
  • Analyst terrain mapping and anomaly identification
  • Cross-examination of every finding
  • Scenario construction with weighted assessment
  • Evidence chain with full traceability
  • Hebrew Bayesian report assembly
Local AI

LUMA AI Offline

Deterministic engine + local LLM
  • Bayesian computation engine (no internet required)
  • Automatic RAM-based model selection
  • Negative evidence override for false positive reduction
  • MDM, antivirus, and App Store context awareness
  • IP reputation classification (80+ providers)
Auto Failover

Zero Downtime

Transparent fallback between tiers
  • Cloud AI unavailable? Local AI activates instantly
  • No internet? Deterministic engine runs offline
  • Same report quality across all tiers
  • Air-gap compatible for classified environments
  • Zero manual intervention required
Who Is LUMA For? >
Trust & Compliance

Built for Regulated Environments

LUMA is designed to meet the highest standards required by government agencies, law enforcement, and enterprise security teams.

GDPR Compliant
Court-Admissible Reports
Air-Gap Ready
End-to-End Encryption
Client Consent Framework
Get LUMA

Download

Available for Windows and macOS. Licensed for authorized security professionals.

💻

Windows

v1.7.7.5 - Installer (.exe)

Request Access

Windows 10/11 - 64-bit
Python 3.12 embedded

macOS

v1.7.7.5 - Disk Image (.dmg)

Request Access

macOS 13+ (Ventura or later)
Apple Silicon & Intel

Get Started

Need Answers About a Device?

Contact us to schedule a live forensic demo or discuss deployment for your organization.

Contact Us