Forensic Analysis

Was This Device Compromised?
LUMA Finds Out.

LUMA is not a security product that runs in the background. It is a forensic investigation tool. Connect a device, run the analysis, and get a clear answer: was this phone attacked - today, last week, or a year ago.

Antivirus Can't Find What Was Already There

Real-time security products protect going forward. But they can't tell you if a device was already compromised before they were installed. Zero-click exploits leave no visible trace. Stalkerware hides as system services. State-sponsored tools erase their own logs.

LUMA works differently. It performs a forensic examination of the device's history - crash logs, sensor activity, network behavior, permissions, and process data - and produces an evidence-based report showing whether the device was attacked, when, and by what.

15,000+
Known Threat Signatures
8
Attack Patterns Analyzed
iOS + Android
Both Platforms
< 30 min
Scan to Report
Retrospective Threat Investigation

Uncover Attacks That Already Happened

LUMA scans the device's forensic history against known indicators of the world's most advanced surveillance platforms. If a device was compromised last month or last year, the traces are still there. LUMA finds them.

Pegasus

NSO Group (Israel)

Predator

Cytrox / Intellexa (EU)

Candiru

Candiru (Israel)

QuaDream

QuaDream (Israel)

Hermit

RCS Lab (Italy)

Op. Triangulation

Unknown Origin

NoviSpy

Serbian Intelligence

Wintego Helios

Wintego (Israel)

WyrmSpy

APT41 (China)

Commercial Stalkerware

600+ known apps

15,000+ indicators of compromise from Amnesty Tech, MVT Project, and specialized intelligence sources. Updated regularly.

For TSCM Professionals

Expand Your Service with Mobile Forensics

Your clients already trust you to sweep their offices. Now you can answer the question they always ask: "What about my phone?"

  • 1 Plug and scan - Connect the device, generate a sysdiagnose or bugreport, and get a full forensic report. No mobile forensics background needed.
  • 2 Court-ready reports - Multi-language reports with Bayesian methodology, evidence chain, and clear verdict. Accepted by legal teams and courts.
  • 3 Remote scanning - Send a secure QR link. The client uploads from their phone. You analyze from your office. No travel required.
  • 4 AI does the analysis - LUMA's engine handles the interpretation. You get a clear, professional assessment without reading thousands of log lines.

New Revenue Stream

Add mobile threat scanning to your existing TSCM services. Clients expect it.

No Training Required

If you can run a USB cable, you can run LUMA. The AI handles the forensics.

Client Confidence

Hand your client a branded forensic report instead of a verbal "looks clean".

Multi-Platform

iPhone and Android in the same tool. One workflow for both platforms.

For Enterprise Security

Know If Your Executives Were Compromised

A single compromised phone can expose board-level discussions, M&A plans, and client data. Your security products protect going forward, but can they tell you what already happened? LUMA performs a forensic check and gives you a clear answer.

  • 1 Executive device audits - Periodic forensic checks for C-suite, board members, and sensitive roles. Find out if their device was targeted, and document the findings.
  • 2 Incident response - Suspected leak? Scan the device within minutes and get a clear answer. No need to ship the phone to an external lab.
  • 3 MDM-aware - LUMA recognizes 33+ MDM vendors and 24 security products. No false positives from your own security stack.
  • 4 Compliance-ready - GDPR compliant. Reports include full methodology, evidence, and a tamper-proof hash. Audit-friendly by design.

In-House Capability

Stop outsourcing device checks. Your IT security team can run LUMA independently.

No Data Leaves

All analysis runs locally. Diagnostic logs never leave your machine. Zero cloud dependency.

Fast Turnaround

From device connection to full report in under 30 minutes. No waiting for lab results.

Stalkerware Detection

600+ commercial surveillance apps in the database. Domestic threats are real too.

For Government & Defense

Forensic-Grade Investigation for Sensitive Environments

When your threat model includes Pegasus, Predator, and nation-state actors, you need to know if a device was targeted. LUMA performs deep forensic analysis offline, in air-gapped networks, and produces court-grade evidence of what happened.

  • 1 Air-gapped operation - Fully offline. No internet connection, no cloud, no external API calls. Install it on a secured workstation and go.
  • 2 State-sponsored detection - IOC databases from Amnesty Tech, MVT Project, and specialized sources. Covers Pegasus, Predator, Candiru, QuaDream, Hermit, and more.
  • 3 Zero-click scenario detection - 8 specialized threat scenarios including zero-click exploits, night surveillance, C2 beaconing, and forensic extraction detection.
  • 4 Deterministic verdicts - The computation engine produces the same result every time, on every machine. No randomness, no model drift. Audit-proof.

On-Premise Only

Enterprise edition runs entirely on your infrastructure. Nothing leaves the building.

Multi-Language Reports

Hebrew, English, Russian, Spanish, Arabic. Ready for international operations.

Forensic Extraction Awareness

Detects if the device was previously acquired by Cellebrite, GrayKey, or similar tools.

Contractor Licensing

Deploy to field teams under managed licenses. Central oversight, distributed operation.

When Do You Run a LUMA Scan?

LUMA is not always-on software. It is used at specific moments when you need to know: was this device compromised?

Pre-Meeting Sweep

Scan executive phones before sensitive board meetings or negotiations. Verify the device was not compromised before the meeting.

Employee Onboarding

Verify personal devices are clean before granting access to corporate resources. Baseline the device state.

Whistleblower Protection

Verify a source's phone is clean before accepting sensitive communications. Document the check with a forensic report.

Divorce & Legal

Suspected stalkerware on a client's device. Run a scan, generate a court-admissible report, provide evidence.

Travel Security

Post-trip scan after visiting high-risk countries. Detect proximity attacks, rogue WiFi, and new surveillance indicators.

Incident Investigation

Data leak suspected. Scan all relevant devices. Get a structured, comparable report for each one.

Ready to Add LUMA to Your Toolkit?

Contact us for a live demo, pricing, or deployment consultation.

Contact Sales Back to LUMA

< Back to LUMA

© 2026 LUMA - by TSCM Intelligence Agency Ltd. (515887677). All Rights Reserved.