New UFED release delivers improved workflow, permission management, a new mobile app, and more

The new UFED 3.0 release is designed with front-line investigators in mind. From a new permission management and user authentication capability, to a much more streamlined extraction workflow and a mobile app that’s accessible from any iOS or Android device, the new UFED promises to make your work more efficient by getting you the data you need faster.

New user authentication and permission management

Many labs are struggling with backlog and the need for front-line investigators to get quicker access to information in order to begin or complete an investigation. However, doing so within the “right to know, need to know” boundaries of both legal authority and internal standard operating procedures and policies is important to retain community trust—whether you work in law enforcement or in the corporate environment.

The new UFED Permission Manager standalone application allows an administrator to create profiles and manage user accounts, including usernames and passwords, which enable users to perform specific extraction activities. Each profile contains access permissions, including operation rights per extraction type, content types and more.

Once these are created, the administrator can then export the users and profiles into an encrypted permission management file, and in turn into multiple UFED Touch and UFED 4PC units. This file activates user authentication, ensuring that only users with the right credentials can access the UFED and perform the extraction types they have permission to perform.

New smoother workflow

Customers have been asking for a more efficient extraction workflow, and we’re pleased to deliver it in UFED 3.0! Now start your extraction process in UFED Touch or UFED 4PC by selecting the device vendor, before proceeding to the specific device selection screen. The UFED interface then provides a list of supported actions for that device.

After installing the update, the UFED Touch/4PC application will notify you about the new workflow and provide instructions on first usage.

The new smoother workflow includes an Auto Detect feature. Connect a device and push the AutoDetect button on the main screen; AutoDetect will run automatically on UFED 4PC when the UFED Device Adapter is connected.


New UFED Phone Detective mobile app

While in the field, use the UFED Phone Detective mobile application to look up extraction and decoding capabilities—as well as whether lock bypass is supported—for all device profiles supported by UFED hardware and software. Use your credentials to login, then search by vendor and model.






New device, decoding and app support

New device support includes logical extraction for BlackBerry 10, physical extraction for a number of new Samsung devices, and Advanced Logical extraction for iOS 7.0.6/6.1.6.

New decoding support is available for enhanced locations decoding from file system and physical extraction of iPhone 4 running iOS 7.x, along with enhanced decoding of application permission to include permissions to location services. Enhanced decoding of contact list, call log, calendar, and tasks is now supported on Windows Mobile 6/6.5 physical extractions, as well as backup decoding from the latest devices running Android version 4.x.

New Android and iOS apps now supported for decoding include Burner (calls, contacts and SMS messages), WeChat, Badoo, BlackBerry Messenger, and Silent Phone. Additional decoding is also newly available for WhatsApp, Facebook, Gmail (for Android) and the new Line version for iOS.

For more information on these new features and support details, as well as a rundown of new UFED Physical/Logical Analyzer functionality, download our release notes here.

Join us at LegalTech 2014 and learn about mobile ESI

This week we’re at the Hilton New York for LegalTech 2014, where we’ll be exhibiting UFED 4PC, UFED Touch, and UFED Link Analysis for e-discovery and litigation support practitioners.

Mobile e-discovery is still a nascent discipline, but text messages, data found in apps, and even GPS data have all proven relevant in employment, intellectual property, fraud, and other cases. At LawTech Europe Congress last October, Cellebrite forensic technical director Yuval Ben-Moshe moderated a panel of experts in discussing these issues at length.

Panelists Patrick Burke, e-discovery counsel at Reed Burke, and Damien Murphy, a barrister at Enterprise Chambers, agreed that they’d worked on several cases in which mobile evidence would have made the litigation go easier, while panelist Jo Sherman, founder and CEO of EDT, raised the point that better awareness is needed around what’s possible: a less document-oriented approach that considers how to find information in new ways, depending on the needs and circumstances of the case.

Watch the entire panel presentation in the video below. And, if you’d like to discuss further with our experts this side of the pond, visit us in New York at Booth #1503!

Does Windows XP’s end of life affect the UFED Touch?

UFED Touch continues to be Cellebrite's flagship hardware.In recent weeks we’ve gotten quite a few questions regarding the impending April 8, 2014 end-of-life date for the Microsoft® Windows® XP operating system. Specifically, customers are wondering whether the Windows XP life span affects the Windows-based UFED Touch platform.

We are happy to report that it does not. The UFED Touch runs the Windows Embedded Standard 2009 version, released on October 7, 2008. According to Microsoft, the end of life for Windows Embedded Standard 2009 doesn’t happen until January 8, 2024.

So, if you are in the process of procuring or evaluating the UFED Touch for your mobile forensics needs, please be assured that it will continue to be fully supported.

Cellebrite APAC assists NGO in the effort to end human trafficking

Human trafficking is epidemic across the world, perhaps especially in the Asia Pacific (APAC) region, where the prevalence of trafficked persons is more than twice the global prevalence. There, the non-governmental organization (NGO) NVADER assists law enforcement in identifying both victims and suspects in human trafficking crimes.

As NVADER founder and executive director Daniel Walker explains in the video below, human trafficking is one of the fastest growing forms of international crime, bringing US$32 billion in revenue each year to criminal organizations. That’s because it’s one of the lowest risk, highest gain forms of crime, with criminals selling and reselling women and children—and incurring low penalties even if they are caught.

That’s why Walker founded NVADER in 2012. Acting on tips from informants, other NGOs, or law enforcement agencies requesting assistance, NVADER spearheads intelligence-led operations to gather what Walker calls “compelling evidence” against human traffickers.

Yet investigators often found themselves with limited evidence. “During some of our operations in Southeast Asia, we saw that the police would leave the perpetrators’ cell phones on them and never seize them as evidence or of potential avenues for further investigation,” says Walker.

“It became apparent that they did not have the technology to properly analyze the cell phones.  Once of our volunteer staff who had used a UFED as part of an investigation in the New Zealand Police, suggested that we contact Cellebrite.” It was then that Terry Loo, of Cellebrite APAC, arranged to procure a donated UFED Touch to the NVADER team.

Next came training, not just for NVADER staff, but also for local law enforcement agencies, which the NGO empowers to do their own investigations. “Local police in Thailand, for example, now know that any cell phones can be examined. When we are on site they are much more willing to seize them and/or include them as part of the forensic search,” says Walker.

In a single year, the NGO rescued 40 women and children from Thailand, Laos, Cambodia, Myanmar, Kenya, Uganda and Rwanda, and has facilitated the successful arrest and prosecution of 14 perpetrators. Walker anticipates that the number of extractions will grow, from the five processed since the UFED donation, to many more.

And, while the NGO is still in its infancy, Walker further anticipates a strong showing in Thai courts. “We are opening an office in northern Thailand early next year and the UFED will be used much more frequently,” he says.

One-step multiple report formats, Link Analysis integration & more in UFED Physical/Logical Analyzer 3.9

The latest release of UFED Physical/Logical Analyzer (depending on your license) includes new features that respond to a variety of user needs.

First, you can now generate reports in multiple formats for several projects in a single step. Useful for case agents who must supply supervisors, intelligence analysts, translators, and others with the data they extract, this new feature saves time. Simply select the data and the required report formats (e.g. Word, PDF, UFDR etc.), and click “Finish.” This feature is supported in UFED Physical/Logical Analyzer and UFED Reader.

Another new time-saving feature is that you can now open your project in UFED Link Analysis directly from the UFED Physical Analyzer/Logical Analyzer and UFED Reader. If you’re a current UFED Physical/Logical Analyzer user, get a free UFED Link Analysis trial today with your UFED Physical/Logical Analyzer update. The trial will remain active till February 1.

Export SMS and MMS events to EML format directly from the analyzed data table. This is useful for showing all written communications – text messages and emails – together in a single timeline, when imported into third-party applications that support EML files. Each SMS and MMS message gets its own EML file.

Decoding: Devices and data types

Decode new and enhanced data types from various smartphone operating systems. Now supported for BlackBerry devices is the ability to view power-offs. This can be an important indicator of criminal activity; suspects are known to turn off their devices when trying to avoid either real-time detection, or leaving after-the-fact evidence of their travels. If an extraction reveals power-offs you wouldn’t expect during, say, waking hours, or during the subject’s normal patterns of life, that may offer new lines of inquiry for your investigation.

To view the powering log for a BlackBerry device, run the BlackBerry event log plug-in after the chain has been executed. View the data in the “Powering Events” table under “Analyzed Data” or as part of the Timeline.

UFED Physical/Logical Analyzer 3.9 also shows iOS and Android application permissions. Unsafe apps – those infected by malware, or not secured – can give the app permission to view contacts, text messages and other content without a user necessarily knowing it. This may be valuable in cases where a victim isn’t sure how private information was divulged. Find access permission data in the “Installed Applications” table (also available in the right pane).

Decoding support for physical extraction has also been added for 145 devices, including 118 Android devices; for file system extraction for 126 devices, including 97 Android devices; and for feature Samsung GSM and CDMA and LG CDMA devices. The new update also includes application support for the iOS apps Passbook, Wickr, and vBrowse; and Android apps, Google Maps and a new KakaoTalk version with encrypted data.

Find tethering information, iOS 7.0.x keychain decryption, Android data carving, various performance and functionality improvements, and many other features in UFED Physical Analyzer 3.9. If you’re not a current customer, take advantage of your free 30-day trial by clicking the below image:

UFED Physical Analyzer 30-day Trial

New in UFED Link Analysis: Call detail records, more information management

Since releasing UFED Link Analysis last April, we’ve received many requests from customers for the ability to import more data sources than just UFED extractions. UFED Link Analysis 2.0 gives you that capability, and more.

Multiple data formats

As sales engineer Ronen Engler explained in a recent webinar, call detail records can be an important source of additional data when a subject has another device you don’t have access to. As Ronen explains, you can add the records to the link analysis graph in the same way you would another device:

XML files can also be imported into UFED Link Analysis 2.0.

Ronen’s presentation highlights two other new features:

  • UFED Link Analysis already contains some carrier pre-sets, including AT&T, T-Mobile, Sprint and others. However, you can also map your own pre-sets for Microsoft® Excel® and comma or tab delimited files. UFED Link Analysis will automatically detect and identify recurrent pre-sets after that point.
  • Merge multiple entities. Suspects/victims may use more than one device, and have different details about their contacts in each one; call detail records may duplicate device call and text message logs. UFED Link Analysis allows you to easily merge the multiple entities to become a single entity with all the information from all sources. (Of course, you can also split merged entities. Any newly added information can be assigned to one of the entities as part of the split function.)

Other new features: watch list; more information per subject and entity

UFED Link Analysis 2.0 brings the popular watch list feature, which lets you automatically highlight keywords relevant to your investigation. Define a list of keywords relevant to a case category – say, narcotics, vice or case-specific key names and words – then activate the watch list on open reports. Color code each watch list based on its importance; filter the data it turns up. You can also share the watch list with other authorized personnel by using the export and import feature.

Person information now contains additional data types available from the UFDR file including images, videos, calendar events, notes and passwords. In addition, use the new Edit Entity function to manually add new information, including custom fields, to entities found on the device, including pictures, personal and contact details.

UFED Link Analysis is valuable on a wide range of cases. Link multiple suspects, suspects and victims, and other persons of interest in a wide range of cases. For more information, and to make an inquiry, visit our product page.

Webinar: Link analysis for everyday investigations

Mutual connections in UFED Link AnalysisLink analysis isn’t just for gang, fraud, narcotics, or other large-scale or complex investigations. It’s also useful in a wide variety of “everyday” crimes: prostitution, assault, even homicide and property crimes.

Whether you’re a detective or investigator that does mobile forensics part-time, or a dedicated digital forensics analyst, link analysis can help you focus and direct your investigation or analysis. In Cellebrite’s next upcoming webinar, learn how to rapidly visualize key relationships and identify the connections and communication methods between known and potential victims and suspects.

The session will touch on key features from Cellebrite’s UFED Link Analysis software, including:

  • Communication links between multiple mobile devices and their contacts, calls, SMSs, MMSs, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Visual data representations that show how entities are connected
  • Data filtering by time, date, number of contact times, and categories
  • Bidirectional and unidirectional communications patterns between entities
  • Location analytics that show whether entities were at the same place at the same time

You’ll also learn how to share your findings with colleagues, supervisors, attorneys and others who require the information.

Use this link to register for one of 6 scheduled sessions:

Tuesday, 03 December 2013

Session 1: 8am PDT / 11am EDT / 4pm GMT / 6pm Eastern Europe
Session 2:  1pm PDT / 4pm EDT / 9pm GMT / 11pm Eastern Europe

Wednesday, 04 December 2013

Session 3:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 4:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

Thursday, 05 December 2013

Session 5:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 6:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

We look forward to seeing you in Cellebrite’s next webinar!

New iPhone 5s/5c, iOS 7 and Samsung Galaxy S4 support with UFED and UFED Physical Analyzer 3.8.5

Cellebrite is proud to be the first and only mobile forensics vendor to support physical extraction, user lock bypass, and decoding on selected Galaxy S4 devices, Galaxy Tab, and Galaxy Note:

This new support already helped to rescue two small children from sexual predators in the US. While still in beta, our UFED 2.2 software enabled investigators to recover and parse text-messaging and other app data located within the Galaxy S4’s file system. The data showed two suspects communicating with one another, and as a result, enabled the investigators to locate both victims, take the suspects into custody, and build a strong case against them for both the assault and production of child pornography.

Extraction and decoding when iTunes backup is enabled

iTunes backup encryption has frustrated mobile forensics examiners for some time. Cellebrite customers would successfully extract an iPhone’s file system, but then find that UFED Physical Analyzer couldn’t parse the data. Without knowing the passcode for iTunes encryption, the data was simply unattainable.

As of today’s release, Cellebrite is now offering two new extraction methods from iOS devices that have iTunes backup encryption enabled, even if you do not know the password. Available with the Advanced Logical extraction option in UFED Physical/Logical Analyzer, the methods for iOS devices are:

  1. With the iTunes backup encryption enabled and without entering the password
  2. When the device is jailbroken

The extraction wizard presents the device model, iOS version, and iTunes backup configuration, and lists which data can be extracted using each method. The application indicates a specific recommended method per iTunes Backup configuration and jailbroken status.

Customers who asked for support around this feature received a beta version of Physical Analyzer 3.8.5. “I recently posted about an encrypted iPhone 5 where the phone did not have a pass code, but it did have the backup files encrypted,” said James Howe, an Ohio detective, on a listserv. “[With the new version of Physical Analyzer], I was able to access the phone’s contents and complete the exam. None of the other software I had access to did anything for me. It was a breeze once it got going.”

New physical extraction and decoding support for devices with Chinese chipsets

An update to UFED CHINEX adds support for physical extraction and decoding with user lock bypass not only for Android devices with MTK chipsets, but also for devices with an Infineon chipset. Added to existing extraction and decoding for MTK and Spreadtrum chipset devices, this means Cellebrite now supports 99 percent of “Chinese devices” currently on the market.

Download our release notes for full details about these versions. If you’re not yet a customer and would like to try the new iOS capabilities, try out UFED Physical Analyzer for 30 days free!

UFED Physical Analyzer 30-day Trial

Join Cellebrite for IACP, LTEC and Interpolitex this October 2013

Cellebrite is sponsoring and/or exhibiting at the following events this month. We hope you’ll join us to learn more about mobile forensics’ importance in a variety of sectors worldwide, and of course, about the latest additions to the UFED Series!

IACP Annual: October 19-23

IACP_headerThe International Association of Chiefs of Police is holding its annual trade show and expo at the Pennsylvania Convention Center in Philadelphia, PA, USA this year. This is the place for law enforcement command staff to learn about how our solutions minimize the time and effort needed to gather mobile device evidence.

If you’re a law enforcement decision maker, join us in Booth #2760 to learn more about the UFED 4PC and UFED TK, as well as our flagship UFED Touch and our investigative tool, UFED Link Analysis.

Lawtech Europe Congress: October 21-22

LawTech Europe CongressThis annual Prague, Czech Republic event focuses on electronic evidence, computer forensics, cyber securityand legal technology. As blogger Chris Dale wrote, “It is not therefore just an eDiscovery conference, although eDiscovery is about evidence, it depends on forensics, it increasingly overlaps with cyber security and it is obviously about legal technology.”

Join Cellebrite’s forensic technical director, Yuval Ben-Moshe, for two speaking opportunities. On October 21, he’ll be speaking about how data stored in mobile devices can be essential to e-discovery and civil proceedings just as it is for criminal ones. The following day, Yuval will moderate a panel that examines the various aspects of mobile ESI admissibility, privacy, and proportionality.

Interested EUR20 delegates who are located remotely will be able to view these and other sessions via Cisco Live Video Streaming. If you qualify, please register for the streaming sessions here.

In addition, LTEC’s “Meet the Solution Providers” facility allows you to avoid any queue at the conference if you need your questions answered by the array of solution providers. Schedule your meeting here.

Finally, Cellebrite has access to a limited supply of all-access passes to LTEC next month. Use the pass to join us with full access to the conference and exhibit hall; meet leading European legal technology professionals and experience the latest technological advancements. To obtain your pass, please leave us a comment and we will get back to you with more details.

We encourage you to register and take advantage of the spectrum of activities at LTEC. We look forward to seeing you!

Interpolitex 2013: October 22-25

interpolitexAt the Moscow, Russia-based Interpolitex, our booth is located in the All-Russian Exhibition Centre’s main hall in the International Exhibition of Police Systems and Equipment area. Join us in Booth #1C11-2 as we introduce UFED 4PC and UFED TK to our Russian law enforcement customers, and continue to promote the other tools in the UFED Series.