Cellebrite will be exhibiting all over the map this October

October is gearing up to be a super busy month for Cellebrite! A wide variety of events are scheduled for Cellebrite all across the globe. Meet us in Prague, Moscow, Miami, Orlando, London, Beijing and Bogota, where we will be presenting the UFED product line, provide live demo’s, and deliver presentations on hot industry topics for e-Discovery, security and law enforcement markets.

e-Discovery

 Mobile users leave behind digital traces on their devices, which can come a long way in any legal proceedings involving criminal or civil matters. Electronically stored information on mobile devices (or mobile ESI) represents an important category of relevant information and is quickly becoming critical for wide variety of investigations and litigations including employment, fraud, intellectual property, securities, and others.

October 19-21: LawTech Europe, Prague, Czech Republic

Cellebirite will kick things off at the Clarion Congress Hotel in Prague for the LawTech (LTECH) Europe Congress. LTech brings together professionals in law, technology, governance, and compliance to address four core areas in digital forensics: Digital evidence, forensic investigations, cyber security and legal technology.  Yuval Ben-Moshe, Cellebrite’s Senior Director, Forensic Technologies, will deliver two presentations during the show:

  • Mobile Devices and Mobile ESI – Facts and Myths, together with Daniel Bican from Ernst & Young
  • Mobile Devices and Mobile ESI – Proactivity Goes a Long Way

(For further details on Cellebrite’s presentations, please see the show’s agenda: http://www.lawtecheuropecongress.com/)

Stop by booth #601 to learn about live demo sessions, where we will that cover current techniques and tools for data search and data collection from mobile devices.

October 23: e-Discovery & e-Investigations Forum, London, United Kingdom

Join us at the Park Plaza Victoria Hotel in London for a one-day e-Discovery and e-Investigations Forum to learn how Cellebrite addresses the challenges that are surfacing the e-Discovery domain for mobile data collection. Yuval Ben-Moshe, Senior Director, Forensic Technologies, will be presenting on ‘Mobile Devices and Mobile ESI – Facts and Myths,’ and enlightening the crowd on the need to retrieve mobile data in cases of litigation, regulation or investigation, and discuss the processes required to obtain information from mobile devices within a litigation process.

Attendees from legal, compliance, finance, HR, investigations and more, are welcome to our booth to learn about our expertise in mobile data retrieval and analysis.

Security

October 21-24: Intepolitex, Moscow, Russia

As LawTech ends, another exciting show begins for Cellebrite in Moscow. The Interpolitex is the largest homeland security exhibition in Russia, taking place, organized by the Ministry of Interior of the Russian Federation, Russian Federal Security Service, and Russian Federal Service for Military-Technical Cooperation.  Drop by booth #1C3-1 to learn about the UFED’s recent developments, and how Cellebrite’s mobile forensics solutions can help solve cybercrime.

october 23-24: Latin America and Caribbean Summit 2014, Miami, Florida

Join our LATAM Forensics Sales Director, Frederico Bonincontro, for a two-day summit in Miami. LATAM & Caribbean event is focused on assessing the current digital security landscape and threats in the Caribbean, Central and South America region. Stop by booth #20 to learn about Cellebrite’s latest product developments and how our solutions can help you tackle your mobile forensic challenges.

October 28-31: 2014 Security China

Cellebrite’s APAC team will head to Beijing to showcase the UFED Series at the China International Exhibition on Public Safety and Security. Cellebrite, a thought leader in mobile forensics, will be presenting the UFED line of products for the security industry in booth # E1F01.

Stop by our booth to meet the Cellebrite team!

October 29-31: Expodefensa, Bogota, Columbia

Cellebrite will end its October events at another prestigious government-level security show, Expodefensa, organized by the Ministry of National Defense of Colombia, and the High-Tech Corporation and the International Business and Exhibition of Bogota. Our LATAM team will head to Bogota, Columbia to showcase the innovative UFED Series.

Drop by booth #439, pavilion 6 to learn about UFED’s accomplishments in security and defense!

Law Enforcement

October 25-28: International Association of Chiefs of Police (IACP), Orlando, Florida

Later in the week in Orlando, Florida, Cellebrite USA representatives will be on hand at the 2014 International Association of Chiefs of Police Conference to demonstrate to police leaders at all levels how they can use a mix of training, policy, and technology to implement mobile forensics strategies in a post-Riley world.

Visit us at Booth #769 to learn more about how Cellebrite’s technical and training solutions accelerate investigations by affording investigators the ability to collaborate more readily with digital forensics examiners, supervisors, and prosecuting attorneys.

New time saving workflow capabilities in UFED 4.0: Translation, automated data carving, and more

UFED Release 4.0Efforts to obtain evidence and intelligence from mobile devices can be stymied by inefficiencies such as extra layers of work process, lack of access to a full range of tools, and other challenges both small and large.

UFED 4.0 continues Cellebrite’s track record of developing features that improve investigative workflows and save you time both in the lab environment and the field. Among the most significant time savers we’ve added to UFED Touch, UFED 4PC, and UFED Physical/Logical Analyzer: better Android data carving, language translation, a UFED Touch data preview capability, and better workflows overall.

Simple, efficient language translation

Reduce challenges associated with foreign language translation, including the need to rely on another person, or to copy/paste into an online tool. Either one takes time you may not have, and errors—especially with short words—can alter the meaning of content.

UFED Physical/Logical Analyzer 4.0 contains an offline translation solution that accurately translates both short and long words. Use it to translate selected content on demand, and to use filters in your language of choice. The translation engine keeps the source language, which you can see in the user interface, and you can include both the translation and the original source text in your report.

The UFED translation engine currently supports 13 languages, including English. Choose five free of charge when you access all the language packs from your my.cellebrite.com account. If you need more than five languages, you can purchase them directly from Cellebrite. Be sure to let us know if you need access to languages apart from what we offer!

Faster, more powerful data carving from Android unallocated space

Enhanced automated carving from Android devices’ unallocated space gives you access to much more—in some cases, double or triple the amount—of deleted data than previous data carving features allowed. Owing to a new algorithm, the carving process is now also faster.

While manual data carving is still an important part of forensic validation processes, Cellebrite redesigned the automatic data carving functionality to achieve more deleted data with greater precision, by dramatically reducing false positive and duplicate results.

Learn more about data carving when you take the Cellebrite Certified Physical Analyst course.

Save time in the field: Preview logical extraction data in UFED Touch

UFED Touch users may find themselves needing to preview evidence to decide whether a mobile device is worthy of deeper examination, or they need intelligence to decide an immediate course of action. UFED Touch now offers the option to view an HTML report that includes general device Information and the logical extraction data on the touch screen—without requiring a laptop.

Newly included in logical extractions, and therefore viewable with UFED Touch, are web history and web bookmarks. From iOS devices, the new UFED 4.0 feature extends logical extraction and preview capabilities to app data.

Balance time savings with process: capture images and snapshots with UFED Camera

Sometimes, taking screenshots of a mobile device is the only way to capture its evidence. This could be because you have no UFED with you in the field, or the device or certain data on the device isn’t supported for extraction with the equipment you have.

With UFED Camera, our new manual evidence collection feature, collect evidence by taking pictures or videos of a device. A single report contains any extracted information together with screenshots or video.

The ability to take screenshots can be important in the field, helping to substantiate a police officer’s, border patrol agent’s, or corporate internal investigator’s documentation of what s/he saw on the device during an initial scroll-through. (Remember to get consent or have another form of legal authority to show for it.)

In the lab, taking screenshots can help you to validate device extraction results – to show that the evidence in an extraction file existed on the evidence device.

For more details on these and other new and enhanced decoding and app support capabilities—including support for iPhone 6, 6Plus, & other Apple devices running iOS 8—download our release notes!

A case study on mobile victimology from #CACC2014

What is mobile victimology? The concept of “victimology” involves in-depth analysis of a victim’s life, including the normal and abnormal patterns of life over the days, weeks, even months leading up to a violent crime.

Mobile devices help this process because they are so intimately tied to an individual’s life that they often help to fill in incomplete or inaccurate witness statements, surveillance video footage, credit card receipts, and other information.

As this February 2014 article in Police Magazine noted:

Smartphones, GPS devices and other mobile media can be good starting points in any investigation, whether the victim is alive or deceased. The existing, deleted, and hidden data stored on them can help you develop leads to focus your investigation and move it forward. The data can also serve as corroborative or exculpatory evidence, along with mobile carrier data.

In a post-Riley world, of course, getting access to this degree of data requires proper legal authority: written consent, a search warrant, or a defensible exception to the search warrant requirement. Once you do identify the device as a nexus to a crime, however, its evidence can make all the difference.

Case study: mobile victimology in action

Last week at the Crimes Against Children Conference, Ronen Engler, senior manager of technology and innovation joined Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., to present how just this type of analysis helped prove how a rapist had premeditated the murder of his rape victim.

Their session was a corollary to a case study offered by the Dallas County District Attorney’s felony chief, Brandon Birmingham, together with Carrollton Police Det. Dena Williams and the DCDA’s special field bureau chief, Russell Wilson. Over that session, the three detailed how rapist-murderer Franklin Davis Googled the name and location of his victim, Shania Gray, as well as phrases like “Best way to get off a sexual assault charge” and “Gun shows in Mesquite,” after which point he purchased a gun and used social media to harass and intimidate Shania.

Davis also used a mobile app to spoof messages from Shania that appeared to recant her accusations against him, which he then used in his own defense. Our case study, published jointly with DriveSavers, shows how forensic examiners were able to prove definitively that not only had the messages come from his phone, not hers, but also the level of premeditation he engaged in. Davis was sentenced to death in November 2013.

Have a case study you’d like us to feature? Leave us a comment!

Bypassing Locked Devices: Q&A from Cellebrite’s webinar

{195d00af-385d-48ae-8c04-032a86166edf}_bypassing_webinar_header

Last month we hosted two webinar sessions on “Bypassing Locked Devices”, led by Mr. Yuval Ben-Moshe, Cellebrite’s Senior Director for Forensic Technologies. In these sessions, Yuval presented the challenges and solutions to bypassing locked devices, including Cellebrite’s proprietary boot loaders among other methods used to tackle locked devices.

The webinar is available for viewing at the bottom of this post. Meanwhile, participants asked a number of good questions, which we’ve compiled in this blog—including some that we didn’t have time to answer during the webinar.

Note: If you don’t see your question answered below, please leave a comment at the end of this post!

Basics of mobile device user lock bypass

Q: Using the UFED, can you gain access to the phone where the wrong passcode has been entered too many times and is now locked?

A: This depends on the device and the locking mechanism used by it. If the device is supported by a boot loader or JTAG, than the data can be extracted regardless of any locking mechanism or the number of times a wrong password was used.

Q: How far off is user lock bypass support for iPhone 5 and Blackberry devices?

A: Forensic extraction of data from iPhone 5 is achievable using of the .plist file from the paired computer. With locked Blackberry, at this point in time, examiners must rely mainly on chip-off or JTAG methods for specific models.

Q: If the element file is deleted, will it affect the function of the original pattern passcode?

A: This question refers to a method called disabling. The device will remain in a lock disabled mode until a new password can be configured via the device’s set-up menus.

Q: If an extraction fails or is interrupted, can I still parse the extracted content if it is incomplete?

A: A physical extraction that was interrupted cannot be decoded, because a full binary image is required in order for the decoding to reconstruct the full file system.

Q: Can the UFED bypass iOS 7+ with a user lock and a SIM lock?

A: Bypassing locked devices depends on the device hardware and not the iOS version running on it. That is, if iOS 7 is running on iPhone 4, physical extraction is achievable; however, if iOS 7 is running on iPhone 4s or a newer model, than a .plist file is required to enable data extraction.

Q: If a device employs a biometric lock, how does the UFED tackle the lock?

A: Bypassing a biometric lock depends on the device model. For example, for the iPhone 5, the UFED can bypass the biometric lock using the .plist file.

Sync devices and .plist files

Q: The webinar presents the paired computer method for iOS devices showing the Windows 7 path on a PC. Is there a specific location path for Apple MAC computers?

A: The path for the .plist file on Mac computers is: ~/Library/Application Support/MobileSync/Backup/

Q: Does the .plist appear on the user’s iCloud?

A: The .plist file is used for the communication between the device and the computer; hence, it does not appear in the user’s iCloud data.

Q: How do you employ the .plist file?

A: The process of using the .plist file is very simple: UFED will automatically detect the iOS device as being locked and request the .plist file.

Boot loaders and clients

Q: Will injecting a client or boot loader lead to evidence tampering?

A: The boot loader is uploaded onto the device’s RAM and is then deleted when the device powers off or restarts. Therefore, it is does not tamper with the evidence. In contrast, a client may write some data onto the device’s flash memory, yet it is still considered a forensically sound process if the investigator specifically documents what was written and on which partition/folder.

Q: If an extraction fails, is the client left on the device?

A: In some cases, when the extraction is interrupted abruptly, the UFED may not have enough time to uninstall the client, and some files may be left on the device. In this case, UFED provides a specific function to delete the client. This capability is under the UFED ‘Device Tools’ menu.

Q: Does the UFED Classic include the boot loader function?

A: The UFED Classic is also capable of tackling locked devices. However, it may not support the latest modern devices due to technical limitations with hardware. It is highly recommended to trade up the UFED Classic for a more advanced model, such as the UFED Touch or UFED 4PC.

User locks on prepaid devices

Q: Can the UFED bypass disabled data ports in burner phones?  JTAG/chip-off are options, but unlocking with a manufacturer code is possible. Can you support unlocking burner phones?

A: The UFED is able to bypass the locking mechanism for many low-end phones, a.k.a “burner phones” using a boot loader. While JTAG and chip-off are valid options, we recommend you first try unlocking the device with a UFED, since these methods are more complicated, time-consuming, potentially destructive, and expensive.

Q: How does the UFED bypass a prepaid phone with a locked data port?

A: Bypassing a user lock depends on the device itself.  If the data port is disabled, then the JTAG or chip-off methods are applicable here.

View the full webinar below:

Leave a comment if you have a question that was not answered above, or in the webinar itself!

GPS Forensics and Link Analysis in Cellebrite’s August Webinars

webinar_header

LATAM customers! Did you know that Cellebrite’s exclusive capability to perform TomTom triplog files decryption and decoding can help you add vital evidentiary data to your investigation?

Join us for the upcoming webinars on GPS Forensics and TomTom Trip-Log Decryption, which will be hosted by our forensics solutions experts in Spanish and Portuguese, and will include a Q&A session.

GPS Forensics and TomTom Trip-Log Decryption (en español)

Speaker: Carlos Silva

Date: August 06, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Spanish!

GPS Forensics and TomTom Trip-Log Decryption (em Português)

Speaker: Frederico Bonincontro

Date: August 15, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Portuguese!

Link Analysis: Identify connections between suspects, victims, and others in less time

Did you miss our previous webinar on the UFED Link Analysis? Cellebrite will be hosting an additional live English-language webinar this month.

Speaker: Shahaf Rozanski

Date: August 20, 2014 06:00 UTC, 15:30 UTC

Learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite’s Forensics Senior Product Manager, Shahaf Rozanski, as he presents real world use case scenarios from a wide range of crime categories. The webinar will include a Q&A session.

Register here for the webinar on UFED Link Analysis!

Would you like to receive a webinar on our forensics solutions in your language? Leave us a comment and we’ll arrange it for you!

To view a past webinar, please visit the Webinars section on our website:  http://www.cellebrite.com/corporate/webinars

Join Cellebrite at these 4 August events!

Cellebrite will be present at four events in the United States during the month of August. Visit us in San Diego, Calif., Santa Clara, Calif., Dallas, Tex., and/or Austin, Tex., to see our latest products demonstrated and to hear our subject matter experts talk about the latest issues and trends in mobile forensics.

August 5-7, 2014: San Diego and Santa Clara

Cellebrite will be at two California-based shows this week: National Technical Investigators Association (NATIA) and the Flash Memory Summit.

At NATIA, held in San Diego, senior trainer Keith Daniels will instruct a hands-on lab, “Extracting and Decoding Mobile Device Evidence with UFED Technology,” on Thursday, August 7 from  3:00-5:00 PM. Here, learn about timeline, analytics, mapping, and other analytical capabilities of the Cellebrite UFED Series, along with how best to preserve the evidence.

We’ll be exhibiting the UFED Series at Booth #417. Stop by with your NATIA “Bingo” card and ask one of our booth staff to stamp our logo on your card.  Once you have collected stamps from all the exhibitors featured on your card, turn the card in to event managers to be eligible for special prizes. These include, among others, a 2015 paid conference fee package!

The same week will see us in Santa Clara for the Flash Memory Summit, being held at the Santa Clara Convention Center. There, Ronen Engler, senior manager of technology and innovation, will present “Micro Storage, Macro Crimes” on Wednesday, August 6 from 8:30-9:35 AM.

In this session, understand how developments in data protection, prepaid and unsupported devices, and app proliferation challenge investigators, and what workarounds are available. Learn not only what can be retrieved, but also how examiners analyze it once they have the raw data—and what it all means for criminal cases both now and into the future.

August 11-14, 2014: Dallas

The week following will see Cellebrite exhibiting at the Crimes Against Children Conference (CACC) in Dallas, Texas at Booth #5. Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., will join Ronen Engler to present a workshop on “Mobile Victimology: How Mobile Data Can Help Focus Investigations.”

The workshop will take place Tuesday, August 12 from 10:00-11:30. Hall will be bringing to bear a case study on how DriveSavers forensic examiners used UFED Physical Analyzer to help prosecutors build a capital murder case against a rape and murder suspect in Texas. The case demonstrates what mobile device usage can reveal about victims, suspects, and where their paths cross via carrier call detail records, social media graphs, and other data sources.

CACC is sponsoring a tablet giveaway! Participants in this workshop will receive one entry for a chance to win this giveaway. To win, you must be present Wednesday evening at the social event. See the CACC’s final program for more details.

August 25-27, 2014: Austin

Cellebrite is proud to be a Gold Sponsor of the High Tech Crime Investigation Association (HTCIA)’s annual conference, held this year in Austin, Texas. In addition to exhibiting at Booth #201, we’re pleased to offer all conference participants the opportunity to attend our five lectures and hands-on labs.

Tuesday at 3:30PM, we’ll present a lecture, “Mobile Devices: Extraction Methods and Advanced Decoding,” covering forensic workarounds for recent advancements in mobile device hardware and operating systems, developments in data protection, prepaid and unsupported devices, and app proliferation. Learn not only what can be retrieved, but how to analyze it once you have the raw data.

Each hands-on lab, “Basic Mobile Device Extraction with Cellebrite UFED4PC” and “Introduction to UFED Physical Analyzer,” will be presented twice on Wednesday for a total of four sessions that day. Join Cellebrite Forensic Training staff to learn how to get the most from UFED extraction and analysis software.

Whether you’re new to Cellebrite or a long-time customer, we look forward to seeing you and hearing about your mobile forensics experiences!

Mark your calendar and join Cellebrite at US, India, or South Africa events this July

Cellebrite will be hosting three consecutive law enforcement/security-oriented events across the globe this July. Join us in the United States, India or South Africa, and experience a live demo of the UFED product line with all its latest features.

Palm Springs: National Association of School Resource Officer Conference (NASRO)

NASRO is dedicated to providing the highest quality of training to school-based law enforcement officers in order to promote safer schools and safer kids in the US.

From July 13 – 15 Cellebrite will be at NASRO’s annual conference in southern California, presenting the UFED Series to school resource officers, law enforcement personnel, and other school security/safety professionals.

Cellebrite staff will also be highlighting success stories of where our leading mobile forensics tool was used to help solve school related crime and violence. Look for us at Booth #11.

Johannesburg: Intelligence Support Systems (ISS) World 2014

As NASRO ends, the ISS World event begins in South Africa on July 15 – 17. ISS is a place where law enforcement, public safety, telecoms and the intelligence community turn for technical training and product selection. Cellebrite will be exhibiting at Booth #204.

As part of the ISS World Programs, Roy Shamir, Cellebrite’s Director of Sales, EMEA, will be providing a presentation on Trends in Mobile Forensics, including the UFED portfolio, during the ISS for Mobile Location, Surveillance and Signal Intercept track on Wednesday, July 16 from 14:00-14:30.

New Delhi: India International Police Expo 2014

Cellebrite will be showcasing its mobile forensics solutions at the International Police Expo in India on July 17 – 19. An exhibition focused on policing equipment, the Expo provides vendors and visitors with the opportunity to learn about new technologies and solutions that are shaping the mobile forensics industry, among other technologies related to safety and protection.

Visit with Cellebrite representatives there at Booth #60, and be sure to see Cellebrite APAC’s Jeremy Chua present on “International Trends of Mobile Device Forensics and Their Impact on Law Enforcement” July 19!

We hope to meet and greet with you at one of these upcoming shows!

New UFED release broadens decoding for extractions from prepaid, damaged devices

With the release of UFED Physical Analyzer 3.9.7, Cellebrite now offers improved decoding for the binary files resulting from JTAG extractions. This means that rather than have to carve or manually decode the image file, examiners can now save time with an automated process.*

JTAG (Joint Test Action Group) forensics is an advanced method of mobile data extraction. By taking advantage of a device’s test access ports (TAPs)—included in every mobile device model to aid in manufacturers’ quality assurance processes—examiners can unlock the device in order to gain access to raw data stored on the memory chip, and can thus obtain a full physical image of the memory.

Because it is non-destructive and affords the opportunity to access data from devices that have been altered or damaged in some way that makes them inaccessible using conventional mobile forensic extraction tools the JTAG technique is growing in popularity, with a number of examiners undergoing training to become proficient in the procedure.

The additional decoding support, made possible with generic chains, is now available for 110 tested devices, including Samsung, HTC, LG, ZTE, Nokia, Huawei, Casio, Pantech, and Kyocera models. Examiners can gain access to a rich set of data such as call logs, SMS, MMS, emails, media files, apps data, and locations.

Access the JTAG binary extraction files in UFED Physical Analyzer by using the “Open (Advanced)” feature and selecting the extraction and the appropriate JTAG chain. You can find step by step guidance, in Chapter 3, section 3.4.2.3 of the UFED Physical Analyzer manual.

JTag2

*Manual decoding is still valuable as a validation method for forensic examinations.

Convert GPS coordinates to physical addresses

See where your subjects are visiting, and how often they’re visiting, without having to manually convert GPS coordinates to physical locations. UFED Logical/Physical Analyzer now enables you to convert single or multiple latitude/longitude coordinates, in bulk, to their corresponding nearest address. It also allows you to search based on that information, using an advanced search capability.

Additional device and decoding support

The new UFED release, 3.0.7, includes physical extraction with lock bypass from an additional 40 devices including: Samsung Galaxy S4 and Note III families, and HTC devices. Additional device extraction support using the Android backup method is included, along with file system and logical extractions from Nokia Asha devices.

The new UFED Physical Analyzer release includes additional decoding support for physical extractions from 26 new devices, file system extractions from 25 new devices, usernames and passwords from the browser on Android devices, locations in deleted photo metadata from iOS devices running iOS 7 and above, and deleted call log, contact and calendar content from Microsoft® EDB embedded database within Windows® Phone devices. In addition, decryption support is now available for the WhatsApp backup database, identifiable by the .crypt7 backup file extension, which contains chat messages.

The Telegram and Instagram apps are newly supported for both Android and iOS devices. Decoding support for the Waze app is new for Android and updated for iOS devices; Facebook Messenger, Line, QQ, Skype, Twitter, WeChat, and Vkontakte, along with other apps, have been updated for Android and iOS as well.

For a full rundown of device and app support, view our release notes. Cellebrite is also offering a webinar on JTAG decoding and analysis in July. Register for the webinar here!

 

JTAG decoding, bypassing device locks, and link analysis in Cellebrite’s July webinars

webinar_header

Link Analysis: Identify connections between suspects, victims, and others in less time

On July 1, learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite Forensics Solutions Specialist Lee Papathanasiou for a 60-minute live webinar that details how link analysis methodology:

  • Helps you visualize communication links using multiple mobile devices’ rich data sets, including mutual contacts, calls, SMSs, MMS, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Filters data by time, date, number of contact times, and categories, and drills down to specific events.
  • Pinpoints whether entities were at the same place at the same time.
  • Allows you to share findings with colleagues and other investigators.

The webinar, including a Q&A session, will present real world use case scenarios from a wide range of crime categories. The session will also touch on key practical features of UFED Link Analysis, including timelines, advanced filters, and much more.

Register here for the July 1 webinar on UFED Link Analysis!

Bypassing Locked Devices: Learn How to Tackle One of the Biggest Challenges in Mobile Forensics

Pattern locks and passwords are becoming increasingly sophisticated and hard to crack, even for forensic examiners. Attempting to gain access to a locked device, especially with a complex pattern lock or passcode, is often only possible by using advanced forensic tools and techniques.

Don’t remain locked out from your evidence. Join Cellebrite’s forensic technical director, Yuval Ben-Moshe, for this 45-minute live webinar to learn about the UFED’s unrivaled ability to bypass locked phones without jailbreaking, rooting or flashing. You will learn:

  • Various methods to bypass locked devices, and a live demo of password extractions using the UFED.
  • How to use the extracted password to bypass other devices owned by the same person.
  • Physical extraction while bypassing any type of lock from 470 Android devices, including Cellebrite’s first to market capabilities for Samsung Galaxy S4 family.
  • Bypassing locks from counterfeit devices and phones manufactured in China.
  • How to run a plug-in that reveals pattern locks in Physical Analyzer.

Register here for the July 10 webinar on user lock bypass and extraction!

Automated JTAG Extraction Decoding with UFED Physical Analyzer

The growing popularity of JTAG forensics requires a great deal of resources and investment to obtain raw data stored on the device’s memory chip. It can take many hours for an examiner to transform the raw data into human interpretable evidence.

Cellebrite’s newly introduced decoding capabilities reduce the amount of time examiners have to spend on manually decoding, or carving, the large volume of extracted data. Join Cellebrite’s engineering product manager, Ronen Engler, for a 45-minute session on how you can take advantage of the UFED for JTAG decoding:

  • Easily import the binary file from a JTAG extraction into the UFED Physical Analyzer to draw accurate conclusions and report data.
  • Access this rich set of data to discover common artifacts, such as call logs, SMS, media files, e-mails, chats and locations.
  • Drill down into the binary file’s hex code through advanced search capabilities for finer grained information.
  • Decode the extractions from the widest range of devices, including popular Samsung, HTC, and LG, using a series of automated plug-ins and chains.

Register for the July 24 webinar to learn about Cellebrite’s efficient and cost-effective solution to decode and obtain forensically sound data from previously inaccessible devices.