What good is a physical extraction without decoding? Well, it will still give you data—if you know how to carve. This can be a time-consuming process, and still may not get you all you need. Preferable is for automatic decoding to streamline the forensic examination, reconstructing the file system so that you can spend more time on analysis.
With the release of UFED Physical Analyzer 3.7, Cellebrite introduces decoding for more than 500 new devices which previously had only physical extraction support. These include:
- iPhone decoding, now with decryption support for encrypted file systems; new plist and bplist parsers; and deleted apps list recovery, so that these apps are now shown in the installed application table with a “deleted ” attribute .
- Support for 200 new Android devices with Android ID, Bluetooth MAC, IMEI, time zone and language locale shown in the “device info” section of the extraction summary folder.
- Full decoding for non-encrypted BlackBerry .bbb backup files, which supports the new Blackberry PC backup format. Decryption is also included for all devices through OS 6.x, together with enhanced string carver options for devices without decoding.
- New Nokia decoding support includes 30 BB5 devices with Symbian OS and non-Symbian OS. Nokia Symbian support includes an enhanced parser for content databases; decoding existing and deleted contacts, SMS, MMS and call logs; and decoding support for content in multiple languages.
- More than 40 new Samsung feature devices have been added, along with more than 20 enhanced LG devices and deleted contacts recovery support for Motorola V series devices.
- 90 new devices with Chinese chipsets can now be decoded, including recovery of the additional format variants of the device passcodes.
New release also includes UFED Logical Analyzer 3.7
The latest version also includes new features in UFED Physical Analyzer and UFED Logical Analyzer, together with new Android and iOS apps decoding. Among the new features: backward compatibility with UFED Report Manager file formats (URP) (as our Analyzer applications replace UFED Report Manager) and the ability to see whether an iPhone is jailbroken or an Android is rooted.
Both UFED Physical Analyzer and UFED Logical Analyzer can now perform advanced logical extraction from iOS devices. Data now includes contacts, SMS, MMS, app information, emails from jailbroken devices, databases and multimedia files.
Both pieces of software are now certified to run on Microsoft Windows 8. And don’t forget the new Android password carver included in UFED Physical Analyzer, courtesy of the CCL Group.
For more information, download our release notes!