UFED Physical/Logical Analyzer 4.2 offers efficiency improvements, decryption and enhanced decoding

PA42exclusive

 

 

 

 

The new Physical/Logical Analyzer release, version 4.2, is chock full of features and device support. From more efficient location mapping processes to improved decoding, this latest release is designed to accelerate your investigations and enable you to drill more deeply and intuitively into data from more than 15,000 devices.

Deeper location data analysis, more efficient workflows

UFED Physical/Logical Analyzer 4.2 offers a number of new enhancements with regard to location data. These enhancements offer more flexibility and efficiency by allowing you to access highly visual information more easily.

First, new offline map support offers maps view even when an Internet connection is not available or you are analyzing data at a workstation that is required to remain offline. Second, you can also now zoom in to locations in map view and see related event details. When you want to explore deeper relationships between locations, timelines, and analyzed data, you can jump from location information to its source event or timeline and vice versa.

Location information also allows you the ability to examine attached images, videos, audio, text, and other files identified during the data analysis process. The Data Files category in the project tree enables you to view and filter attachments within data files, locate the associated attachment event, and view its metadata and location information.

Do you frequently share your extracted UFDR reports with others using UFED Reader? Now, include the UFED Reader executable within the report output folder. This saves time for report recipients in locating, downloading, and using the UFED Reader application.

New app decoding and analysis functionality

UFED Physical/Logical Analyzer 4.2 also keeps pace with investigator demand for greater visibility into app data. Besides newly added support for apps installed on Android, iOS, and Windows Phone® devices, as well as updated support for 40 Android and 63 iOS app versions, the new release offers additional decoding and some decryption support, as well as improvements in the way app data—particularly chat app data—is displayed.

Added to analytics that show the most frequently used apps, app usage data now includes information about the last time a user launched a particular app, as well as for how long they used it. Also for the first time, view the number of messages per chat, which can help validate chats extracted using other tools that do not thread messages. Additionally, location data for chat messages is now available for export into all report formats.

Other apps-related support includes decryption of KeepSafe and WeChat apps, together with decoding support for WhatsApp VoIP call logs on Android devices. New WhatsApp support also includes the Read, Delivered and Played timestamps of outgoing WhatsApp messages for iOS, Android and BlackBerry® 10 devices. In addition, Twitter group chat messages are now displayed in Chats.

New device support includes physical extractions, decryption, and decoding

Disable the user lock for 159 Samsung Android models using SPR and SPM methods, depending on the device’s firmware version. In addition, Physical extraction with lock bypass and decoding is now supported for 58 LG Android devices released with Android version 4.2.x and above.

Decryption is now possible for physical extractions from generic Android and Samsung devices running Android 4.2 and below using a known password. Similarly, extract BlackBerry device backup data as part of file system extraction, and then decrypt the backup data with known BlackBerry ID credentials you retrieve via UFED Physical Analyzer.

Device information decoding is newly enhanced for all device types. For BlackBerry 10 this includes username, device model, PIN, IMEI, and device name; for Windows Phone devices, the information includes IMEI, IMSI, MEID, mobile operator ID, country, MAC address, and OS version. Device information for Android devices now includes the decoded Tethering ID and password, while iOS device product name and product type information are now included under device information.

Saving time in a death investigation

One Minnesota (US)-based detective working a death investigation used Physical Analyzer 4.2 to unlock a pattern locked Samsung Galaxy S5 (SM-G900V). Facing a lengthy and destructive chip-off extraction because the device did not appear to be supported for JTAG extraction, the investigator was able to run the device against a pre-release copy of Physical Analyzer 4.2. The extraction worked, and the investigator was able to use that evidence to continue building his case.

To learn more about how the new UFED Physical/Logical Analyzer 4.2 can help accelerate your investigations, download our release notes today!

New time-saving features arrive in UFED Physical Analyzer 4.1

With the release of UFED Physical/Logical Analyzer 4.1, Cellebrite offers new decoding and reporting features designed to improve investigative efficiency and enrich the degree of decoded data.

New, faster, and enhanced decoding

To start with, decoding extractions that are saved to a network drive is now up to 25% faster. New decoding support is available for a number of device models and data. These include JTAG extractions from seven new devices, as well as chip-off extractions from BlackBerry® devices running OS 10. Decoded BlackBerry 10 data includes several apps in addition to device data.

UFED Physical/Logical Analyzer 4.1 also improves on decoded location data from iOS devices. The device information now includes whether the device location service status is turned on or off, as well as whether location services were enabled for each app (and, if enabled, when it was last used). Additionally, UFED Physical Analyzer now displays recent and frequently visited locations tracked by iOS devices and maintained solely on the device.

New and updated app decoding is also available in UFED Physical/Logical Analyzer 4.1. This includes enhanced data carving from unallocated space for the ooVoo, Skype, VKontakte, and Odnoklassniki apps, and decrypted SnapChat pictures.

Also included is decoding for contacts and chats from the HeyTell and Truecaller Android and iOS apps, as well as bookmarks, web history, and emails from the Firefox app for Android. Updated decoding is available for a total of 34 Android apps and 30 iOS apps, including multiple app versions. Download the release notes to see a full list of apps and version numbers.

Efficiencies in reporting

Reporting also sees an improvement in speed, by up to 50% depending on report content for PDF and UFDR report processing. New reporting functionality allows you to export chat messages in conversation format, within PDF reports. As with previous version, select and unselect specific chats to include. Additionally, you can now include image thumbnails in PDF, Word, and HTML reports.

Another new feature stands to reduce confusion around daylight saving date and time stamps vs. UTC or standard times. UFED Physical/Logical Analyzer 4.1 includes a database containing start/end dates and times for countries that use daylight saving (DST). This data is available through 2018 and takes into account locations that do not adhere to DST. You can set a unified time zone for the project timestamps for the software to automatically adjust for DST.

Remember: End of life announcement for Windows XP

Following the recent announcement that Microsoft has officially ceased support for Windows XP on April 8, 2014, Cellebrite recommends installing UFED Series Software Products on 64-bit versions of Windows 7 and above. By February 28, 2015, the UFED Series will no longer support Windows XP.

IMPORTANT: This does not affect UFED Touch systems running on Windows 2009 Embedded Standard. The Windows Embedded Standard 2009 Operating System End of Life is scheduled for January 8, 2024.

For further information about the Windows XP end of life, please contact support@cellebrite.com.

Download the full release notes for additional details about these decoding and reporting features!

New UFED release delivers improved workflow, permission management, a new mobile app, and more

The new UFED 3.0 release is designed with front-line investigators in mind. From a new permission management and user authentication capability, to a much more streamlined extraction workflow and a mobile app that’s accessible from any iOS or Android device, the new UFED promises to make your work more efficient by getting you the data you need faster.

New user authentication and permission management

Many labs are struggling with backlog and the need for front-line investigators to get quicker access to information in order to begin or complete an investigation. However, doing so within the “right to know, need to know” boundaries of both legal authority and internal standard operating procedures and policies is important to retain community trust—whether you work in law enforcement or in the corporate environment.

The new UFED Permission Manager standalone application allows an administrator to create profiles and manage user accounts, including usernames and passwords, which enable users to perform specific extraction activities. Each profile contains access permissions, including operation rights per extraction type, content types and more.

Once these are created, the administrator can then export the users and profiles into an encrypted permission management file, and in turn into multiple UFED Touch and UFED 4PC units. This file activates user authentication, ensuring that only users with the right credentials can access the UFED and perform the extraction types they have permission to perform.

New smoother workflow

Customers have been asking for a more efficient extraction workflow, and we’re pleased to deliver it in UFED 3.0! Now start your extraction process in UFED Touch or UFED 4PC by selecting the device vendor, before proceeding to the specific device selection screen. The UFED interface then provides a list of supported actions for that device.

After installing the update, the UFED Touch/4PC application will notify you about the new workflow and provide instructions on first usage.

The new smoother workflow includes an Auto Detect feature. Connect a device and push the AutoDetect button on the main screen; AutoDetect will run automatically on UFED 4PC when the UFED Device Adapter is connected.

autodetect

New UFED Phone Detective mobile app

While in the field, use the UFED Phone Detective mobile application to look up extraction and decoding capabilities—as well as whether lock bypass is supported—for all device profiles supported by UFED hardware and software. Use your my.cellebrite.com credentials to login, then search by vendor and model.

Android_en_generic_rgb_wo_60

 

 

Download_on_the_App_Store_Badge_US-UK_135x40

 

New device, decoding and app support

New device support includes logical extraction for BlackBerry 10, physical extraction for a number of new Samsung devices, and Advanced Logical extraction for iOS 7.0.6/6.1.6.

New decoding support is available for enhanced locations decoding from file system and physical extraction of iPhone 4 running iOS 7.x, along with enhanced decoding of application permission to include permissions to location services. Enhanced decoding of contact list, call log, calendar, and tasks is now supported on Windows Mobile 6/6.5 physical extractions, as well as backup decoding from the latest devices running Android version 4.x.

New Android and iOS apps now supported for decoding include Burner (calls, contacts and SMS messages), WeChat, Badoo, BlackBerry Messenger, and Silent Phone. Additional decoding is also newly available for WhatsApp, Facebook, Gmail (for Android) and the new Line version for iOS.

For more information on these new features and support details, as well as a rundown of new UFED Physical/Logical Analyzer functionality, download our release notes here.