UFED Physical/Logical Analyzer 4.2 offers efficiency improvements, decryption and enhanced decoding

PA42exclusive

 

 

 

 

The new Physical/Logical Analyzer release, version 4.2, is chock full of features and device support. From more efficient location mapping processes to improved decoding, this latest release is designed to accelerate your investigations and enable you to drill more deeply and intuitively into data from more than 15,000 devices.

Deeper location data analysis, more efficient workflows

UFED Physical/Logical Analyzer 4.2 offers a number of new enhancements with regard to location data. These enhancements offer more flexibility and efficiency by allowing you to access highly visual information more easily.

First, new offline map support offers maps view even when an Internet connection is not available or you are analyzing data at a workstation that is required to remain offline. Second, you can also now zoom in to locations in map view and see related event details. When you want to explore deeper relationships between locations, timelines, and analyzed data, you can jump from location information to its source event or timeline and vice versa.

Location information also allows you the ability to examine attached images, videos, audio, text, and other files identified during the data analysis process. The Data Files category in the project tree enables you to view and filter attachments within data files, locate the associated attachment event, and view its metadata and location information.

Do you frequently share your extracted UFDR reports with others using UFED Reader? Now, include the UFED Reader executable within the report output folder. This saves time for report recipients in locating, downloading, and using the UFED Reader application.

New app decoding and analysis functionality

UFED Physical/Logical Analyzer 4.2 also keeps pace with investigator demand for greater visibility into app data. Besides newly added support for apps installed on Android, iOS, and Windows Phone® devices, as well as updated support for 40 Android and 63 iOS app versions, the new release offers additional decoding and some decryption support, as well as improvements in the way app data—particularly chat app data—is displayed.

Added to analytics that show the most frequently used apps, app usage data now includes information about the last time a user launched a particular app, as well as for how long they used it. Also for the first time, view the number of messages per chat, which can help validate chats extracted using other tools that do not thread messages. Additionally, location data for chat messages is now available for export into all report formats.

Other apps-related support includes decryption of KeepSafe and WeChat apps, together with decoding support for WhatsApp VoIP call logs on Android devices. New WhatsApp support also includes the Read, Delivered and Played timestamps of outgoing WhatsApp messages for iOS, Android and BlackBerry® 10 devices. In addition, Twitter group chat messages are now displayed in Chats.

New device support includes physical extractions, decryption, and decoding

Disable the user lock for 159 Samsung Android models using SPR and SPM methods, depending on the device’s firmware version. In addition, Physical extraction with lock bypass and decoding is now supported for 58 LG Android devices released with Android version 4.2.x and above.

Decryption is now possible for physical extractions from generic Android and Samsung devices running Android 4.2 and below using a known password. Similarly, extract BlackBerry device backup data as part of file system extraction, and then decrypt the backup data with known BlackBerry ID credentials you retrieve via UFED Physical Analyzer.

Device information decoding is newly enhanced for all device types. For BlackBerry 10 this includes username, device model, PIN, IMEI, and device name; for Windows Phone devices, the information includes IMEI, IMSI, MEID, mobile operator ID, country, MAC address, and OS version. Device information for Android devices now includes the decoded Tethering ID and password, while iOS device product name and product type information are now included under device information.

Saving time in a death investigation

One Minnesota (US)-based detective working a death investigation used Physical Analyzer 4.2 to unlock a pattern locked Samsung Galaxy S5 (SM-G900V). Facing a lengthy and destructive chip-off extraction because the device did not appear to be supported for JTAG extraction, the investigator was able to run the device against a pre-release copy of Physical Analyzer 4.2. The extraction worked, and the investigator was able to use that evidence to continue building his case.

To learn more about how the new UFED Physical/Logical Analyzer 4.2 can help accelerate your investigations, download our release notes today!

One-step multiple report formats, Link Analysis integration & more in UFED Physical/Logical Analyzer 3.9

The latest release of UFED Physical/Logical Analyzer (depending on your license) includes new features that respond to a variety of user needs.

First, you can now generate reports in multiple formats for several projects in a single step. Useful for case agents who must supply supervisors, intelligence analysts, translators, and others with the data they extract, this new feature saves time. Simply select the data and the required report formats (e.g. Word, PDF, UFDR etc.), and click “Finish.” This feature is supported in UFED Physical/Logical Analyzer and UFED Reader.

Another new time-saving feature is that you can now open your project in UFED Link Analysis directly from the UFED Physical Analyzer/Logical Analyzer and UFED Reader. If you’re a current UFED Physical/Logical Analyzer user, get a free UFED Link Analysis trial today with your UFED Physical/Logical Analyzer update. The trial will remain active till February 1.

Export SMS and MMS events to EML format directly from the analyzed data table. This is useful for showing all written communications – text messages and emails – together in a single timeline, when imported into third-party applications that support EML files. Each SMS and MMS message gets its own EML file.

Decoding: Devices and data types

Decode new and enhanced data types from various smartphone operating systems. Now supported for BlackBerry devices is the ability to view power-offs. This can be an important indicator of criminal activity; suspects are known to turn off their devices when trying to avoid either real-time detection, or leaving after-the-fact evidence of their travels. If an extraction reveals power-offs you wouldn’t expect during, say, waking hours, or during the subject’s normal patterns of life, that may offer new lines of inquiry for your investigation.

To view the powering log for a BlackBerry device, run the BlackBerry event log plug-in after the chain has been executed. View the data in the “Powering Events” table under “Analyzed Data” or as part of the Timeline.

UFED Physical/Logical Analyzer 3.9 also shows iOS and Android application permissions. Unsafe apps – those infected by malware, or not secured – can give the app permission to view contacts, text messages and other content without a user necessarily knowing it. This may be valuable in cases where a victim isn’t sure how private information was divulged. Find access permission data in the “Installed Applications” table (also available in the right pane).

Decoding support for physical extraction has also been added for 145 devices, including 118 Android devices; for file system extraction for 126 devices, including 97 Android devices; and for feature Samsung GSM and CDMA and LG CDMA devices. The new update also includes application support for the iOS apps Passbook, Wickr, and vBrowse; and Android apps Outlook.com, Google Maps and a new KakaoTalk version with encrypted data.

Find tethering information, iOS 7.0.x keychain decryption, Android data carving, various performance and functionality improvements, and many other features in UFED Physical Analyzer 3.9. If you’re not a current customer, take advantage of your free 30-day trial by clicking the below image:

UFED Physical Analyzer 30-day Trial