Cellebrite adds first-to-market support for Galaxy S5, Galaxy Note 3, iOS 7.1.1

New UFED versions are out and with them, the first forensic support for two popular Samsung devices and the latest iOS version.

{5e356dfa-56ec-4394-a6ce-36556209b5b6}_Samsung-Galaxy-S5Launched April 11, Samsung’s Galaxy S5 accounted for 23 percent of mobile device sales in the United States and 18 percent of sales in Canada during its first weekend. Just one month later, Cellebrite is now offering logical and Android backup extractions and decoding from five S5 models.

{9a77d570-36c7-4529-8da2-42a7ea686e76}_Samsung-Galaxy-Note-3

UFED 3.0.6 also newly offers physical extraction with lock bypass and decoding from eight Galaxy Note 3 devices—a model which earned distinction in December last year for selling 10 million units in just 60 days—as well as logical extraction from three Galaxy S4 devices.

 

Finally, UFED 3.0.6 now supports logical and file system extractions and decoding from Apple devices running iOS 7.1.1, released just April 22. UFED Physical (or Logical) Analyzer 3.9.6 additionally offers advanced logical extraction from devices running this latest iOS, as well as file system and physical extractions and decoding from iPhone 4 running iOS 7.1.1.

For more information on the device models, read our release notes. To update your UFED, visit my.cellebrite.com today!

 

Decryption, decoding and new functionality for UFED analytical software

UFED Physical Analyzer and UFED Logical Analyzer 3.8 bring a host of new decoding and decryption support, along with new functionality.

Apple and BlackBerry decryption capabilities

Depending on the user’s Apple account type (and not defined or controlled by the user), emails on devices running iOS 5.0 or higher may be encrypted with “elliptic curve.” In previous UFED Physical Analyzer versions, those emails were presented within the analyzed data section with an encrypted body. The new capability, available in file system and physical extractions performed via UFED Physical Analyzer, will present the encrypted email body for current emails.

Decryption of the BlackBerry WhatsApp database provides access to messages that were not previously accessible. The solution is applicable for cases in which the database was stored on the mobile device or SD card.

To decrypt the WhatsApp database, perform a physical or file system extraction from the BlackBerry device. These extractions should be opened using the open advanced function:

  • Click “Select a UFED extraction” and select the .ufd file of the physical extraction
  • Click “Zip file” and select the file system extraction (.zip file)
  • Click Finish

Other new support includes faster decryption and better handling of large encrypted iTunes backup files. With this release we are also offering decryption of BlackBerry’s REMF files.

Decoding support in UFED Physical Analyzer

UFED Physical Analyzer 3.8 adds decoding support for 142 new devices, including HTC, LG, Motorola and Nokia models, in addition to a number of models within the Samsung Galaxy family. Enhanced Android decoding support is also newly available for Samsung M9xx family and Motorola devices with NVidia chipsets.

Full support is also added for both iOS and Android versions of the Google Chrome, ooVoo, QQ, KeepSafe, and Yahoo! Email apps, as well as the iOS apps Facebook Poke, Find My Friends, and vBrowse; and Android apps drug vokrug, Sygic, Snapchat, Navfree, LinkedIn, Vaulty, My People, and the native email app on HTC devices.

UFED Physical Analyzer 3.8 also improves decoding of BlackBerry Messenger (BBM) attachments.

Enhanced Nokia Symbian device decoding includes information about the device, connected Bluetooth devices, cookies, wifi networks, installed apps, notes, WhatsApp and OVI maps apps, and email. The update also improves decoding of SMS, MMS and call logs, and allows for carving of deleted SMS from unallocated areas.

Finally, enhanced decoding is available on a number of feature Samsung and LG phones, including call log decoding from 57 Samsung and 30 supported LG CDMA devices, as well as SMS decoding from select Samsungs.

New functionality for UFED Physical/Logical Analyzer software

A new built-in viewer allows you to view all extracted locations on a map. The map function is based on Bing maps and requires an internet connection. (Note: KML files are still exportable to Google Earth.) The new function requires internet access and is only available to UFED Physical/Logical Analyzer users who have a valid, up-to-date license.

UFED Physical Analyzer now also enables users to verify a list of potential complex passwords from locked Apple devices, rather than entering single passwords one at a time. The verification does not affect Apple’s incorrect password locking mechanism. In addition, both UFED Physical Analyzer and UFED Logical Analyzer enable users to provide a plist file from the lockdown directory available on the suspect PC, instead of unlocking the Apple device before the extraction.

Finally, UFED Physical/Logical Analyzer now features a new “push” notification that will inform you when a new version is waiting for you.  If you are not connected to the internet, the notification will appear every three months.

Download the release notes here!

UFED Physical Analyzer 30-day Trial

Cellebrite is at the SANS Mobile Device Security Summit this week!

Mobile Device Security Summit 2013  Anaheim  CAIn Anaheim (California) this week at the Disneyland Resort, IT and security architects, auditors, security analysts, inspectors general and other information security professionals are converging on the SANS Mobile Device Security Summit to discuss the policies, architectures and security controls that are becoming necessary to secure bring your own device (BYOD) environments.

Along with the case studies and other topics being presented, Cellebrite is presenting a Lunch & Learn. Director of Forensic Sales Sonny Farinas and Technical & Sales Engineer Lee Papathanasiou will speak about smartphone forensics including:

  • Cellebrite’s current extraction support & the unique R&D challenges faced when developing physical extraction and password bypass around Android, iOS, & BlackBerry platforms.
  • Overview of UFED Physical Analyzer’s decoding support including application data, location data, and malware detection

The Lunch & Learn will be held in the Magic Kingdom Ballroom 1. We are also exhibiting at the Sleeping Beauty Pavilion today and tomorrow from 9am to 5pm. If you’re in Anaheim, please stop by and say hello!

Unable to join the summit? All approved presentations will be available online following the Summit at https://files.sans.org/summits/mobile13.

Anticipating mobile forensics trends for 2013

Predictions abound this time of year. We’ve seen plenty for the mobile device, information security, and even digital forensics industries overall—but nothing for mobile forensics. We decided to ask a panel of six “power” Cellebrite customers for where they envision the field going this year.

Eoghan Casey, co-founder of CASEITE and a SANS Senior Instructor; John Carney, Chief Technology Officer at Carney Forensics; Cindy Murphy, computer crimes detective at the Madison (Wisconsin Police Department); Gary Kessler, associate professor, Embry-Riddle Aeronautical University; Heather Mahalik, mobile forensics technical lead at Basis Technology and a SANS Certified Instructor; and Paul Henry, principal at vNet Security and a SANS Senior Instructor all weighed in on trends in law enforcement, law, regulatory issues, and of course, mobile technology. Here’s what they told us:

Apps forensics comes into its own this year

“Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”

Smartphone platforms are still fluid

Android took 75% of the global market in Q3 of 2012, iOS dominates the bulk of bandwidth usage, and BlackBerry—whose new sales are still in steep decline—remains a legacy device which mobile examiners can continue to expect to see in their labs. And Windows Phone 8 may gain strength. Mahalik and Carney both foresaw a need for better forensic support for the platform this year.

Mobile forensics meets BYOD

“Bring your own device” spread rapidly across enterprises in 2012, and continues. Carney says this means “contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”

Expect more mobile malware

Malware is already rampant on Android devices, and this trend won’t decline. “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy,” says Murphy, who expects law enforcement to have to contend with it particularly in stalking, domestic violence and even child exploitation cases.

Regulatory and legislative landscape remains uncertain

Few lawmakers and judges understand the nature of mobile technology, yet they’re scrutinizing them much more closely than they did computers, according to Kessler. “This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pretrial discovery,” he says. Even so, look for mobile devices and the data they contain to take center stage in both civil and criminal investigations, as more civil litigators begin to realize their importance.

Click here to access “The Year Ahead for Mobile Forensics: Cellebrite’s Panel Predictions for 2013”