Physical extraction & decoding, decryption breakthroughs headline UFED 4.1 release

With the release of UFED 4.1 and UFED Physical Analyzer 4.1.1, Cellebrite kicks off 2015 with breakthrough capabilities designed to solve some of investigators’ most challenging problems: Windows Phone 8, Jelly Bean/KitKat, and prepaid device extractions, as well as WhatsApp database encryption.

Physical extraction & decoding for Nokia Lumia, Android 4.2-4.4.3

Investigators who encounter Nokia Lumia devices can now circumvent the need for JTAG processes to bypass user locks and retrieve deleted data. Although Microsoft announced late last year that it will produce all Lumia models going forward, Nokia sold 17 million Lumia devices in 2013, and 90% of Windows Phone users own Lumia devices. With that in mind, UFED now supports user lock bypass, physical extraction and decoding of many of the most popular Lumia models, including 810, 820, 920, and others based on Windows Phone 8.0 and 8.1 operating systems.

New physical and file system extraction and decoding, along with improved password unlocking and extraction, is also available for Android devices running OS 4.2 (Jelly Bean) through 4.4.3 (KitKat). Devices such as the Samsung Galaxy series (S5, Nexus, Note 3, S3 Mini etc.) along with other leading vendors and models including LG, Motorola, and Sony are included in this release.

Prepaid device support for Tracfone, Samsung E1200R

Also solved: prepaid Android devices with locked or damaged ports, in particular Tracfone models popular in North America. Unlike other prepaid models that can be extracted using “paid” profile equivalents, Tracfone models do not have USB ports, and investigators could not get critical evidence. Cellebrite now offers an option to load a client over these devices’ Bluetooth connection, so that investigators can perform logical extractions.

New physical extraction and decoding support is now available for the internationally popular “burner” Samsung E1200R feature phone.

WhatsApp database decryption

Cellebrite’s first-of-the-year breakthroughs aren’t limited to extraction and decoding. We’re also introducing decryption for WhatsApp’s newly encrypted chat history database. For databases using the .crypt8 file extension, UFED Physical Analyzer 4.1.1 decrypts full content from WhatsApp, one of the world’s most popular messaging apps with 700 million monthly active users as of January 2015.

An easier-to-use interface

Rounding out Cellebrite’s update this month is a new, better organized home screen, which now groups extraction tools and other utilities into distinct areas. Users can now opt to extract a mobile device, SIM card, or USB device; operate UFED Camera; or access UFED device tools, rather than have to search for these capabilities within the pool of vendor icons.

Additionally, a new search screen supports three device identification methods: a simpler auto detect, a free text global device search, and a manual device search similar to the previous home screen (selecting vendor followed by model). The new interface offers better accuracy for investigators who need to search on an exact model number rather than, say, “iPhone 5.”

Learn more about UFED 4.1 and UFED Physical Analyzer 4.1.1 – download the release notes here!