Advance your forensic expertise with Cellebrite’s new smartphone analysis course

Last week we announced the introduction of a new Advanced Training Pathway designed to enhance professional forensic expertise. The first in this series, the hands-on Cellebrite Advanced Smartphone Analysis (CASA) course, addresses the sometimes complex challenges that come with forensic examination of iOS, Android and Windows Mobile devices.

Those challenges include where and how SQLite databases—whose schemas can vary from device to device—store Android and iOS mobile app data via structures, files and functions; how to defeat passcodes and unlock iOS devices; and how to recover system and user artifacts.

Within the context of smartphones, strategies to obtain the data can include physical or file system extraction with user lock bypass, extracting and decoding device backup files from a synchronized computer, or extraction using JTAG or chip-off methodologies. Over the course of three days (a total of 21 hours), CASA students can expect to learn which of those and other methods work for various device types and families.

The first step in advanced analysis is to get past a device’s user lock. Watch the video below for information on how to do this using UFED solutions—and then be sure to register for the Cellebrite Advanced Smartphone Analysis class at the Cellebrite Learning Center!

Download training white paper

Prepare to tackle smartphones & JTAG with Cellebrite’s new Advanced Training Pathway courses

Smartphone operating and file systems, damaged and prepaid devices, and increasing amounts of data all present conundrums to mobile forensics examiners. It takes time to learn the intricacies of various device and OS versions, and time to sift through the gigabytes of data that each device can contain. These problems are compounded when a device is severely damaged and you have to send it out to a specialist lab to recover the evidence.

To help you build professional expertise to meet those challenges, Cellebrite is pleased to announce the addition of an all-new Advanced Training Pathway. Designed to enhance the forensic expertise you received from the CCPA Core Certification, the courses included in this pathway provide you with the specialized extraction and analysis skills you need to maximize the amount of evidence you can retrieve from smartphones and damaged devices:

  • The 3-day instructor-led Cellebrite Advanced Smartphone Analysis (CASA) course allows students to take an in-depth look at the challenges posed by iOS, Android, and Windows Phone® devices. The course covers the analysis of SQLite databases, issues related to iOS passcodes, and artifacts from the three major smartphone platforms.
  • The 3-day instructor-led Cellebrite JTAG Extraction and Decoding (CJED) class teaches participants about the methodologies, purpose, and origins of the JTAG process. Participants can expect hands-on practice with fundamental soldering skills, as well as with using UFED Physical Analyzer to decode JTAG extraction. A RIFF brand JTAG box, a Molex adapter kit, a class specific tool kit, and a Cellebrite soldering practice board will all be available for participants to take back with them.

Get the skills you need to maximize your mobile device evidence collection and analysis efforts. Register at the Cellebrite Learning Center today to advance your professional expertise!

New time-saving features arrive in UFED Physical Analyzer 4.1

With the release of UFED Physical/Logical Analyzer 4.1, Cellebrite offers new decoding and reporting features designed to improve investigative efficiency and enrich the degree of decoded data.

New, faster, and enhanced decoding

To start with, decoding extractions that are saved to a network drive is now up to 25% faster. New decoding support is available for a number of device models and data. These include JTAG extractions from seven new devices, as well as chip-off extractions from BlackBerry® devices running OS 10. Decoded BlackBerry 10 data includes several apps in addition to device data.

UFED Physical/Logical Analyzer 4.1 also improves on decoded location data from iOS devices. The device information now includes whether the device location service status is turned on or off, as well as whether location services were enabled for each app (and, if enabled, when it was last used). Additionally, UFED Physical Analyzer now displays recent and frequently visited locations tracked by iOS devices and maintained solely on the device.

New and updated app decoding is also available in UFED Physical/Logical Analyzer 4.1. This includes enhanced data carving from unallocated space for the ooVoo, Skype, VKontakte, and Odnoklassniki apps, and decrypted SnapChat pictures.

Also included is decoding for contacts and chats from the HeyTell and Truecaller Android and iOS apps, as well as bookmarks, web history, and emails from the Firefox app for Android. Updated decoding is available for a total of 34 Android apps and 30 iOS apps, including multiple app versions. Download the release notes to see a full list of apps and version numbers.

Efficiencies in reporting

Reporting also sees an improvement in speed, by up to 50% depending on report content for PDF and UFDR report processing. New reporting functionality allows you to export chat messages in conversation format, within PDF reports. As with previous version, select and unselect specific chats to include. Additionally, you can now include image thumbnails in PDF, Word, and HTML reports.

Another new feature stands to reduce confusion around daylight saving date and time stamps vs. UTC or standard times. UFED Physical/Logical Analyzer 4.1 includes a database containing start/end dates and times for countries that use daylight saving (DST). This data is available through 2018 and takes into account locations that do not adhere to DST. You can set a unified time zone for the project timestamps for the software to automatically adjust for DST.

Remember: End of life announcement for Windows XP

Following the recent announcement that Microsoft has officially ceased support for Windows XP on April 8, 2014, Cellebrite recommends installing UFED Series Software Products on 64-bit versions of Windows 7 and above. By February 28, 2015, the UFED Series will no longer support Windows XP.

IMPORTANT: This does not affect UFED Touch systems running on Windows 2009 Embedded Standard. The Windows Embedded Standard 2009 Operating System End of Life is scheduled for January 8, 2024.

For further information about the Windows XP end of life, please contact support@cellebrite.com.

Download the full release notes for additional details about these decoding and reporting features!