Decryption, decoding and new functionality for UFED analytical software

UFED Physical Analyzer and UFED Logical Analyzer 3.8 bring a host of new decoding and decryption support, along with new functionality.

Apple and BlackBerry decryption capabilities

Depending on the user’s Apple account type (and not defined or controlled by the user), emails on devices running iOS 5.0 or higher may be encrypted with “elliptic curve.” In previous UFED Physical Analyzer versions, those emails were presented within the analyzed data section with an encrypted body. The new capability, available in file system and physical extractions performed via UFED Physical Analyzer, will present the encrypted email body for current emails.

Decryption of the BlackBerry WhatsApp database provides access to messages that were not previously accessible. The solution is applicable for cases in which the database was stored on the mobile device or SD card.

To decrypt the WhatsApp database, perform a physical or file system extraction from the BlackBerry device. These extractions should be opened using the open advanced function:

  • Click “Select a UFED extraction” and select the .ufd file of the physical extraction
  • Click “Zip file” and select the file system extraction (.zip file)
  • Click Finish

Other new support includes faster decryption and better handling of large encrypted iTunes backup files. With this release we are also offering decryption of BlackBerry’s REMF files.

Decoding support in UFED Physical Analyzer

UFED Physical Analyzer 3.8 adds decoding support for 142 new devices, including HTC, LG, Motorola and Nokia models, in addition to a number of models within the Samsung Galaxy family. Enhanced Android decoding support is also newly available for Samsung M9xx family and Motorola devices with NVidia chipsets.

Full support is also added for both iOS and Android versions of the Google Chrome, ooVoo, QQ, KeepSafe, and Yahoo! Email apps, as well as the iOS apps Facebook Poke, Find My Friends, and vBrowse; and Android apps drug vokrug, Sygic, Snapchat, Navfree, LinkedIn, Vaulty, My People, and the native email app on HTC devices.

UFED Physical Analyzer 3.8 also improves decoding of BlackBerry Messenger (BBM) attachments.

Enhanced Nokia Symbian device decoding includes information about the device, connected Bluetooth devices, cookies, wifi networks, installed apps, notes, WhatsApp and OVI maps apps, and email. The update also improves decoding of SMS, MMS and call logs, and allows for carving of deleted SMS from unallocated areas.

Finally, enhanced decoding is available on a number of feature Samsung and LG phones, including call log decoding from 57 Samsung and 30 supported LG CDMA devices, as well as SMS decoding from select Samsungs.

New functionality for UFED Physical/Logical Analyzer software

A new built-in viewer allows you to view all extracted locations on a map. The map function is based on Bing maps and requires an internet connection. (Note: KML files are still exportable to Google Earth.) The new function requires internet access and is only available to UFED Physical/Logical Analyzer users who have a valid, up-to-date license.

UFED Physical Analyzer now also enables users to verify a list of potential complex passwords from locked Apple devices, rather than entering single passwords one at a time. The verification does not affect Apple’s incorrect password locking mechanism. In addition, both UFED Physical Analyzer and UFED Logical Analyzer enable users to provide a plist file from the lockdown directory available on the suspect PC, instead of unlocking the Apple device before the extraction.

Finally, UFED Physical/Logical Analyzer now features a new “push” notification that will inform you when a new version is waiting for you.  If you are not connected to the internet, the notification will appear every three months.

Download the release notes here!

UFED Physical Analyzer 30-day Trial