New iPhone 5s/5c, iOS 7 and Samsung Galaxy S4 support with UFED 2.2.0.0 and UFED Physical Analyzer 3.8.5

Cellebrite is proud to be the first and only mobile forensics vendor to support physical extraction, user lock bypass, and decoding on selected Galaxy S4 devices, Galaxy Tab, and Galaxy Note:

This new support already helped to rescue two small children from sexual predators in the US. While still in beta, our UFED 2.2 software enabled investigators to recover and parse text-messaging and other app data located within the Galaxy S4’s file system. The data showed two suspects communicating with one another, and as a result, enabled the investigators to locate both victims, take the suspects into custody, and build a strong case against them for both the assault and production of child pornography.

Extraction and decoding when iTunes backup is enabled

iTunes backup encryption has frustrated mobile forensics examiners for some time. Cellebrite customers would successfully extract an iPhone’s file system, but then find that UFED Physical Analyzer couldn’t parse the data. Without knowing the passcode for iTunes encryption, the data was simply unattainable.

As of today’s release, Cellebrite is now offering two new extraction methods from iOS devices that have iTunes backup encryption enabled, even if you do not know the password. Available with the Advanced Logical extraction option in UFED Physical/Logical Analyzer, the methods for iOS devices are:

  1. With the iTunes backup encryption enabled and without entering the password
  2. When the device is jailbroken

The extraction wizard presents the device model, iOS version, and iTunes backup configuration, and lists which data can be extracted using each method. The application indicates a specific recommended method per iTunes Backup configuration and jailbroken status.

Customers who asked for support around this feature received a beta version of Physical Analyzer 3.8.5. “I recently posted about an encrypted iPhone 5 where the phone did not have a pass code, but it did have the backup files encrypted,” said James Howe, an Ohio detective, on a listserv. “[With the new version of Physical Analyzer], I was able to access the phone’s contents and complete the exam. None of the other software I had access to did anything for me. It was a breeze once it got going.”

New physical extraction and decoding support for devices with Chinese chipsets

An update to UFED CHINEX adds support for physical extraction and decoding with user lock bypass not only for Android devices with MTK chipsets, but also for devices with an Infineon chipset. Added to existing extraction and decoding for MTK and Spreadtrum chipset devices, this means Cellebrite now supports 99 percent of “Chinese devices” currently on the market.

Download our release notes for full details about these versions. If you’re not yet a customer and would like to try the new iOS capabilities, try out UFED Physical Analyzer for 30 days free!

UFED Physical Analyzer 30-day Trial