Reason #2 to vote Cellebrite for a 2016 Forensic 4:cast Award

In a previous blog, we mentioned that Cellebrite deserves a Forensic 4:cast Award this year for being consistently first and often unmatched, by bringing critical mobile forensic innovations to your work environment. Just yesterday, we released a solution to decrypt WhatsApp’s new backup database encryption- crypt9, in UFED Physical Analyzer 5.0.2.

We are grateful to the loyal UFED user community and to the digital forensic community for nominating Cellebrite, and would like to ask for your support again by voting for us in the following categories:

  • UFED Touch for phone forensic hardware of the year
  • UFED Physical Analyzer/ UFED4PC for phone forensic software of the year
  • Digital forensic organization of the year

If you haven’t already voted, here is the second reminder why Cellebrite deserves the Forensic 4:cast Awards:

Industry-first support for the most popular brands and models

We get access to more than 100 new handsets per month, which helps us keep pace with device support for the forensic community and capture the next wave of mobile challenges for forensic investigators. UFED 5.0 already supports the new and popular Samsung Galaxy S7 for file system and logical extractions. With approximately 10 releases a year, hundreds of newly supported device profiles are added for each release, including support for new operating system versions, and all supported are tested by Cellebrite’s R & D team. Just recently, with the release of UFED 5.0, we’ve bumped our device profile support up to 19,203.

We continue to innovate the industry, and to expedite your investigation by providing you with unmatched access to case-critical evidence. UFED 5.1, to be released in the coming weeks, is already packed with hot industry-first capabilities, including a new proprietary method to disable user lock for many additional Samsung devices, and lock bypass for popular LG models. Stay tuned!

Does UFED play an important role in your investigations? If you think so, then vote for us today!  

ForensicFocus_728x90_4cast_Vote_30mar2016

 

Reason #1 to vote Cellebrite for a 2016 Forensic 4:cast Award

For the eighth consecutive year Cellebrite has been nominated by our dedicated UFED users and the digital forensic community in recognition of our success in delivering the most innovative and functional mobile forensic tools.

Thanks for your nominations in the following categories:

  • UFED Touch for phone forensic hardware of the year
  • UFED Physical Analyzer and UFED4PC for phone forensic software of the year
  • Digital forensic organization of the year

If you haven’t already voted, here is a good reason why Cellebrite deserves the Forensic 4:cast Awards:

Consistently First, Often Unmatched

Cellebrite’s UFED consistently brings critical mobile forensic capabilities first to the lab and field, and many of these capabilities remain unmatched for months or years. Just in our last two releases (4.5 and 5.0) we included 26 industry-first capabilities, and 22 are still exclusive for Cellebrite. Our recently released UFED 5.0 includes industry-first features and functionality that make your life easier, and your investigation more efficient – this includes a new validation capability, and unifying multiple extractions in a single unified report. We were also quick to include support for file system and logical extractions for the recently launched Samsung Galaxy S7 and iPhone SE.

Our innovation timeline will further demonstrate why we are the undisputed pioneer in breakthrough device specific mobile forensic capabilities. With UFED, chances are you will have these critical capabilities when you need them, when they are essential to your investigation, and well before any other tool currently on the market.

So in a nutshell, you can count on us to continue being the first to provide you with the most innovative, extensive and technologically advanced mobile device support in the industry.

Does UFED play an important role in your investigations? If you think so, then vote for us today!  

ForensicFocus_728x90_4cast_Vote_30mar2016

Save critical investigation time with UFED Reader: Q&A from Cellebrite’s webinar

In the past several years, cases involving computer hard drive forensics have declined while mobile forensics have risen, increasing demand to analyze digital evidence off mobile devices. Typically, the forensic lab examiner will generate reports with all the extracted data from the device and send it over to the investigator, who has to review all the data in order to find the relevant piece. This may mean sifting through hundreds, even thousands of pages from several devices in order to find the needle in the haystack.  In some cases, the investigator may discover that you need additional data that was not even supplied.

In a recent webinar, we presented the UFED Reader, a free and easy to use digital tool that helps you review the report files generated from analyzed data of a physical, file system, or logical extraction by UFED Physical Analyzer and UFED Logical Analyzer.

blog nov 23

The webinar is available for viewing at the bottom of this post. Meanwhile, participants asked a number of good questions, which we’ve compiled in this blog- including some that we didn’t have time to answer during the webinar.

Q: Can UFED Physical Analyzer create a .ufdr file that contains all the artifacts, including pictures, videos, SMS, MMS, etc.?

A: UFED Reader is able to create massive .ufdr files, even from phone dumps that are over 16 gig.

Q: Where is the UFED Reader file located?

A: UFED Reader executable file can either be forwarded from the forensics lab with a report, or it can easily be downloaded from the customer portal at my.cellebrite.com.

Q: Can I also see shared data between different reports using the reader?

A:  You can open different reports using the reader, it can be different reports of the same device or even reports related to different devices. However, each project is handled separately. You can perform searches on all projects but the views are separated. SMS’s, contacts, locations, all these are presented per project, also the timeline and reports are not shared. If you need to see connections and links, it is recommended to use UFED link Analysis; which enables you to open up to 100 data sources, and see the links between different data extractions.

Q: For multi-jurisdictional investigations how can you import an XRY file for parsing by a UFED?

A: While UFED Reader cannot open XRY reports, UFED Link Analysis has the ability to open external reports, and provides a joint view of both Cellebrite and XRY reports.

Q: Can you generate a report containing only bookmarked items?

A: Yes, UFED Reader provides you with an option to include entity ‘bookmarks only’ which incorporates bookmarked items only in the report output. Bookmarking highlights the evidence that is relevant to the case, and UFED Reader provides the option to include in the report only the artifacts that are important for that investigation. As a result, the report generated is concise, short and protects personal data that is not relevant to the case.

Q: Which mobile device operating systems are supported by the UFED Reader?

A: Cellebrite supports all known and familiar operation systems, and all devices that can be extracted and decoded using the UFED Series (including Touch/4PC/Logical/Physical) Analyzer) can be opened by the UFED Reader- meaning any .ufdr report generated can be opened by the UFED Reader.

Q: Are there chat-threading capabilities within the UFED Reader module?

A: In the Chats view, you will see a list of chat messages extracted from the device, including third-party app, such as Whatsapp or Snapchat messages. This view provides information about the chat, such as start date and time, participants, source and number of messages, which are also listed chronologically on the right pane in full detail (including body of messages and attachments). The conversation view layout option is also available for easier and better tracking over the communication between two or more parties. You can search for messages within a chat, select the messages to include within a report, print, or export the conversation.

Q: Is it possible to see restored deleted information from mobile devices?

A: Cellebrite has the ability to extract and decode deleted information from mobile devices, and these items are included in the.ufdr report, and presented in UFED Reader with a red ‘x’ icon next to the artifact.

Q: Can UFED extract logical and physical data from Windows Phone 8 and new Android-SM using MTP (media transfer protocol) instead of UMS (mass storage)?

A: For Windows Phone 8 using the logical extraction method, you can extract contacts via Bluetooth and Multimedia data via USB (MTP protocol). Physical extraction is available for selective Nokia Lumia (out of the box WP8) models. For Android devices, using logical extraction method, you can extract Multimedia data for newer Android devices, via USB (MTP protocol).

View the full webinar below:

 Leave a comment if you have a question that was not answered above, or in the webinar itself!

Exclusive bootloader method support for the latest Samsung devices headline UFED 4.4 release

Bootloader banner

With the release of UFED 4.4, Cellebrite announces support for 17,638 device profiles and 1,092 app versions. UFED 4.4 introduces the exclusive bootloader method designed to solve some of investigators’ most challenging problems for unlocking and extracting data from leading Samsung Android devices. Also including decoding support for new devices and OS updates, including iPhone 6S/6S Plus, iOS 9.1, and Android Marshmallow.

New unlocking & physical extraction support for Androids using the unique bootloader method

In previous version 4.2.6, we announced the release of the enhanced bootloader method, which enables you to obtain additional data when performing a physical extraction while bypassing user lock from Samsung devices.

As part of our ongoing efforts to provide the best physical extraction capabilities for the latest Android devices, version 4.4 introduces an enhanced bootloader to support newer phone firmware versions, and includes 12 additional Samsung devices. You can now obtain additional data by performing a physical extraction using the enhanced bootloader method for 85 popular Samsung Android devices running Android 5.x. This unique solution supports the following Samsung families: Galaxy S3, S4, S5, Note 3 and Note 4.

What is the bootloader method?

Physical extraction using the boot loader method is the recommended method to recover data from Android devices. When the device is in boot loader mode during extraction, the operating system does not run, and therefore, the device cannot connect to the mobile network. It bypasses any user lock is forensically sound.

New tutorial video is available below.

Cellebrite now supports new iPhone 6S/6S Plus and Android v6.0 Marshmallow

Recent device launches and updated operating system are also supported with UFED 4.4.  Users can now perform file system, logical (including applications data), advanced logical extraction, and decoding from,iPhone 6S and 6S Plus devices and iOS 9.1. UFED 4.4 also provides file system and extraction support for the latest Android v6.0 Marshmallow with limitations. Following recent changes made in Android 3rd party apps, including Facebook, WhatsApp and Snapchat, data from these apps can no longer be extracted when performing file system and logical extractions when using Android backup method. We recommend two options in order to overcome this limitation: Perform a physical extraction (when available), or root the device to extract data.

iPhone6 banner for blog

Extend your investigation capabilities with enhanced support for new apps for iOS and Android

UFED 4.4 keeps pace with investigator demand for more app support, and greater visibility into app data. This version introduces newly added support for some of the most popular apps installed on both Android and iOS, including: Google Drive, Google Tasks, Google Translate, Inbox, One Drive ,Pinterest, Runtastic, Yandex Browser, Yandex Maps; One Note and VIPole are available for Android.

With 300 million active users using Dropbox, 250 million using Microsoft’s OneDrive, 240 million using Google Drive*, and 100 million users on Pinterest, (the third most popular social network in the US)**. We are bound to believe that high number of people using these apps on their devices, may also hold the evidence you need for your investigation.

Updated support is also available for 53 Android and 61 iOS app versions.

New decoding method process for WhatsApp data 

App_whatsappIn UFED 4.2.6, we introduced a new capability to decrypt WhatsApp data. Using a third-party script, you can manually extract the WhatsApp key (on non-rooted Android devices), and use it in UFED Physical Analyzer to decode and decrypt the data. During the process, the WhatsApp version will be temporary downgraded to an earlier version, so that the key can be .extracted and used to decode the WhatsApp database. The current WhatsApp version will be restored at the end .of the extraction process.

A new step-by-step process is now available in MyCellebrite.

Learn more about UFED 4.4– download the release notes here!

* http://expandedramblings.com/index.php/google-app-statistics/

**http://marketingland.com/pinterest-says-it-has-100-million-monthly-active-users-143077

UFED 4PC and UFED TK join UFED Touch in the UFED Series portfolio

UFED 4PC software runs on any PC platform.This week we’re excited to announce the launch of two brand-new products: UFED 4PC and UFED TK. In addition to our press release that hit the wires this morning, we thought we’d take the opportunity to address a few additional questions about these new products.

What’s new?

First: are UFED 4PC and UFED TK replacing UFED Touch? No. UFED 4PC and UFED TK are extensions of our UFED Series portfolio. Together with the UFED Touch, they are part of an approach that Cellebrite developed to better align the forensics solution with a wide range of customer work flows, environments and other use cases.

20130711121027-b7026a95-meUFED 4PC is designed for customers who wish to simultaneously extract, decode and analyze mobile device data on your choice of Microsoft® Windows®-based PC or a Mac running Microsoft® Boot Camp® software.

UFED TK supports users who seek to extract, decode and analyze mobile forensic data on a pre-configured, ruggedized PC hardware platform (we opted to install it on Panasonic® Toughbook® 53, Toughbook® 19, and Toughpad® G1 platforms) that includes all hardware, software and accessories in a single convenient kit.

We anticipate that many users will still require the ability to perform mobile forensic extractions from a dedicated single purpose device, a closed environment that does not allow installation of additional software. Other benefits, like the ability to perform forensic extractions even after power failure (as this book excerpt in DFI News pointed out), may be an added reason to maintain at least one UFED Touch in a lab.

What’s the same?

UFED Touch continues to be Cellebrite's flagship hardware.Whether you purchase a UFED 4PC or UFED TK to supplement your existing UFED Touch, or upgrade to a UFED Touch, UFED 4PC and/or UFED TK from the UFED Classic, remember: all UFED firmware upgrades will support all three systems. In addition, the same interface across all three solutions means that Cellebrite’s new training curriculum will enable you to use any and all of the three.

UFED 4PC incorporates the most comprehensive extraction and decoding support for the widest range of devices. It is built on the trusted UFED platform with its read-only boot loaders, unified device drivers, and other features designed to save time and deliver the most accurate data.

And, just like UFED Touch, UFED 4PC and UFED TK purchases will—depending on your license—include installations of UFED Physical Analyzer or UFED Logical Analyzer software, along with UFED Reader and UFED Phone Detective.

Which UFED is right for you?

One of the things that excites us the most about expanding the UFED Series is our ability to offer greater flexibility to customers. Some customers may opt to bring UFED Touch into the field and use UFED 4PC in the office or lab environment. Others may prefer exactly the opposite.

A variety of factors—how often you travel into the field, for what purpose, and even how your office or lab environment and work processes are constructed should inform your decision. Contact our sales team to determine the UFED Series product (or mix of products) that may be right for you.