3 Reasons to Vote for Cellebrite for a 2015 Forensic 4:Cast Award

For as long as the Forensic 4:cast Awards have existed, Cellebrite’s UFED tools have been named Phone Forensic Tool of the Year. Being nominated among some of the greatest products in the industry, we couldn’t be more proud that the forensic community recognizes our continuing efforts to deliver the best, most innovative and  functional mobile forensic tools for seven years running.

Thanks to you, Cellebrite’s nominations include:

  • UFED Touch for phone forensic hardware of the year
  • UFED 4PC for phone forensic software of the year
  • Digital forensic organization of the year

Will you vote for us this year? Here are a few reminders why Cellebrite deserves the Forensic 4:cast Awards.

1. We’ve got your back.

Cellebrite has always been known for its breadth of support for new devices, but in 2014 we deepened our support for both smartphones and the apps installed on them. We improved our automated decoding, so you can spend more time analyzing data than figuring out how to decode it; brought our device profile support up to more than 14,000; and added decoding support for 25 prepaid Android devices—including Tracfone models that stumped investigators for years.

2. We make data analysis as simple or as complex as you need.

The visual analytics we include in tools like UFED Physical/Logical Analyzer and UFED Link Analysis give you a basic, at-a-glance look at key people, places, and communications via Project Analytics, Timelines, Maps, and Graphs. These help you immediately visualize your data and focus on only that which is most relevant to your case.

When you need to get “into the weeds” with the data—at the device memory level—you can do that too. Locate, carve, and validate data using advanced search functions like regular expressions and searches for strings, dates, codes, numbers, ICCID, SMS formats, etc., and import your JTAG and chip-off extractions into UFED Physical Analyzer for decoding.

3. We give you the tools you need not just to extract and analyze the data, but also to testify about your process with confidence.

Tools with as much functionality as ours deserve investigators who can put them to good use, so in 2014 we stepped up our training and certification program. We are now the first and only digital forensic vendor to deliver courses not only in person, but also online, and more than 4,000 practitioners earned their Cellebrite certifications through the end of 2014.

Vote for us today!


Link data in graphs, timelines, and maps to save time and accelerate investigations

Link analysis capabilities continue to grow in importance in a great many investigations, from homicide and sexual assault to property and pattern crimes. Read (and watch!) on — and at the end of the post, download our white paper — to learn how UFED Link Analysis can help you save time and effort in finding leads, establishing patterns, and maximizing the insights available for your investigations.

Construct case timelines from multiple mobile devices

Timelines are one of the most important elements of any investigation. Retrace a victim’s or suspect’s steps through the last hours, days, weeks or even months before an incident. Identify a subject’s patterns of behavior: the days and times s/he regularly visits or calls family members, does business, runs errands, etc. These patterns, as well as deviations from them, can be important in small or large ways.

Learn more about how to quickly visualize timelines in UFED Link Analysis in our video:

Import additional data sources for context

One of UFED Link Analysis’ most important features is the ability to import data from other sources; notably, carrier call detail records (CDRs), which can show the towers to which a suspect or victim device connected over a period of time. This can help establish both travel activity and stationary locations. CDRs can also reveal incoming and outgoing calls and, in some cases, text messages (depending on how long they retain the data).

Watch to learn more about pre-set formats and other features that make CDRs easy to import and analyze alongside device data:

Establish suspects’ and victims’ location behavior

Along with timelines, the maps within UFED Link Analysis can be a good way to narrow down a list of potential leads and establish subjects’ normal and abnormal patterns of behavior. Plot geolocation data from wifi access points, cellular towers, GPS apps, images and video to show two or more suspects in the same location at the same time. You can also do the same to show a suspect’s connection to a victim – or exonerate a suspect accused of wrongdoing.

Learn more about how Map View works in our video:

UFED Link Analysis’ versatility only starts with these features. Download our white paper for additional details about putting it to work for your investigations!



GPS Forensics and Link Analysis in Cellebrite’s August Webinars


LATAM customers! Did you know that Cellebrite’s exclusive capability to perform TomTom triplog files decryption and decoding can help you add vital evidentiary data to your investigation?

Join us for the upcoming webinars on GPS Forensics and TomTom Trip-Log Decryption, which will be hosted by our forensics solutions experts in Spanish and Portuguese, and will include a Q&A session.

GPS Forensics and TomTom Trip-Log Decryption (en español)

Speaker: Carlos Silva

Date: August 06, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Spanish!

GPS Forensics and TomTom Trip-Log Decryption (em Português)

Speaker: Frederico Bonincontro

Date: August 15, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Portuguese!

Link Analysis: Identify connections between suspects, victims, and others in less time

Did you miss our previous webinar on the UFED Link Analysis? Cellebrite will be hosting an additional live English-language webinar this month.

Speaker: Shahaf Rozanski

Date: August 20, 2014 06:00 UTC, 15:30 UTC

Learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite’s Forensics Senior Product Manager, Shahaf Rozanski, as he presents real world use case scenarios from a wide range of crime categories. The webinar will include a Q&A session.

Register here for the webinar on UFED Link Analysis!

Would you like to receive a webinar on our forensics solutions in your language? Leave us a comment and we’ll arrange it for you!

To view a past webinar, please visit the Webinars section on our website:  http://www.cellebrite.com/corporate/webinars

JTAG decoding, bypassing device locks, and link analysis in Cellebrite’s July webinars


Link Analysis: Identify connections between suspects, victims, and others in less time

On July 1, learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite Forensics Solutions Specialist Lee Papathanasiou for a 60-minute live webinar that details how link analysis methodology:

  • Helps you visualize communication links using multiple mobile devices’ rich data sets, including mutual contacts, calls, SMSs, MMS, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Filters data by time, date, number of contact times, and categories, and drills down to specific events.
  • Pinpoints whether entities were at the same place at the same time.
  • Allows you to share findings with colleagues and other investigators.

The webinar, including a Q&A session, will present real world use case scenarios from a wide range of crime categories. The session will also touch on key practical features of UFED Link Analysis, including timelines, advanced filters, and much more.

Register here for the July 1 webinar on UFED Link Analysis!

Bypassing Locked Devices: Learn How to Tackle One of the Biggest Challenges in Mobile Forensics

Pattern locks and passwords are becoming increasingly sophisticated and hard to crack, even for forensic examiners. Attempting to gain access to a locked device, especially with a complex pattern lock or passcode, is often only possible by using advanced forensic tools and techniques.

Don’t remain locked out from your evidence. Join Cellebrite’s forensic technical director, Yuval Ben-Moshe, for this 45-minute live webinar to learn about the UFED’s unrivaled ability to bypass locked phones without jailbreaking, rooting or flashing. You will learn:

  • Various methods to bypass locked devices, and a live demo of password extractions using the UFED.
  • How to use the extracted password to bypass other devices owned by the same person.
  • Physical extraction while bypassing any type of lock from 470 Android devices, including Cellebrite’s first to market capabilities for Samsung Galaxy S4 family.
  • Bypassing locks from counterfeit devices and phones manufactured in China.
  • How to run a plug-in that reveals pattern locks in Physical Analyzer.

Register here for the July 10 webinar on user lock bypass and extraction!

Automated JTAG Extraction Decoding with UFED Physical Analyzer

The growing popularity of JTAG forensics requires a great deal of resources and investment to obtain raw data stored on the device’s memory chip. It can take many hours for an examiner to transform the raw data into human interpretable evidence.

Cellebrite’s newly introduced decoding capabilities reduce the amount of time examiners have to spend on manually decoding, or carving, the large volume of extracted data. Join Cellebrite’s engineering product manager, Ronen Engler, for a 45-minute session on how you can take advantage of the UFED for JTAG decoding:

  • Easily import the binary file from a JTAG extraction into the UFED Physical Analyzer to draw accurate conclusions and report data.
  • Access this rich set of data to discover common artifacts, such as call logs, SMS, media files, e-mails, chats and locations.
  • Drill down into the binary file’s hex code through advanced search capabilities for finer grained information.
  • Decode the extractions from the widest range of devices, including popular Samsung, HTC, and LG, using a series of automated plug-ins and chains.

Register for the July 24 webinar to learn about Cellebrite’s efficient and cost-effective solution to decode and obtain forensically sound data from previously inaccessible devices.

Better data organization through tagging in UFED Link Analysis 2.1

Our previous release of UFED Link Analysis introduced two major new features: the ability to import call detail records, and the ability to merge data sources.

As important to casework as these features are, managing data from two or more sources can quickly become unwieldy. Filters can help, but still may result in dozens of calls, chats, and other events. When you’ve done all the filtering you can and are at the stage where the only thing left to do is manually assess the data, you need another way to organize it.

UFED Link Analysis 2.1 introduces tagging, the ability to assign keywords or “tags” to each event or person. Tag data by whether it’s relevant or irrelevant to your case, whether it counts as evidence or intelligence, and/or whether it requires further follow-up—you can assign multiple tags to a single item. Tags are customizable according to your work process, and can be used to filter data further.

Also new with UFED Link Analysis 2.1: the timeline now contains locations, images, and audio and video files, presented based on logged or captured date and time. These data types add context to enable a better view of the sequence of events performed by subjects under investigation.

Additional data now available for viewing in UFED Link Analysis includes both sent and received attachments from MMS, emails and notes, application usage and installation (including date last used and usage frequency), user dictionary, searched items, maps and data files.

Read UFED Link Analysis 2.1 release notes here. For more on how to merge, or deduplicate, data from multiple data sources, watch our video:

One-step multiple report formats, Link Analysis integration & more in UFED Physical/Logical Analyzer 3.9

The latest release of UFED Physical/Logical Analyzer (depending on your license) includes new features that respond to a variety of user needs.

First, you can now generate reports in multiple formats for several projects in a single step. Useful for case agents who must supply supervisors, intelligence analysts, translators, and others with the data they extract, this new feature saves time. Simply select the data and the required report formats (e.g. Word, PDF, UFDR etc.), and click “Finish.” This feature is supported in UFED Physical/Logical Analyzer and UFED Reader.

Another new time-saving feature is that you can now open your project in UFED Link Analysis directly from the UFED Physical Analyzer/Logical Analyzer and UFED Reader. If you’re a current UFED Physical/Logical Analyzer user, get a free UFED Link Analysis trial today with your UFED Physical/Logical Analyzer update. The trial will remain active till February 1.

Export SMS and MMS events to EML format directly from the analyzed data table. This is useful for showing all written communications – text messages and emails – together in a single timeline, when imported into third-party applications that support EML files. Each SMS and MMS message gets its own EML file.

Decoding: Devices and data types

Decode new and enhanced data types from various smartphone operating systems. Now supported for BlackBerry devices is the ability to view power-offs. This can be an important indicator of criminal activity; suspects are known to turn off their devices when trying to avoid either real-time detection, or leaving after-the-fact evidence of their travels. If an extraction reveals power-offs you wouldn’t expect during, say, waking hours, or during the subject’s normal patterns of life, that may offer new lines of inquiry for your investigation.

To view the powering log for a BlackBerry device, run the BlackBerry event log plug-in after the chain has been executed. View the data in the “Powering Events” table under “Analyzed Data” or as part of the Timeline.

UFED Physical/Logical Analyzer 3.9 also shows iOS and Android application permissions. Unsafe apps – those infected by malware, or not secured – can give the app permission to view contacts, text messages and other content without a user necessarily knowing it. This may be valuable in cases where a victim isn’t sure how private information was divulged. Find access permission data in the “Installed Applications” table (also available in the right pane).

Decoding support for physical extraction has also been added for 145 devices, including 118 Android devices; for file system extraction for 126 devices, including 97 Android devices; and for feature Samsung GSM and CDMA and LG CDMA devices. The new update also includes application support for the iOS apps Passbook, Wickr, and vBrowse; and Android apps Outlook.com, Google Maps and a new KakaoTalk version with encrypted data.

Find tethering information, iOS 7.0.x keychain decryption, Android data carving, various performance and functionality improvements, and many other features in UFED Physical Analyzer 3.9. If you’re not a current customer, take advantage of your free 30-day trial by clicking the below image:

UFED Physical Analyzer 30-day Trial

New in UFED Link Analysis: Call detail records, more information management

Since releasing UFED Link Analysis last April, we’ve received many requests from customers for the ability to import more data sources than just UFED extractions. UFED Link Analysis 2.0 gives you that capability, and more.

Multiple data formats

As sales engineer Ronen Engler explained in a recent webinar, call detail records can be an important source of additional data when a subject has another device you don’t have access to. As Ronen explains, you can add the records to the link analysis graph in the same way you would another device:

XML files can also be imported into UFED Link Analysis 2.0.

Ronen’s presentation highlights two other new features:

  • UFED Link Analysis already contains some carrier pre-sets, including AT&T, T-Mobile, Sprint and others. However, you can also map your own pre-sets for Microsoft® Excel® and comma or tab delimited files. UFED Link Analysis will automatically detect and identify recurrent pre-sets after that point.
  • Merge multiple entities. Suspects/victims may use more than one device, and have different details about their contacts in each one; call detail records may duplicate device call and text message logs. UFED Link Analysis allows you to easily merge the multiple entities to become a single entity with all the information from all sources. (Of course, you can also split merged entities. Any newly added information can be assigned to one of the entities as part of the split function.)

Other new features: watch list; more information per subject and entity

UFED Link Analysis 2.0 brings the popular watch list feature, which lets you automatically highlight keywords relevant to your investigation. Define a list of keywords relevant to a case category – say, narcotics, vice or case-specific key names and words – then activate the watch list on open reports. Color code each watch list based on its importance; filter the data it turns up. You can also share the watch list with other authorized personnel by using the export and import feature.

Person information now contains additional data types available from the UFDR file including images, videos, calendar events, notes and passwords. In addition, use the new Edit Entity function to manually add new information, including custom fields, to entities found on the device, including pictures, personal and contact details.

UFED Link Analysis is valuable on a wide range of cases. Link multiple suspects, suspects and victims, and other persons of interest in a wide range of cases. For more information, and to make an inquiry, visit our product page.

Webinar: Link analysis for everyday investigations

Mutual connections in UFED Link AnalysisLink analysis isn’t just for gang, fraud, narcotics, or other large-scale or complex investigations. It’s also useful in a wide variety of “everyday” crimes: prostitution, assault, even homicide and property crimes.

Whether you’re a detective or investigator that does mobile forensics part-time, or a dedicated digital forensics analyst, link analysis can help you focus and direct your investigation or analysis. In Cellebrite’s next upcoming webinar, learn how to rapidly visualize key relationships and identify the connections and communication methods between known and potential victims and suspects.

The session will touch on key features from Cellebrite’s UFED Link Analysis software, including:

  • Communication links between multiple mobile devices and their contacts, calls, SMSs, MMSs, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Visual data representations that show how entities are connected
  • Data filtering by time, date, number of contact times, and categories
  • Bidirectional and unidirectional communications patterns between entities
  • Location analytics that show whether entities were at the same place at the same time

You’ll also learn how to share your findings with colleagues, supervisors, attorneys and others who require the information.

Use this link to register for one of 6 scheduled sessions:

Tuesday, 03 December 2013

Session 1: 8am PDT / 11am EDT / 4pm GMT / 6pm Eastern Europe
Session 2:  1pm PDT / 4pm EDT / 9pm GMT / 11pm Eastern Europe

Wednesday, 04 December 2013

Session 3:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 4:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

Thursday, 05 December 2013

Session 5:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 6:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

We look forward to seeing you in Cellebrite’s next webinar!

2 free webinars highlight Cellebrite UFED software

This week and next we’re pleased to offer two free webinars that give you deeper insight into using two UFED software applications: the newly introduced UFED Link Analysis, and the award-winning UFED Physical Analyzer.

Generate leads with UFED Link Analysis

This Wednesday, July 17th, join Yuval Ben-Moshe, Cellebrite’s Forensic Technical Director, as he shows how UFED Link Analysis can help you identify connections between multiple devices and generate important leads based on data extracted from mobile devices.

Register here for Session 1, 8:00 AM UTC / 4:00 PM SGT (Singapore Time)

Register here for Session 2, 3:00 PM UTC / 8:00 AM PDT / 11:00 AM EDT

Drill into deleted, hidden and existing data with UFED Physical Analyzer

Next Wednesday, July 24th at 8:00 AM PT / 11:00 AM ET (3:00 PM UTC), join us for an overview of how UFED Physical Analyzer’s timelines, watch lists, project analytics, image carving, geolocation mapping, malware detection and many other features maximize your investigative power.

Register here for Session 1, 8:00 AM UTC / 4:00 PM SGT (Singapore Time)

Register here for Session 2, 3:00 PM UTC / 8:00 AM PDT / 11:00 AM EDT

Also don’t forget to register for the upcoming SANS webinar, “Digital Forensics in Modern Times,” scheduled for this coming Thursday, July 18th!

New Device Support with UFED; New Language Support with UFED Link Analysis 1.8

Following on our release of UFED Physical Analyzer 3.7 just a couple of weeks ago, we’re pleased to release a new firmware version for both UFED Touch and UFED Classic, as well as a new UFED Link Analysis version.

New UFED firmware means new device support

UFED Touch and UFED Classic now offer logical extraction from Samsung Galaxy S4 devices, and from the HTC One, logical along with file system extraction and decoding with user lock bypass. (Watch our video below for details on the HTC One extraction.)

Physical extraction and decoding with user lock bypass is now available for HUAWEI and ZTE devices running any Android OS version. This is possible with proprietary client software. To perform this type of extraction with your UFED Classic, update the EPR file before proceeding.

UFED CHINEX now enables physical extraction with decoding and user lock bypass from additional selected Alcatel devices. Using the UFED Ultimate interface, you can either select the specific model you’re working with, or one of two generic options offered.

Because these options cover different families of devices which are not included in the device list, but can be extracted using the same methods as already-supported devices, you should use the two options in sequential order.

Physical extraction with user lock bypass is now available for selected LG devices; decoding will be added in the future. To perform this extraction, the device boot partition is replaced without affecting the user partition.

UFED Classic Logical extraction enhancement

Cellebrite has improved UFED Classic Logical’s performance by enabling email extraction as part of the logical extraction process. This increases the amount of data available via logical extraction and is therefore beneficial in examinations where time is critical.

Customers who have recently purchased UFED Classic systems, but have not yet budgeted for UFED Touch upgrades, may find this improvement valuable as the number of smartphones they encounter increases.

Multilingual support for UFED Link Analysis

Released May 29, the UFED Link Analysis user interface is now available in 10 different languages besides English: Chinese, Dutch, French, German, Hebrew, Italian, Japanese, Portuguese, Russian and Spanish.

You can select the display language you prefer from the application settings. The language selection will be saved for future sessions as well.

Find our full UFED release notes here.