Exclusive bootloader method support for the latest Samsung devices headline UFED 4.4 release

Bootloader banner

With the release of UFED 4.4, Cellebrite announces support for 17,638 device profiles and 1,092 app versions. UFED 4.4 introduces the exclusive bootloader method designed to solve some of investigators’ most challenging problems for unlocking and extracting data from leading Samsung Android devices. Also including decoding support for new devices and OS updates, including iPhone 6S/6S Plus, iOS 9.1, and Android Marshmallow.

New unlocking & physical extraction support for Androids using the unique bootloader method

In previous version 4.2.6, we announced the release of the enhanced bootloader method, which enables you to obtain additional data when performing a physical extraction while bypassing user lock from Samsung devices.

As part of our ongoing efforts to provide the best physical extraction capabilities for the latest Android devices, version 4.4 introduces an enhanced bootloader to support newer phone firmware versions, and includes 12 additional Samsung devices. You can now obtain additional data by performing a physical extraction using the enhanced bootloader method for 85 popular Samsung Android devices running Android 5.x. This unique solution supports the following Samsung families: Galaxy S3, S4, S5, Note 3 and Note 4.

What is the bootloader method?

Physical extraction using the boot loader method is the recommended method to recover data from Android devices. When the device is in boot loader mode during extraction, the operating system does not run, and therefore, the device cannot connect to the mobile network. It bypasses any user lock is forensically sound.

New tutorial video is available below.

Cellebrite now supports new iPhone 6S/6S Plus and Android v6.0 Marshmallow

Recent device launches and updated operating system are also supported with UFED 4.4.  Users can now perform file system, logical (including applications data), advanced logical extraction, and decoding from,iPhone 6S and 6S Plus devices and iOS 9.1. UFED 4.4 also provides file system and extraction support for the latest Android v6.0 Marshmallow with limitations. Following recent changes made in Android 3rd party apps, including Facebook, WhatsApp and Snapchat, data from these apps can no longer be extracted when performing file system and logical extractions when using Android backup method. We recommend two options in order to overcome this limitation: Perform a physical extraction (when available), or root the device to extract data.

iPhone6 banner for blog

Extend your investigation capabilities with enhanced support for new apps for iOS and Android

UFED 4.4 keeps pace with investigator demand for more app support, and greater visibility into app data. This version introduces newly added support for some of the most popular apps installed on both Android and iOS, including: Google Drive, Google Tasks, Google Translate, Inbox, One Drive ,Pinterest, Runtastic, Yandex Browser, Yandex Maps; One Note and VIPole are available for Android.

With 300 million active users using Dropbox, 250 million using Microsoft’s OneDrive, 240 million using Google Drive*, and 100 million users on Pinterest, (the third most popular social network in the US)**. We are bound to believe that high number of people using these apps on their devices, may also hold the evidence you need for your investigation.

Updated support is also available for 53 Android and 61 iOS app versions.

New decoding method process for WhatsApp data 

App_whatsappIn UFED 4.2.6, we introduced a new capability to decrypt WhatsApp data. Using a third-party script, you can manually extract the WhatsApp key (on non-rooted Android devices), and use it in UFED Physical Analyzer to decode and decrypt the data. During the process, the WhatsApp version will be temporary downgraded to an earlier version, so that the key can be .extracted and used to decode the WhatsApp database. The current WhatsApp version will be restored at the end .of the extraction process.

A new step-by-step process is now available in MyCellebrite.

Learn more about UFED 4.4– download the release notes here!

* http://expandedramblings.com/index.php/google-app-statistics/

**http://marketingland.com/pinterest-says-it-has-100-million-monthly-active-users-143077

Speed Cloud Data Extractions from Anywhere

In our socially-driven world, it’s not surprising that Facebook, Kik and Instagram posts, as well as other cloud data sources have the power to break criminal cases wide open. The challenge for forensic examiners is getting to that data quickly. Together with mobile device data, these sources often capture the details and critical connections investigators and prosecutors need to solve a wide variety of crimes. UFED Cloud Analyzer, the first tool of its kind, removes the roadblocks and red tape involved in getting access from cloud service providers, reducing valuable time and cost to investigations.

“Social media data is a headache to access from application providers, but is so critical now to forensics investigations,” said Sgt. Andrew Weaver, Hartford, C.T., Police Department. “It can takes months to receive data with a warrant and then we do, it’s challenging to review and uncover pertinent details – not to mention time consuming. UFED Cloud Analyzer gives us access to this data quickly so we don’t lose valuable investigation time waiting.”

Part of the UFED Pro Series exclusive and powerful investigative tool automatically collects both existing cloud data and metadata without the need for credentials, because the tool impersonates the phone in order to perform the extraction. It then packages this data in a forensically sound manner either in the field or the lab. This allows investigators to search, filter and sort data to quickly identify “Who?, When?, Where?” details to speed investigations from anywhere.

Extraction Criteria Definition

UFED Cloud Analyzer Retrieved Google Location Data as Key Evidence for an Investigation

The forensic practitioners already using this new tool are not only reaping its considerable rewards, but singing its praises.

“While assisting a local law enforcement agency with a recent criminal investigation, we were able to utilize Cellebrite UFED Cloud Analyzer to remotely collect Google location data pursuant to a search warrant,” said Jim KempVanEe, Director of Digital Forensics.

LogicForce Consulting, Nashville, Tenn. “Within minutes of collecting the location data, we were able to confirm for the investigators that the suspect’s phone was within feet of the 12 year old victim’s home and we was able to trace the suspect’s movements after he left the scene.  All of this while another search warrant for location data sat idle at Google waiting to be processed.  Great tool – thank you Cellebrite!”

Cloud Analyzer with Google Maps icon2

Extract Insights Faster with New, Faster Capabilities

In the latest release of this tool, the capability to decode a cloud data account package from an Android device via a logical extraction just got even faster and more actionable. Investigators can now decide upfront which data should be extracted, selecting specific files and directories from cloud storage services including Google Drive and Dropbox. You can also now select a specific portion of email messages to access – headers only, headers and body without attachments, etc., helping to reduce investigative cycles.

Other key enhancements include the ability to:

  • Extract detailed location information from a suspect or victim’s private Google Location History, stored on Google cloud servers, allowing investigators to track all timestamped movements minute by minute
  • Track and analyze a suspect’s Facebook Likes and Events to get a better understanding of a suspect or victim’s interests, opinions and daily activities
  • Gain access to more Twitter connections, including pending requests either requested or received, to dive deeper into a suspect’s relationships
  • Reveal changes and/or discrepancies in images, videos and files stored in Google Drive and Dropbox

To learn more about how the UFED Cloud Analyzer and the UFED PRO Series can help you solve more cases quickly and accelerate investigations by gaining instant access to cloud data, contact your Cellebrite sales representative or visit http://www.cellebrite.com/Mobile-Forensics/Applications/ufed-cloud-analyzer

banner1

 

New UFED release 4.2.2 offers exclusive support, impressive breakthroughs and enhanced decoding

With the release of UFED Physical/Logical Analyzer 4.2.2, Cellebrite offers new decoding features designed to improve investigative efficiency from 1,128 additional device profiles and enriched degree of decoded data from 873 app versions.

Exclusive support for the latest and popular Samsung devices

Samsung contributes to the highly fluid mobile market by introducing ever smaller and lighter mobile device models every few months. The quick adoption of these devices by felons leaves investigators to encounter additional challenges during the investigation. Cellebrite enables access to all data, including deleted data, from the newest Samsung Android devices available in the market today. Cellebrite supports physical extraction while bypassing the user lock using the forensic recovery partition method, and decoding from 33 Samsung Android devices, including Samsung Galaxy S5, S6 and Note 4 family of devices.

Cellebrite’s UFED replaces the device’s original recovery partition with Cellebrite’s custom forensic recovery partition. The original recovery partition on the Android device can be considered as an alternative boot partition that may also change the user data partition, while Cellebrite’s recovery image does not affect any of the user data.

Support for next generation smart watches

Android wear may be a new concept, but with nearly $7M sales just last year, many independent research groups anticipate a huge growth in the wearable space is in the next upcoming years. With the rate of new devices entering the market by Samsung and others, Cellebrite ensures that investigators remain ahead with the most advanced extraction and decoding technology to support these new trending devices.

UFED enables physical extraction while bypassing lock, and decoding support from the most popular next generation smart watches including LG smart watch LG G WATCH R™ (W110) and the previously released Samsung Galaxy Gear SM-V700.

New app decoding and decryption support

Apps provide a rich source of data to investigations. 59% of our users say that 3rd-party apps data matter the most in investigations. Cellebrite provides updated support for 843 app versions in this release, as well as decoding support for new apps, such as Facebook Messenger (decoding of the call logs of the voice calling feature and the new video calling/chatting feature). Additional decryption is also available for UFED 4.2.2, UFED Physical Analyzer is now able to decrypt and decode Android Backup (Android 5.x) with a known password as part of the file system extraction.

Download the release notes to see a full list of apps and version numbers.

Now higher resolution view in offline maps feature

In UFED version 4.2 we introduced the latest offline maps feature which enables you to view extracted locations on a worldwide map without internet connection. This feature has been improved, enabling you to view extracted locations on a regional map, and zoom in at an even higher resolution of 15x to view streets for better indication and view of the location without internet access for the following continents: USA, Canada, Europe, Japan and Korea, Middle East, Africa, London, Los Angeles, New York, Paris, Singapore and Tokyo.

 Untitled

You asked for it, we developed it!

UFED Physical/Logical Analyzer 4.2.2 keeps pace with investigator demand and provides the option to redact the image thumbnail from the PDF, Word and HTML report. You would use this option with cases involving sensitive images, such as child abuse.

Untitled2

3 Reasons to Vote for Cellebrite for a 2015 Forensic 4:Cast Award

For as long as the Forensic 4:cast Awards have existed, Cellebrite’s UFED tools have been named Phone Forensic Tool of the Year. Being nominated among some of the greatest products in the industry, we couldn’t be more proud that the forensic community recognizes our continuing efforts to deliver the best, most innovative and  functional mobile forensic tools for seven years running.

Thanks to you, Cellebrite’s nominations include:

  • UFED Touch for phone forensic hardware of the year
  • UFED 4PC for phone forensic software of the year
  • Digital forensic organization of the year

Will you vote for us this year? Here are a few reminders why Cellebrite deserves the Forensic 4:cast Awards.

1. We’ve got your back.

Cellebrite has always been known for its breadth of support for new devices, but in 2014 we deepened our support for both smartphones and the apps installed on them. We improved our automated decoding, so you can spend more time analyzing data than figuring out how to decode it; brought our device profile support up to more than 14,000; and added decoding support for 25 prepaid Android devices—including Tracfone models that stumped investigators for years.

2. We make data analysis as simple or as complex as you need.

The visual analytics we include in tools like UFED Physical/Logical Analyzer and UFED Link Analysis give you a basic, at-a-glance look at key people, places, and communications via Project Analytics, Timelines, Maps, and Graphs. These help you immediately visualize your data and focus on only that which is most relevant to your case.

When you need to get “into the weeds” with the data—at the device memory level—you can do that too. Locate, carve, and validate data using advanced search functions like regular expressions and searches for strings, dates, codes, numbers, ICCID, SMS formats, etc., and import your JTAG and chip-off extractions into UFED Physical Analyzer for decoding.

3. We give you the tools you need not just to extract and analyze the data, but also to testify about your process with confidence.

Tools with as much functionality as ours deserve investigators who can put them to good use, so in 2014 we stepped up our training and certification program. We are now the first and only digital forensic vendor to deliver courses not only in person, but also online, and more than 4,000 practitioners earned their Cellebrite certifications through the end of 2014.

Vote for us today!

 

UFED Physical/Logical Analyzer 4.2 offers efficiency improvements, decryption and enhanced decoding

PA42exclusive

 

 

 

 

The new Physical/Logical Analyzer release, version 4.2, is chock full of features and device support. From more efficient location mapping processes to improved decoding, this latest release is designed to accelerate your investigations and enable you to drill more deeply and intuitively into data from more than 15,000 devices.

Deeper location data analysis, more efficient workflows

UFED Physical/Logical Analyzer 4.2 offers a number of new enhancements with regard to location data. These enhancements offer more flexibility and efficiency by allowing you to access highly visual information more easily.

First, new offline map support offers maps view even when an Internet connection is not available or you are analyzing data at a workstation that is required to remain offline. Second, you can also now zoom in to locations in map view and see related event details. When you want to explore deeper relationships between locations, timelines, and analyzed data, you can jump from location information to its source event or timeline and vice versa.

Location information also allows you the ability to examine attached images, videos, audio, text, and other files identified during the data analysis process. The Data Files category in the project tree enables you to view and filter attachments within data files, locate the associated attachment event, and view its metadata and location information.

Do you frequently share your extracted UFDR reports with others using UFED Reader? Now, include the UFED Reader executable within the report output folder. This saves time for report recipients in locating, downloading, and using the UFED Reader application.

New app decoding and analysis functionality

UFED Physical/Logical Analyzer 4.2 also keeps pace with investigator demand for greater visibility into app data. Besides newly added support for apps installed on Android, iOS, and Windows Phone® devices, as well as updated support for 40 Android and 63 iOS app versions, the new release offers additional decoding and some decryption support, as well as improvements in the way app data—particularly chat app data—is displayed.

Added to analytics that show the most frequently used apps, app usage data now includes information about the last time a user launched a particular app, as well as for how long they used it. Also for the first time, view the number of messages per chat, which can help validate chats extracted using other tools that do not thread messages. Additionally, location data for chat messages is now available for export into all report formats.

Other apps-related support includes decryption of KeepSafe and WeChat apps, together with decoding support for WhatsApp VoIP call logs on Android devices. New WhatsApp support also includes the Read, Delivered and Played timestamps of outgoing WhatsApp messages for iOS, Android and BlackBerry® 10 devices. In addition, Twitter group chat messages are now displayed in Chats.

New device support includes physical extractions, decryption, and decoding

Disable the user lock for 159 Samsung Android models using SPR and SPM methods, depending on the device’s firmware version. In addition, Physical extraction with lock bypass and decoding is now supported for 58 LG Android devices released with Android version 4.2.x and above.

Decryption is now possible for physical extractions from generic Android and Samsung devices running Android 4.2 and below using a known password. Similarly, extract BlackBerry device backup data as part of file system extraction, and then decrypt the backup data with known BlackBerry ID credentials you retrieve via UFED Physical Analyzer.

Device information decoding is newly enhanced for all device types. For BlackBerry 10 this includes username, device model, PIN, IMEI, and device name; for Windows Phone devices, the information includes IMEI, IMSI, MEID, mobile operator ID, country, MAC address, and OS version. Device information for Android devices now includes the decoded Tethering ID and password, while iOS device product name and product type information are now included under device information.

Saving time in a death investigation

One Minnesota (US)-based detective working a death investigation used Physical Analyzer 4.2 to unlock a pattern locked Samsung Galaxy S5 (SM-G900V). Facing a lengthy and destructive chip-off extraction because the device did not appear to be supported for JTAG extraction, the investigator was able to run the device against a pre-release copy of Physical Analyzer 4.2. The extraction worked, and the investigator was able to use that evidence to continue building his case.

To learn more about how the new UFED Physical/Logical Analyzer 4.2 can help accelerate your investigations, download our release notes today!

New time-saving features arrive in UFED Physical Analyzer 4.1

With the release of UFED Physical/Logical Analyzer 4.1, Cellebrite offers new decoding and reporting features designed to improve investigative efficiency and enrich the degree of decoded data.

New, faster, and enhanced decoding

To start with, decoding extractions that are saved to a network drive is now up to 25% faster. New decoding support is available for a number of device models and data. These include JTAG extractions from seven new devices, as well as chip-off extractions from BlackBerry® devices running OS 10. Decoded BlackBerry 10 data includes several apps in addition to device data.

UFED Physical/Logical Analyzer 4.1 also improves on decoded location data from iOS devices. The device information now includes whether the device location service status is turned on or off, as well as whether location services were enabled for each app (and, if enabled, when it was last used). Additionally, UFED Physical Analyzer now displays recent and frequently visited locations tracked by iOS devices and maintained solely on the device.

New and updated app decoding is also available in UFED Physical/Logical Analyzer 4.1. This includes enhanced data carving from unallocated space for the ooVoo, Skype, VKontakte, and Odnoklassniki apps, and decrypted SnapChat pictures.

Also included is decoding for contacts and chats from the HeyTell and Truecaller Android and iOS apps, as well as bookmarks, web history, and emails from the Firefox app for Android. Updated decoding is available for a total of 34 Android apps and 30 iOS apps, including multiple app versions. Download the release notes to see a full list of apps and version numbers.

Efficiencies in reporting

Reporting also sees an improvement in speed, by up to 50% depending on report content for PDF and UFDR report processing. New reporting functionality allows you to export chat messages in conversation format, within PDF reports. As with previous version, select and unselect specific chats to include. Additionally, you can now include image thumbnails in PDF, Word, and HTML reports.

Another new feature stands to reduce confusion around daylight saving date and time stamps vs. UTC or standard times. UFED Physical/Logical Analyzer 4.1 includes a database containing start/end dates and times for countries that use daylight saving (DST). This data is available through 2018 and takes into account locations that do not adhere to DST. You can set a unified time zone for the project timestamps for the software to automatically adjust for DST.

Remember: End of life announcement for Windows XP

Following the recent announcement that Microsoft has officially ceased support for Windows XP on April 8, 2014, Cellebrite recommends installing UFED Series Software Products on 64-bit versions of Windows 7 and above. By February 28, 2015, the UFED Series will no longer support Windows XP.

IMPORTANT: This does not affect UFED Touch systems running on Windows 2009 Embedded Standard. The Windows Embedded Standard 2009 Operating System End of Life is scheduled for January 8, 2024.

For further information about the Windows XP end of life, please contact support@cellebrite.com.

Download the full release notes for additional details about these decoding and reporting features!

New time saving workflow capabilities in UFED 4.0: Translation, automated data carving, and more

UFED Release 4.0Efforts to obtain evidence and intelligence from mobile devices can be stymied by inefficiencies such as extra layers of work process, lack of access to a full range of tools, and other challenges both small and large.

UFED 4.0 continues Cellebrite’s track record of developing features that improve investigative workflows and save you time both in the lab environment and the field. Among the most significant time savers we’ve added to UFED Touch, UFED 4PC, and UFED Physical/Logical Analyzer: better Android data carving, language translation, a UFED Touch data preview capability, and better workflows overall.

Simple, efficient language translation

Reduce challenges associated with foreign language translation, including the need to rely on another person, or to copy/paste into an online tool. Either one takes time you may not have, and errors—especially with short words—can alter the meaning of content.

UFED Physical/Logical Analyzer 4.0 contains an offline translation solution that accurately translates both short and long words. Use it to translate selected content on demand, and to use filters in your language of choice. The translation engine keeps the source language, which you can see in the user interface, and you can include both the translation and the original source text in your report.

The UFED translation engine currently supports 13 languages, including English. Choose five free of charge when you access all the language packs from your my.cellebrite.com account. If you need more than five languages, you can purchase them directly from Cellebrite. Be sure to let us know if you need access to languages apart from what we offer!

Faster, more powerful data carving from Android unallocated space

Enhanced automated carving from Android devices’ unallocated space gives you access to much more—in some cases, double or triple the amount—of deleted data than previous data carving features allowed. Owing to a new algorithm, the carving process is now also faster.

While manual data carving is still an important part of forensic validation processes, Cellebrite redesigned the automatic data carving functionality to achieve more deleted data with greater precision, by dramatically reducing false positive and duplicate results.

Learn more about data carving when you take the Cellebrite Certified Physical Analyst course.

Save time in the field: Preview logical extraction data in UFED Touch

UFED Touch users may find themselves needing to preview evidence to decide whether a mobile device is worthy of deeper examination, or they need intelligence to decide an immediate course of action. UFED Touch now offers the option to view an HTML report that includes general device Information and the logical extraction data on the touch screen—without requiring a laptop.

Newly included in logical extractions, and therefore viewable with UFED Touch, are web history and web bookmarks. From iOS devices, the new UFED 4.0 feature extends logical extraction and preview capabilities to app data.

Balance time savings with process: capture images and snapshots with UFED Camera

Sometimes, taking screenshots of a mobile device is the only way to capture its evidence. This could be because you have no UFED with you in the field, or the device or certain data on the device isn’t supported for extraction with the equipment you have.

With UFED Camera, our new manual evidence collection feature, collect evidence by taking pictures or videos of a device. A single report contains any extracted information together with screenshots or video.

The ability to take screenshots can be important in the field, helping to substantiate a police officer’s, border patrol agent’s, or corporate internal investigator’s documentation of what s/he saw on the device during an initial scroll-through. (Remember to get consent or have another form of legal authority to show for it.)

In the lab, taking screenshots can help you to validate device extraction results – to show that the evidence in an extraction file existed on the evidence device.

For more details on these and other new and enhanced decoding and app support capabilities—including support for iPhone 6, 6Plus, & other Apple devices running iOS 8—download our release notes!

GPS Forensics and Link Analysis in Cellebrite’s August Webinars

webinar_header

LATAM customers! Did you know that Cellebrite’s exclusive capability to perform TomTom triplog files decryption and decoding can help you add vital evidentiary data to your investigation?

Join us for the upcoming webinars on GPS Forensics and TomTom Trip-Log Decryption, which will be hosted by our forensics solutions experts in Spanish and Portuguese, and will include a Q&A session.

GPS Forensics and TomTom Trip-Log Decryption (en español)

Speaker: Carlos Silva

Date: August 06, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Spanish!

GPS Forensics and TomTom Trip-Log Decryption (em Português)

Speaker: Frederico Bonincontro

Date: August 15, 2014 11:00 BRST (UTC-3:00)

Register here for the webinar on GPS Forensics and TomTom Trip-Log Decryption in Portuguese!

Link Analysis: Identify connections between suspects, victims, and others in less time

Did you miss our previous webinar on the UFED Link Analysis? Cellebrite will be hosting an additional live English-language webinar this month.

Speaker: Shahaf Rozanski

Date: August 20, 2014 06:00 UTC, 15:30 UTC

Learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite’s Forensics Senior Product Manager, Shahaf Rozanski, as he presents real world use case scenarios from a wide range of crime categories. The webinar will include a Q&A session.

Register here for the webinar on UFED Link Analysis!

Would you like to receive a webinar on our forensics solutions in your language? Leave us a comment and we’ll arrange it for you!

To view a past webinar, please visit the Webinars section on our website:  http://www.cellebrite.com/corporate/webinars

New UFED release broadens decoding for extractions from prepaid, damaged devices

With the release of UFED Physical Analyzer 3.9.7, Cellebrite now offers improved decoding for the binary files resulting from JTAG extractions. This means that rather than have to carve or manually decode the image file, examiners can now save time with an automated process.*

JTAG (Joint Test Action Group) forensics is an advanced method of mobile data extraction. By taking advantage of a device’s test access ports (TAPs)—included in every mobile device model to aid in manufacturers’ quality assurance processes—examiners can unlock the device in order to gain access to raw data stored on the memory chip, and can thus obtain a full physical image of the memory.

Because it is non-destructive and affords the opportunity to access data from devices that have been altered or damaged in some way that makes them inaccessible using conventional mobile forensic extraction tools the JTAG technique is growing in popularity, with a number of examiners undergoing training to become proficient in the procedure.

The additional decoding support, made possible with generic chains, is now available for 110 tested devices, including Samsung, HTC, LG, ZTE, Nokia, Huawei, Casio, Pantech, and Kyocera models. Examiners can gain access to a rich set of data such as call logs, SMS, MMS, emails, media files, apps data, and locations.

Access the JTAG binary extraction files in UFED Physical Analyzer by using the “Open (Advanced)” feature and selecting the extraction and the appropriate JTAG chain. You can find step by step guidance, in Chapter 3, section 3.4.2.3 of the UFED Physical Analyzer manual.

JTag2

*Manual decoding is still valuable as a validation method for forensic examinations.

Convert GPS coordinates to physical addresses

See where your subjects are visiting, and how often they’re visiting, without having to manually convert GPS coordinates to physical locations. UFED Logical/Physical Analyzer now enables you to convert single or multiple latitude/longitude coordinates, in bulk, to their corresponding nearest address. It also allows you to search based on that information, using an advanced search capability.

Additional device and decoding support

The new UFED release, 3.0.7, includes physical extraction with lock bypass from an additional 40 devices including: Samsung Galaxy S4 and Note III families, and HTC devices. Additional device extraction support using the Android backup method is included, along with file system and logical extractions from Nokia Asha devices.

The new UFED Physical Analyzer release includes additional decoding support for physical extractions from 26 new devices, file system extractions from 25 new devices, usernames and passwords from the browser on Android devices, locations in deleted photo metadata from iOS devices running iOS 7 and above, and deleted call log, contact and calendar content from Microsoft® EDB embedded database within Windows® Phone devices. In addition, decryption support is now available for the WhatsApp backup database, identifiable by the .crypt7 backup file extension, which contains chat messages.

The Telegram and Instagram apps are newly supported for both Android and iOS devices. Decoding support for the Waze app is new for Android and updated for iOS devices; Facebook Messenger, Line, QQ, Skype, Twitter, WeChat, and Vkontakte, along with other apps, have been updated for Android and iOS as well.

For a full rundown of device and app support, view our release notes. Cellebrite is also offering a webinar on JTAG decoding and analysis in July. Register for the webinar here!

 

JTAG decoding, bypassing device locks, and link analysis in Cellebrite’s July webinars

webinar_header

Link Analysis: Identify connections between suspects, victims, and others in less time

On July 1, learn how field investigators use UFED Link Analysis to rapidly visualize key relationships between entities and identify the connections and communication methods between multiple mobile devices. Join Cellebrite Forensics Solutions Specialist Lee Papathanasiou for a 60-minute live webinar that details how link analysis methodology:

  • Helps you visualize communication links using multiple mobile devices’ rich data sets, including mutual contacts, calls, SMSs, MMS, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Filters data by time, date, number of contact times, and categories, and drills down to specific events.
  • Pinpoints whether entities were at the same place at the same time.
  • Allows you to share findings with colleagues and other investigators.

The webinar, including a Q&A session, will present real world use case scenarios from a wide range of crime categories. The session will also touch on key practical features of UFED Link Analysis, including timelines, advanced filters, and much more.

Register here for the July 1 webinar on UFED Link Analysis!

Bypassing Locked Devices: Learn How to Tackle One of the Biggest Challenges in Mobile Forensics

Pattern locks and passwords are becoming increasingly sophisticated and hard to crack, even for forensic examiners. Attempting to gain access to a locked device, especially with a complex pattern lock or passcode, is often only possible by using advanced forensic tools and techniques.

Don’t remain locked out from your evidence. Join Cellebrite’s forensic technical director, Yuval Ben-Moshe, for this 45-minute live webinar to learn about the UFED’s unrivaled ability to bypass locked phones without jailbreaking, rooting or flashing. You will learn:

  • Various methods to bypass locked devices, and a live demo of password extractions using the UFED.
  • How to use the extracted password to bypass other devices owned by the same person.
  • Physical extraction while bypassing any type of lock from 470 Android devices, including Cellebrite’s first to market capabilities for Samsung Galaxy S4 family.
  • Bypassing locks from counterfeit devices and phones manufactured in China.
  • How to run a plug-in that reveals pattern locks in Physical Analyzer.

Register here for the July 10 webinar on user lock bypass and extraction!

Automated JTAG Extraction Decoding with UFED Physical Analyzer

The growing popularity of JTAG forensics requires a great deal of resources and investment to obtain raw data stored on the device’s memory chip. It can take many hours for an examiner to transform the raw data into human interpretable evidence.

Cellebrite’s newly introduced decoding capabilities reduce the amount of time examiners have to spend on manually decoding, or carving, the large volume of extracted data. Join Cellebrite’s engineering product manager, Ronen Engler, for a 45-minute session on how you can take advantage of the UFED for JTAG decoding:

  • Easily import the binary file from a JTAG extraction into the UFED Physical Analyzer to draw accurate conclusions and report data.
  • Access this rich set of data to discover common artifacts, such as call logs, SMS, media files, e-mails, chats and locations.
  • Drill down into the binary file’s hex code through advanced search capabilities for finer grained information.
  • Decode the extractions from the widest range of devices, including popular Samsung, HTC, and LG, using a series of automated plug-ins and chains.

Register for the July 24 webinar to learn about Cellebrite’s efficient and cost-effective solution to decode and obtain forensically sound data from previously inaccessible devices.