Physical extraction & decoding, decryption breakthroughs headline UFED 4.1 release

With the release of UFED 4.1 and UFED Physical Analyzer 4.1.1, Cellebrite kicks off 2015 with breakthrough capabilities designed to solve some of investigators’ most challenging problems: Windows Phone 8, Jelly Bean/KitKat, and prepaid device extractions, as well as WhatsApp database encryption.

Physical extraction & decoding for Nokia Lumia, Android 4.2-4.4.3

Investigators who encounter Nokia Lumia devices can now circumvent the need for JTAG processes to bypass user locks and retrieve deleted data. Although Microsoft announced late last year that it will produce all Lumia models going forward, Nokia sold 17 million Lumia devices in 2013, and 90% of Windows Phone users own Lumia devices. With that in mind, UFED now supports user lock bypass, physical extraction and decoding of many of the most popular Lumia models, including 810, 820, 920, and others based on Windows Phone 8.0 and 8.1 operating systems.

New physical and file system extraction and decoding, along with improved password unlocking and extraction, is also available for Android devices running OS 4.2 (Jelly Bean) through 4.4.3 (KitKat). Devices such as the Samsung Galaxy series (S5, Nexus, Note 3, S3 Mini etc.) along with other leading vendors and models including LG, Motorola, and Sony are included in this release.

Prepaid device support for Tracfone, Samsung E1200R

Also solved: prepaid Android devices with locked or damaged ports, in particular Tracfone models popular in North America. Unlike other prepaid models that can be extracted using “paid” profile equivalents, Tracfone models do not have USB ports, and investigators could not get critical evidence. Cellebrite now offers an option to load a client over these devices’ Bluetooth connection, so that investigators can perform logical extractions.

New physical extraction and decoding support is now available for the internationally popular “burner” Samsung E1200R feature phone.

WhatsApp database decryption

Cellebrite’s first-of-the-year breakthroughs aren’t limited to extraction and decoding. We’re also introducing decryption for WhatsApp’s newly encrypted chat history database. For databases using the .crypt8 file extension, UFED Physical Analyzer 4.1.1 decrypts full content from WhatsApp, one of the world’s most popular messaging apps with 700 million monthly active users as of January 2015.

An easier-to-use interface

Rounding out Cellebrite’s update this month is a new, better organized home screen, which now groups extraction tools and other utilities into distinct areas. Users can now opt to extract a mobile device, SIM card, or USB device; operate UFED Camera; or access UFED device tools, rather than have to search for these capabilities within the pool of vendor icons.

Additionally, a new search screen supports three device identification methods: a simpler auto detect, a free text global device search, and a manual device search similar to the previous home screen (selecting vendor followed by model). The new interface offers better accuracy for investigators who need to search on an exact model number rather than, say, “iPhone 5.”

Learn more about UFED 4.1 and UFED Physical Analyzer 4.1.1 – download the release notes here!

UFED 1.8.5.0: Double the Android devices supported for physical extraction

Our first update of 2013 offers something a lot of our clients have been awaiting for a long time: user lock bypass enabling physical extraction on HTC and Motorola devices. The new capability adds 109 Android™ models to our list—more than double what we previously offered via bypass methods.

To be more precise, we’ve added this capability to 66 HTC and 35 Motorola devices, including HTC’s Evo, Incredible, Wildfire and Desire models along with Motorola’s Milestone, Droid Razr and Razr Maxx. (A full listing is available in our release notes, downloadable here.)

We’ve also extended our Samsung Galaxy series user lock bypass method from the Galaxy S and S2 to the Galaxy S3 (international model GT-i9300) and Galaxy Note II. This capability is available on the UFED Touch Ultimate, although the UFED Classic still supports physical and file system extraction on unlocked Galaxy S3 and Note II.

The new support relies on our well-known proprietary user lock bypass methods, which work even when USB debugging is disabled. These methods provide the deep access to mobile devices that forensic examiners need to complete their extractions of existing, hidden and deleted data. User lock bypass is now supported on a total of 229 Android smartphone models.

Additional extraction support

We’re also pleased to report that we now support physical, file system and logical extraction for Apple devices running iOS 6.1, which was released only last week. Our physical and file system extractions support iPhone 3GS/4 and iPod Touch 4G devices, and include decoding, simple and complex passcode bypass, simple passcode recovery, and real-time decryption. (Note: To get this capability, you must update the new EPR via the UFED Physical Analyzer.)

Our file system and logical extractions support iPhone 3GS/4/4S/5, iPad2/3/4/mini, and iPod Touch 4G/5G.

Finally, we now support file system extraction from any device—Nokia, HTC, Samsung, Huawei and ZTE—running Windows Phone 7.5 and 8. Extract existing and deleted data from these devices via the “File system > smartphones” in the UFED menu.

Get your UFED update at my.cellebrite.com! (Not a user? Visit us at ufedseries.com to learn more!)