XRY 6.2 RELEASE NOTES RELEASE DATE: W/C 19 TH MARCH 2012 NOW WITH 6,608 DEVICE PROFILES SUPPORTED Box 3053, SE-169 03 Solna, Sweden | Visiting address: Råsundavägen 1–3, Solna Phone: +46 (0)8-739 02 70 | Fax: +46 (0)8-730 01 70 | [email protected] | msab.com >> iOS Physical iPhone physical support iPhone passcode bypass iTunes encrypted backup file support Decode app data from dumps >> Android Physical Built-in rooting of Android devices Decode Pattern lock and PIN codes >> Chinese Clones Physical Dumping and Decoding of 70 new phones >> CDMA Physical File System Physical Decoding on CDMA handsets >> Blackberry Physical Physical Dump of User Partition Memory >> Palm/HP Physical Dumping and decoding of webOS based handsets >> iDEN Physical Improved dumping support for iDEN handsets >> 109 new devices in XRY Logical including 17 CDMA models >> 172 new devices in XRY Physical Dumping including 5 GPS devices >> 137 new devices in XRY Physical Decoding – 80% supported devices >> 141 new devices in Security Code Only >> 70 new Chinese clones in XRY Physical >> 3 new XRY Physical cables >> Integrated SQLite database viewer >> Enhanced smartphone app support >> Added support for Select all from “Find Results” >> Added quick access toolbar >> Ability to launch media files larger than 1GB >> New report language: Indonesian >> Languages in main interface: Chinese (simplified), French, German, Spanish, Swedish >> XRY Logical 109 3,319 >> XRY Physical Dumping 172 1,321 >> XRY Physical Decoding 137 1,057 >> Security Code Only 141 384 >> Smartphone Apps 11 65 >> XRY Untested 26 462 >> Total 596 6,608 Forensic Method v6.2 Total WHAT’S NEW IN THIS RELEASE? NEW DEVICE SUPPORT SUMMARY NEW FEATURES IN THIS RELEASE “PHYSICAL RELEASE” DELIVERING ON OUR PROMISES iPHONE PASSCODE AND PHYSICAL We have added support for iPhone passcode extraction. Using XRY you can now calculate the four digit unlock code. It will also be possible in v6.2 to per- form an extrac- tion of an encrypt- ed iTunes backup file. Finally you can now also perform a physical dump and decryption on most iOS devices to ensure you have access to the best possible support levels in XRY. VERSION 6.2
6
Embed
Release daTe: w/c 19Th maRch 2012 XRY 6 · PDF filePhone: +46 (0)8-739 02 70| Fax: +46 (0)8-730 01 70 ... the four digit unlock code. be possible in v6.2 to per- ... i576 i58sr i605
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
>> iOS Physical iPhone physical support iPhone passcode bypass iTunes encrypted backup file support Decode app data from dumps>> Android Physical Built-in rooting of Android devices Decode Pattern lock and PIN codes >> Chinese Clones Physical Dumping and Decoding of 70 new phones>> CDMA Physical File System Physical Decoding on CDMA handsets>> Blackberry Physical Physical Dump of User Partition Memory>> Palm/HP Physical Dumping and decoding of webOS based handsets>> iDEN Physical Improved dumping support for iDEN handsets
>> 109 new devices in XRY Logical including 17 CDMA models>> 172 new devices in XRY Physical Dumping including 5 GPS devices>> 137 new devices in XRY Physical Decoding – 80% supported devices>> 141 new devices in Security Code Only>> 70 new Chinese clones in XRY Physical>> 3 new XRY Physical cables
>> Integrated SQLite database viewer>> Enhanced smartphone app support>> Added support for Select all from “Find Results”>> Added quick access toolbar>> Ability to launch media files larger than 1GB>> New report language: Indonesian>> Languages in main interface: Chinese (simplified),
iphone passcoDe anD physicaLWe have added support for
iPhone passcode extraction. Using XRY you can
now calculate the four digit unlock code.
It will also be possible
in v6.2 to per-form an extrac-
tion of an encrypt-ed iTunes backup file.
Finally you can now also perform a physical dump
and decryption on most iOS devices to ensure you have access to the best possible
support levels in XRY.
VERSION 6.2
xry vErSiON 6.2 | RELE A SE NOTES
anDRoiD patteRn Lock DecoDingWe have built-in automatic rooting for Android in this release of XRY to replace the reliance on 3rd party software down-loaded off the Internet.
We have also added ‘pattern lock’ decoding in v6.2. The pattern can be decoded when extracting a rooted device and when decoding a dumped Android. The pattern lock will be shown in the log file.
Please note that pattern lock decoding is possible only if USB-debugging is turned on.
Regression testing for smartphone appsif you thought doing mobile forensics was challeng-ing, wait until you see how difficult smartphone app support can be! When a new mobile device is manu-factured the hardware stays fixed and so support is usually a one-time validation process.
But this is not the case with smartphone apps. the software manufacturers are changing their software versions all the time. so whilst you can claim support for one version of an app – it won’t be long before it’s out of date.
Rest assured we take the same processes to forensic validation of apps as we do for devices. so with every new release we update the help files in XRy to show precisely what apps are supported for what operating systems and just as importantly what version of the app.
if you find a forensic tool is claiming support for an app, but then does not recover the data you were expecting – it is highly likely that the version of the app software is not supported. For v6.2 XRy alone we have had to revisit 10 apps to ensure they are kept up to date with latest software updates.
DiD you knoW? chinese cLonesIn this release we have delivered physical support for 70 “veri-fied” new china clone devices. That means we actually tested the phones ourselves.
Unlike more expensive solutions, dependent on 3rd party hardware, this is all included free of charge within our stand-ard XRY license. There is no requirement to purchase another piece of kit, China Clone support will be treated exactly the same as all other devices in that we will continue to increase support levels with each new release.
tRainingWe have a new 3 day Smartphone Training Course available. This course is designed to give you experience of using all the new features in v6.2 and help you understand modern smart-phone and tablet technology. The course teaches you how to extract the most out of a modern smartphone using XRY. Understanding the common file systems and techniques re-quired to process data from smartphone apps.
The increasing dominance of smartphones means that mod-ern phone examiners must be up to date. Understanding what can be recovered from which device, using which method is a complex business and this is your opportunity to learn from the manufacturer. For more information, visit our website: www.msab.com/training/smartphone-training
BLackBeRRyyou can now recover deleted pictures and information from the user partition area of the handset memory on many Blackberry devices in this version. support is limited but getting back that essential deleted picture is now a possibility.
xry vErSiON 6.2 | RELE A SE NOTES
>> Android – Extract Wi-Fi networks – including passwords – Extract Bluetooth address to general info – New Apps: eBuddy Messenger, Google+, Messenger
WithYou, QQ, Renren, Sina UC, Touch (former PingChat!)>> iPhone – New Apps: Facebook Messenger, Google+, Sina Weibo,
Touch (former PingChat!) – Improvements in existing app support for 10 apps>> BlackBerry – Improved app support for BlackBerry Messenger
>> iOS: Physical support*, passcode bypass*, added option for examining encrypted iTunes backup files if the password is available.
>> Android/iOS: Decode app data from physical dumps>> Android: Decode “pattern lock” and PIN codes (up to 4 digits) on
locked devices if USB debugging is enabled>> Dumping and decoding 70 new China Clones>> Dumping and decoding of webOS based handsets from hP/Palm>> File system decoding on CDMA handsets>> Samsung GT-E series: Dumping and decoding of file system and SMS>> Improved dumping support of iDEN handsets
>> RJ45 micro 1>> RJ45 micro 2>> RJ45 Mini 1
New FeATures iN XrY PHYsicAL New cABLes iN XrY PHYsicAL
*iPhone 3GS, 4 CDMA, 4 GSM, iPod touch 3G and 4 and iPad 1 are supported.
xry vErSiON 6.2 | RELE A SE NOTES
Don’t forget to register your license. By registering your license you ensure that you receive new information about XrY software updates and new cables free of charge: www.msab.com/licreg