HIGHLIGHTS DEVICE SUPPORT ◼ Partial File System extraction while bypassing screen lock for 105 Samsung Android devices. Note: Requires the device’s MTP to be turned on. This extraction method is recommended for locked devices, in order to unlock the device and gain access to the data. For unlocked devices, use other methods. • For devices running OS up to and including 5.1.1, the following content types may be extracted: SMS, MMS, user accounts, passwords, installed applications, user dictionaries, images/videos and data files. In some cases, the device screen lock PIN or Pattern may be recovered by opening the partial extraction in UFED Physical Analyzer. If available, the information is displayed in the Device Info area. You can use this information to unlock the device and extract additional data by performing other extraction methods, such as Logical, File System or Physical. • For devices running OS 6.x, partial data files (i.e., images and videos) may be recovered. Screen lock information such as PIN or Pattern will not be recovered. ◼ Advanced Logical and File System extraction and decoding support for Apple devices running iOS 10.x beta (limited to unencrypted iTunes backup). APPS SUPPORT ◼ 8 new applications for iOS and Android devices. ◼ Now supporting decoding of call logs for Snapchat application – for both iOS and Android devices. ◼ 527 updated application versions. UFED TOUCH2, UFED TOUCH, UFED 4PC, UFED PHYSICAL ANALYZER, UFED LOGICAL ANALYZER RELEASE NOTES Version 5.2 | August 2016 NOW SUPPORTING DEVICE PROFILES +2,256 APP VERSIONS 20,165 FORENSIC DEVICE PROFILES Logical extraction Physical extraction* File System extraction Extract/disable user lock Total 124 84 109 72 362 v.5.2 8,663 4,528 4,571 2,403 20,165 Total *Including GPS devices The number of unique mobile devices with passcode capabilities is 3,781 SOLVE MORE CRIMES WITH ACCESS TO SUBJECT’S DATA STORED ON APPLE iCLOUD PRODUCTION Decrypt and decode raw data from Apple iCloud production and other tools. Gain access to nearly all data and settings stored on the device, including text messages, call logs, application information, device settings and much more. INTRODUCING UFED TOUCH2 Accelerate Investigations with Digital Insights from Cellebrite’s Next Generation Touch Platform GAIN INSIGHTS FROM THE WORLD’S MOST POPULAR GAME – POKÉMON GO Cellebrite’s latest release now provides support for the game that has gone viral – around the globe. Cellebrite introduces partial File System extraction while bypassing screen lock for 105 Samsung Android devices Version 5.2 introduces physical extraction while bypassing screen lock for 12 Samsung Galaxy S6, S6 Edge and Note 5, now running on Android OS 6
10
Embed
RELEASE NOTES UFED PHYSICAL ANALYZER, Version · PDF fileA decoding issue of SMS messages for Huawei MT7-UL00 Ascend Mate 7 device has been resolved. 4. A decoding issue of SMS messages
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
HIGHLIGHTS
DEVICE SUPPORT
◼ Partial File System extraction while bypassing screen lockfor 105 Samsung Android devices. Note: Requires the device’s MTP to be turned on. This extraction method is recommended for locked devices, in order to unlock the device and gain access to the data. For unlocked devices, use other methods.• For devices running OS up to and including 5.1.1, the
following content types may be extracted: SMS, MMS, user accounts, passwords, installed applications, user dictionaries, images/videos and data files. In some cases, the device screen lock PIN or Pattern may be recovered by opening the partial extraction in UFED Physical Analyzer. If available, the information is displayed in the Device Info area. You can use this information to unlock the device and extract additional data by performing other extraction methods, such as Logical, File System or Physical.
• For devices running OS 6.x, partial data files (i.e., images and videos) may be recovered. Screen lock information such as PIN or Pattern will not be recovered.
◼ Advanced Logical and File System extraction anddecoding support for Apple devices running iOS 10.x beta (limited to unencrypted iTunes backup).
APPS SUPPORT
◼ 8 new applications for iOS and Android devices. ◼ Now supporting decoding of call logs for Snapchat
application – for both iOS and Android devices. ◼ 527 updated application versions.
*Including GPS devicesThe number of unique mobile devices with passcode capabilities is 3,781
SOLVE MORE CRIMES WITH ACCESS TO SUBJECT’S DATA STORED ON APPLE iCLOUD PRODUCTION
Decrypt and decode raw data from Apple iCloud production and other tools. Gain access to nearly all data and settings stored on the device, including text messages, call logs, application information, device settings and much more.
INTRODUCING UFED TOUCH2Accelerate Investigations with Digital Insights from Cellebrite’s Next Generation Touch Platform
GAIN INSIGHTS FROM THE WORLD’S MOST POPULAR GAME – POKÉMON GOCellebrite’s latest release now provides support for the game that has gone viral – around the globe.
Cellebrite introduces partial File System extraction while bypassing screen lock for 105 Samsung Android devices
Version 5.2 introduces physical extraction while bypassing screen lock for 12 Samsung Galaxy S6, S6 Edge and Note 5, now running on Android OS 6
Cellebrite Release Notes | v5.2 | August 2016 | 2
UFED TOUCH2 A Comprehensive, Standalone Mobile Forensics Solution
Built on the industry-proven UFED Touch2 platform, our next generation portable digital forensics solution empowers law enforcement, military, intelligence and e-discovery personnel to speed the capture of critical forensic intelligence and evidence from the widest variety of mobile devices and operating systems. No matter the mission requirements, UFED Touch2 reliably and intuitively extends full logical, physical and file system extraction capabilities where they are needed most – in the field or lab.
EXTRACT DATA FROM BLOCKED APPS (APK DOWNGRADE)Extract data from blocked apps (APK Downgrade) – Following our 5.0 release you now have the ability to access blocked application data via the file system extraction. Version 5.2 now provides the following new capabilities:
◼ Android 6 support - you can now extract app data fromdevices running Android OS 6.
◼ Support for shared data extractions, in addition to “no shared”data, as in previous versions.
◼ Standalone reliability ◼ Closed platform for forensically sound extractions ◼ Unmatched support for the widest range of mobile devices ◼ Proprietary hardware, software and boot loaders ◼ Modern capacitive, high-resolution, multi-touch,intuitive display
◼ HTML report viewer for onscreen viewingof reports ◼ Portable – Integrated battery ◼ All-inclusive field-ready operational kit – smaller,lighter connector tips, external hard drive and more + Field mobility in most environments
UFED TOUCH2 KEY FEATURES
UPDATEUsing multiple hash mechanism increases the extraction time. It is recommended to use SHA-256, a strong hashing signature for data integrity protection. We advise you to turn off the MD5 hashing and use the SHA-256 hashing only.
OUR RECOMMENDATIONS FOR RETRIEVING THE MOST DATA AVAILABLE ON iOS DEVICES
Is the device locked?
Was the unlock successful?
No
No
Yes
Yes
Extract with UFED Ultimate
Extract with UFED Ultimate
Decrypt and decode data provided by Apple with
UFED Ultimate
Extract and decode with
UFED Cloud
Analyzer
Decode with UFED Ultimate
iTunes Backup
iCloud Backup
Unlock with Cellebrite
1
1
4 5
3
2 Advanced Logical, File System and Logical extractions With Cellebrite’s UFED Touch2, UFED Touch, UFED 4PC and UFED Physical Analyzer you can perform Advanced Logical, File System and Logical extractions to extract and decode data from various iOS devices.
Cellebrite’s unique unlocking capabilities With Cellebrite’s UFED and Cellebrite’s CAIS, you can unlock a multitude of Apple devices running various iOS versions.
iTunes Backup decoding When the device is locked, you can decode iTunes Backup using UFED Physical Analyzer. Apple users have a couple of options to back up their devices, using iTunes or using iCloud. iTunes is a local backup of the device, completed when the user connects the device to a trusted PC.
Decrypt and decode data produced by Apple and other sources You can now decrypt and decode encrypted iCloud search warrant data returned from Apple. iCloud is a remote backup of the device stored on Apple servers. If the user decided to back up the information to iCloud, the backup may be initiated when the user is connected to Wi-Fi – anytime and anywhere. The device backup on iCloud contains critical information needed for an investigation.
With UFED Physical Analyzer version 5.2, you can decrypt and decode raw data produced by Apple and other tools, providing you with nearly all the data and settings stored on the device, i.e. text messages, call logs, application information and device settings.
To decode the iCloud Backup data, use Open (Advanced) function--> Select Device-->Select the Apple vendor or search for Apple iCloud (backup) device--> Select the relevant plug-in--> click Next and Finish.
Note: UFED Physical Analyzer supports many different formats of the data produced by Apple (not all formats are supported).
Extract and decode iCloud Backup data With UFED Cloud Analyzer 5.2, you can extract a subject’s device content backup stored on iCloud using the iCloud username and password or login information from a PC.
1
2
3
4
5
Cellebrite Release Notes | v5.2 | August 2016 | 4
◼ Disclose cell towers and wireless network connections –To assist you in tracking a device owner’s connection to cell towers or Wi-Fi networks, you can disclose the duration of such connections. These models now include start and end timestamps.
◼ Observe report’s creation time in reports – The report’screation timestamp is now included in all report formats, allowing you to preserve the exact time you generated a report.
◼ Recognize device owner in chats – When analyzing achat conversation between multiple participants, it may be challenging to figure out the device owner. Version 5.2 now indicates the device owner out of the full list of participants in any chat conversation (both in the UI and reports).
◼ View or hide extraction source information in reports –Customize your report and determine whether or not to include the extraction source type in your report. You now have the ability to hide this information by selecting the hide extraction source indication when generating a new report.
◼ Track list of decoded applications in Trace window –You can now view logs for each decoded app in the trace log, assisting you in tracking the apps decoding progress.
◼ View additional information in the context of device infoelements – Each device info element has a tooltip that provides description, additional info or context.
UFED PHYSICAL ANALYZER AND UFED LOGICAL ANALYZER FUNCTIONALITY
REMINDERWhen merging different extractions in UFED Physical Analyzer, you have the option to configure and include the merged (duplicate) items within your output report.
In the report wizard, there are two settings available:
1) Include merged items (analyzed data).
2) Include merged items (data file).
These two settings are unselected by default, meaning your report output will not include duplicate items. When these settings are selected, your report will include all items including duplicate items. The total numbers of items selected
for the report may change based on these settings.
You may also change the default value of these settings in the general settings.
Cellebrite Release Notes | v5.2 | August 2016 | 5
SOLVED ISSUES
UFED Touch, UFED 4PC1. Better handling of SIM LTE/4G/NFC extractions.
UFED Physical Analyzer, UFED Logical Analyzer1. Several failure issues when opening the UFED Reader
have been resolved.2. An issue with SMS PDU Search in the Hex windows
has been resolved.3. A decoding issue of SMS messages for Huawei MT7-
UL00 Ascend Mate 7 device has been resolved. 4. A decoding issue of SMS messages for LG GB255G
device has been resolved. 5. A decoding issue of SMS messages for Nokia 108
(RM-944) device has been resolved. 6. A decoding issue of deleted SMS messages for Nokia
C3-01.5 RM-776 device has been resolved.7. A decoding issue of BlackBerry Z10 Chip-Off has
been resolved.8. A decoding issue of Nokia Lumia 735 Chip-Off has
been resolved. 9. A decoding issue of emails for Nokia 925.1 device has
been resolved. 10. A decryption failure issue of several files as part of
Advanced Logical extraction is now resolved. 11. A decoding issue of Tango app version 3.21.194837
for Android devices has been resolved. 12. A decoding issue of call logs for Nokia 105 (RM-1133
and RM-1134) has been resolved.13. A decoding issue of KeepSafe app related to folder
names under the file system node in the project tree, has been resolved.
14. A decoding issue of location timestamps in Apple maps has been resolved, now including time zone offset.
15. A decoding issue in Apple maps has been resolved, now including the file source information.
16. A failure issue with opening session files in UFED Reader has been resolved.
17. A decoding issue of Find My iPhone app via Advanced Logical extraction using method 2 has been resolved.
18. A decoding issue of WhatsApp version 2.16.6.6 for iOS devices has been resolved.
19. A decoding issue of missing partitions for Panasonic Chip-off has been resolved.
APP SUPPORT
iOS
ANDROID
Application Type Decoding FeatureAliwangwang Social Network User accountCtrip Chinese Travel User account
Application Type Decoding FeatureAliwangwang Social Network Chats, contacts and user
accountCtrip Chinese Travel User account and
searched itemsGoogle Keep (Native Android app)
Tools Notes
HTC Notes (Native Android app)
Tools Notes
Pokémon Go Game User account and Locations
QuickMemo+ (Native Android app)
Tools Notes
TextMe Up Free Calling & Texts
Communication Chats, contacts and user account
Verizon Messages
Communication SMS
iOS: NEW AND UPDATED APPS2 NEW Apps
240 UPDATED Apps
Any Do 3.5.2, 3.6.1, 3.6.4.8
Ask.FM 3.2, 3.5.2, 3.6, 3.7
Badoo 4.21.0, 4.29.0, 4.31.0
BBM 294.0.0.24
BeeTalk 1.14.0, 1.17.0, 1.18.0
Blendr 4.21.0, 4.29.0, 4.32.0, 4.4.0
Cellebrite Release Notes | v5.2 | August 2016 | 6
Booking.com 11.4, 12.0.2
Chrome 49.0.2623.109, 51.0.2704.64, 51.0.2704.104
Copy 3.4
Ctrip 3.4.4, 4.0.2
Dolphin Browser 9.8.2, 9.10.0, 9.10.2
Don't Touch This 2.6
Dropbox 6.2, 10.2, 11.2
Ebuddy XMS 2.3.7
Endomondo 16.3.1, 16.5.0, 16.6.1
Evernote 7.7.9.316015, 7.12, 7.14.345370, 7.15
Expedia 6.9, 6.10.1, 6.11
Facebook 52.0, 56, 58
Facebook Messenger 64.0, 65, 73, 77
Find My iPhone 4
FireChat 7.3.5, 7.3.8, 7.4.5, 7.5.3
Firefox 3.0, 4
Flipboard 3.3.18, 3.3.21, 3.3.22
Fring 7.0.0.6
Garmin Mobile 3.4, 3.6.0.12, 3.7
Glide 4.8.0, 5.0.0, 5.0.0.14001.42
Go Chat 1.8
Google+ 5.0.108309866.4998
Google Tasks 4.9.1, 4.9.2, 4.9.3
Google Translate 4.4.13869, 5.0.30026, 5.1.0
Google Maps 4.17.0, 4.17.79283, 4.19.84375, 4.20.1
LG GSM K120 K4,K120E K4,K121 K4,410f K10,MS428 K10,MS550 Stylo 2 Plus,K420n K10,K430Y K10,K500N X screen,US550 Logos,D685 Pro Light,H731 G4 Vigor,H961N V10,V935 G Pad II 10.1,A395
Tablets Lenovo Smart Tab II 10, Pendo PP4MT-7 Pad 7, Samsung SM-T113 Galaxy Tab 3 Lite 7.0, Google C1502W Pixel C, VDF 1100 Tab Mini 7, VF-1397 Smart Tab 4G, V935 G Pad II 10.1, Smart Tab 3G
VIVO PD1415D X6D
Vodafone VDF 300 Smart Mini 7, VDF 600 Smart Prime 7, VFD 700 Smart Ultra 7, VFD 900 Smart Platinum 7, VF-696 Smart grant, Smart Tab 3G, VF-1296 Tab Grand 6, VDF 1100 Tab Mini 7, VF-1397 Smart Tab 4G