The UFED Advantage

Cellebrite Advantages & Innovations

The UFED Advantage

      

  

      

 

Introduction

As the number of mobile devices grows, so does the volume and complexity of mobile device data. Rapid and timely deployment of the right mobile forensic tools to extract data quickly has never been more important.

Cellebrite’s trusted technology delivers the most comprehensive mobile forensics extraction and decoding capabilities on the market, supporting more than 20,000 device profiles from all leading smartphone platforms, including Android, iOS, BlackBerry®, and Windows Phone, as well as legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets.

Optimized for both field and lab, Cellebrite’s distinctive range of technological capabilities sets it far apart from any alternative.

Device Support

  • Approximately 10 releases a year.
  • Hundreds of newly supported device profiles are added for each release.
  • Support for new operating system versions frequently added to releases.
  • All supported models are tested by Cellebrite.
    The Cellebrite supported devices list is not based on other sources, and is always verified by tests performed by Cellebrite’s R & D team.

Application Support

  • Cellebrite maintains the widest range of supported apps including deleted data.
  • Cellebrite supports 2,256 app versions (iOS, Android, BlackBerry and Windows phone 8).
  • Cellebrite’s unique decryption solution supports the following 3rd party applications: KeepSafe, WeChat, Snapchat, Line, TextSecure, KakaoTalk, TigerText, Facebook, Wickr and BBM.
  • Cellebrite uses a unique carving algorithm to recover applications data from unallocated space.

Back to top

 

The UFED Extraction Advantage

Physical Extraction Using Bootloader Method with Lock Bypass

Cellebrite was the first in the industry to support physical extraction while bypassing passwords, passcodes, and pattern locks from the widest variety of mobile devices. This capability supports more than 3200 different mobile device types including more than 800 popular Android’s such as Samsung (including prepaid), Motorola, Huawei, LG, HTC, LG and Samsung Smart Watches, Apple, Windows Phone (Nokia Lumia), and more.

Cellebrite’s unique bootloader method enables physical extraction with lock bypass capabilities to support the latest phone firmware running Android 5.x on Samsung Android devices.

Exclusive physical extraction with password bypass for Samsung Android devices (chipsets & models), including:

Exclusive Partial file system extraction while bypassing screen lock for 105 Android Samsung devices, including devices running on Android 6 OS (unique)

Exclusive Physical extraction while bypassing screen lock for 12 Samsung Galaxy S6, S6 Edge and Note running on Android 6 OS

Exclusive physical extraction with password bypass for Motorola Android devices, including:

  • Nvidia Tegra 2: MB867 Milestone X2, MB870 Droid X2, MB860 Atrix 4G
  • TI OMAP 3xxx (3410/3430/3440/3610/3620/3630): MB526 Defy+, XT720 Milestone, A955 Droid 2

Exclusive physical extraction with password bypass for Nokia Lumia Windows Phone 8 devices, including:

  • Lumia 520, 820, 822, 920, 928, 1020
    Since January 2015, Cellebrite is the only vendor in the industry to support physical extraction and decoding of various Nokia Lumia Windows Phone devices running 8.0 and 8.1 operating systems

Physical extraction with password bypass from a wide range of Nokia BB5 devices, including:

  • RAPUv21 chipset running on the following devices: Asha 300 (RM-781), Asha 302 (RM-813), Asha 311 (RM-714), 700 Benji (RM-670), 603 (RM-779)


Exclusive physical extraction while bypassing user lock as well as decoding support for 3 Nokia 105 devices
(RM-1133, RM-1134 and RM-1135)

Exclusive bypassing-lock method that allow physical extraction of more than 140 LG models, including:
• 22 previously-unsupported models, such as the MS3330 and VS880.
• This method additionally allows the removal and restoration of the user screen lock.

Exclusive physical extraction for unlocked (including NAND and NOR memory) BlackBerry 7xxx/8xxx/9xxx devices, including:

  • 9930 Bold, 9800 Torch and 8330 Curve

Exclusive BlackBerry solutions:

  • Bit-for-bit decryption and decoding from BlackBerry devices running OS 4-7.
  • BlackBerry 10 file system extraction, backup acquisition & decryption, including Z10, Z30, Classic & Passport.

Multiple unique temporary rooting solutions, including:

  • Wide range of Android devices running any version up to 4.3 (includes rooted and non-rooted devices).
  • Collection of Android devices running versions up to 5.1.1.

Exclusive physical extraction while bypassing user lock and decoding support for 19 Huawei devices.

Access blocked application data with file system extraction, including devices running Android OS 6:
• Extract data from many popular apps via file system extraction using the new Android backup APK Downgrade method, and gain
access to many popular apps data, including WhatsApp, Facebook, and Facebook Messenger, Line, Telegram, and more.
• Many apps data types are no longer accessible as part of Android backup method, but with this new capability you can overcome this
limitation, providing you access to critical apps data.

Extract, Disable and Re-Enable User Lock Capabilities

  • UFED is the only tool that can disable the pattern lock & PIN lock on more than 400 leading Android devices including Samsung
    Note 2, 3, 4, Galaxy Tab, Galaxy S5, Galaxy Mini; LG G3 & G4; and Nexus 5, enabling users to perform any type of extraction.
  • Disable user lock on more than 50 locked LG Android devices, including D820 Nexus 5
  • iOS unlock capability available for iPhone 4S, 5 and 5C devices running iOS versions 8.0 - 8.4.1
  • A unique user screen lock removal method supporting 137 Samsung devices.
  • Re-enable user lock for hundreds of Android devices
  • Exclusive password extraction for 45 Motorola iDEN Android devices, including: i890, i836, i580, i876, i776, i855.

Extraction and Decoding Capabilities
Enhanced logical extraction for iOS and Android devices – includes file system and apps data. This comprehensive capability enables users to obtain both logical and file system extraction data from a single enhanced logical extraction process.

Nokia BB5 Physical Extraction, File System Reconstruction and Decoding

  • Cellebrite supports bit-for-bit physical extraction while bypassing user lock code from selected Nokia BB5 devices. Using Cellebrite’s proprietary boot loaders, physical extraction is performed on the OneNAND memory chip with USB connection.
  • File system reconstruction and decoding of selected data is enabled for these devices
  • Password extraction is enabled on selected devices

Back to top

 

The UFED Decoding Advantage

Cellebrite’s UFED Physical Analyzer features provide the most advanced decoding capabilities for multiple data types such as:
Deleted data, Applications, Chat, Email, Web Bookmarks (Favorites), Web History, SIM Data, Cookies, Notes, MMS, Instant Messages, Bluetooth Devices, Locations, Journeys, GPS Fixes, Call Logs, SMS, Contacts and more.

Android

  • Revealing the pattern lock from a full flash image
  • Decoding of many installed 3rd party application content – messages, contacts, locations and more
  • Advanced carving for apps data from unallocated space

iOS

  • Decoding of personal content includes: Call logs, Voicemails, Contact lists, Locations, Images, Video files, Text messages, etc.
  • Decoding of many installed application content such as: Skype, WhatsApp, Viber, Fring, MotionX, AIM, TigerText, Facebook Messenger, Twitterrific, Textfree, Google+, Facebook, Foursquare, Waze and more
  • Decrypt and decode data produced by Apple and other sources

BlackBerry

  • BlackBerry 10 file system extraction, backup acquisition and decryption
  • Exclusive bit-for-bit decryption and decoding from BlackBerry devices running OS 4-7
  • Physical extraction is enabled from BlackBerry 7xxx/8xxx/9xxx
 

Chinese Phones

      Decoding of the leading Chinese chipsets (MTK, Spreadtrum and others).

 

Windows Phone

  • Wide range of applications and JTAG decoding.
  • Advanced carving for apps data from unallocated space.

Advanced Decoding

Advanced Verification Tools
Cellebrite provides a unique Highlights Engine which enables users to view multiple encoding types for selected texts and view the exact position for each decoded content entry. This provides full tractability for validation purposes between the analysed and the raw extracted data.

Offline Maps
Cellebrite is the only vendor in the industry to provide a powerful offline map solution that enables users to visualize recovered locations already in the decoding process. This feature is available via UFED Physical Analyzer and UFED Logical Analyzer.

Run Scripts and Chains
Cellebrite provides an Open Advanced wizard that allows the user to run hundreds of scripts and chains; providing unmatched flexibility in decoding forensic images extracted by UFED or 3rd party tools.

 

JTAG Decoding
Cellebrite was the first to add JTAG decoding capabilities. This is the most flexible solution in the industry and is used by those that perform JTAG extractions. Users can decode data from the widest range of prepaid “burner” devices, including decoding for JTAG extractions.

Back to top

 

UFED User Lock Code Recovery Tool Advantage

The UFED User Lock Code Recovery Tool provides solutions for locked devices. The tool supports Android and iOS operating systems, and enables users to access a locked device to reveal the device’s user lock code on-screen.

The UFED Camera detects when the device is unlocked and therefore is a crucial part of the unlocking process.

Supported devices include:
iPhone 4s, 5, 5c and 5s, Samsung Galaxy Note 3, Samsung Galaxy S5 and S4 as well as LG G3, among others.

Back to top

 

The UFED Camera Advantage

Images
Collect evidence by taking pictures or videos of a device.

Screenshots
Validate your results by capturing photographic evidence, or deploy when data cannot be extracted from a device. Capture internal screenshots directly from iOS, Android and BlackBerry® devices.

Back to top

 

The UFED Malware Detection Advantage

Cellebrite was the first in the mobile forensic industry to integrate malware detection technology into its UFED Physical Analyzer, pinpointing whether investigated devices are infected with malware or not.

UFED Physical Analyzer users can perform an on demand search for viruses, spyware, Trojans and other malicious payloads within files extracted as part of physical or file system extractions. Users can also perform on-demand updates of the malware signature database to ensure the latest known malware is included in the automated search process.

Back to top

 

The UFED TomTom Advantage

 

Exclusively decrypt TomTom trip logs, and extract a wide range of data from various portable GPS devices. The trip log files hold complete trip GPS information and thousands of locations, in a resolution of 1 to 5 seconds (depending on the
TomTom device and version). While TomTom decoding does not provide timestamps, Cellebrite’s decryption technology enables the extraction of timestamps from the trip log files. TomTom decryption & decoding supports devices such as Go
950, Go 930, Go 750 and Go 510.

Decoding support for the latest TomTom devices. Supported content types include contacts, calls and locations. TomTom decoding supports devices such as Go 1000 Point Trading, 4CQ01 Go 2505 Mm, 4CT50, 4CR52 Go Live 1015 and 4CS03
Go 2405. TomTom decryption & decoding supports devices such as Go 950, Go 930, Go 750 and Go 510.

 

Back to top

 

The UFED Proprietary Bootloaders Advantage

Cellebrite’s proprietary read-only bootloaders enable forensically sound physical extractions, and are specifically designed for reading the contents of the device’s memory, and sending it back to the UFED system.

By controlling every part of the process, Cellebrite ensures that the bootloading is non-intrusive and that nothing is altered on the device, keeping the data forensically sound. This capability is delivered in proprietary bootloaders that support physical extraction while bypassing locks for mobile devices, which have no alternative solutions. Third-party bootloaders that perform full rooting of the device may carry risks of damaging device data.

Unlike 3rd party boot loaders, Cellebrite’s proprietary bootloaders contain code that is specifically designed to only read the memory chips, not write them, and are thus more flexible, generic, and work with a wider variety of devices, allowing Cellebrite to support more devices than other tools.

Back to top

 

The UFED ANALYSIS Advantage

ANALYSIS AND VALIDATION CAPABILITIES

• Merge multiple extractions in a single unified report for collective analysis and more efficient investigations.
• Original file source validation. Validate the decoded date with the original file source, and reduce the need to use other mobile
forensic tools for validation.