The UFED Advantage
As the number of mobile devices grows, so does the volume and complexity of mobile device data. Rapid and timely deployment of the right mobile forensic tools to extract data quickly has never been more important.
Cellebrite’s trusted technology delivers the most comprehensive mobile forensics extraction and decoding capabilities on the market, supporting more than 20,000 device profiles from all leading smartphone platforms, including Android, iOS, BlackBerry®, and Windows Phone, as well as legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets.
Optimized for both field and lab, Cellebrite’s distinctive range of technological capabilities sets it far apart from any alternative.
- Approximately 10 releases a year.
- Hundreds of newly supported device profiles are added for each release.
- Support for new operating system versions frequently added to releases.
- All supported models are tested by Cellebrite.
The Cellebrite supported devices list is not based on other sources, and is always verified by tests performed by Cellebrite’s R & D team.
- Cellebrite maintains the widest range of supported apps including deleted data.
- Cellebrite supports 2,256 app versions (iOS, Android, BlackBerry and Windows phone 8).
- Cellebrite’s unique decryption solution supports the following 3rd party applications: KeepSafe, WeChat, Snapchat, Line, TextSecure, KakaoTalk, TigerText, Facebook, Wickr and BBM.
- Cellebrite uses a unique carving algorithm to recover applications data from unallocated space.
The UFED Extraction Advantage
Physical Extraction Using Bootloader Method with Lock Bypass
Cellebrite was the first in the industry to support physical extraction while bypassing passwords, passcodes, and pattern locks from the widest variety of mobile devices. This capability supports more than 3200 different mobile device types including more than 800 popular Android’s such as Samsung (including prepaid), Motorola, Huawei, LG, HTC, LG and Samsung Smart Watches, Apple, Windows Phone (Nokia Lumia), and more.
Cellebrite’s unique bootloader method enables physical extraction with lock bypass capabilities to support the latest phone firmware running Android 5.x on Samsung Android devices.
Exclusive physical extraction with password bypass for Samsung Android devices (chipsets & models), including:
Exclusive Partial file system extraction while bypassing screen lock for 105 Android Samsung devices, including devices running on Android 6 OS (unique)
Exclusive Physical extraction while bypassing screen lock for 12 Samsung Galaxy S6, S6 Edge and Note running on Android 6 OS
Exclusive physical extraction with password bypass for Motorola Android devices, including:
- Nvidia Tegra 2: MB867 Milestone X2, MB870 Droid X2, MB860 Atrix 4G
- TI OMAP 3xxx (3410/3430/3440/3610/3620/3630): MB526 Defy+, XT720 Milestone, A955 Droid 2
Exclusive physical extraction with password bypass for Nokia Lumia Windows Phone 8 devices, including:
- Lumia 520, 820, 822, 920, 928, 1020
Since January 2015, Cellebrite is the only vendor in the industry to support physical extraction and decoding of various Nokia Lumia Windows Phone devices running 8.0 and 8.1 operating systems
Physical extraction with password bypass from a wide range of Nokia BB5 devices, including:
- RAPUv21 chipset running on the following devices: Asha 300 (RM-781), Asha 302 (RM-813), Asha 311 (RM-714), 700 Benji (RM-670), 603 (RM-779)
Exclusive physical extraction while bypassing user lock as well as decoding support for 3 Nokia 105 devices
(RM-1133, RM-1134 and RM-1135)
Exclusive bypassing-lock method that allow physical extraction of more than 140 LG models, including:
• 22 previously-unsupported models, such as the MS3330 and VS880.
• This method additionally allows the removal and restoration of the user screen lock.
Exclusive physical extraction for unlocked (including NAND and NOR memory) BlackBerry 7xxx/8xxx/9xxx devices, including:
- 9930 Bold, 9800 Torch and 8330 Curve
Exclusive BlackBerry solutions:
- Bit-for-bit decryption and decoding from BlackBerry devices running OS 4-7.
- BlackBerry 10 file system extraction, backup acquisition & decryption, including Z10, Z30, Classic & Passport.
Multiple unique temporary rooting solutions, including:
- Wide range of Android devices running any version up to 4.3 (includes rooted and non-rooted devices).
- Collection of Android devices running versions up to 5.1.1.
Exclusive physical extraction while bypassing user lock and decoding support for 19 Huawei devices.
Access blocked application data with file system extraction, including devices running Android OS 6:
• Extract data from many popular apps via file system extraction using the new Android backup APK Downgrade method, and gain
access to many popular apps data, including WhatsApp, Facebook, and Facebook Messenger, Line, Telegram, and more.
• Many apps data types are no longer accessible as part of Android backup method, but with this new capability you can overcome this
limitation, providing you access to critical apps data.
Extract, Disable and Re-Enable User Lock Capabilities
- UFED is the only tool that can disable the pattern lock & PIN lock on more than 400 leading Android devices including Samsung
Note 2, 3, 4, Galaxy Tab, Galaxy S5, Galaxy Mini; LG G3 & G4; and Nexus 5, enabling users to perform any type of extraction.
- Disable user lock on more than 50 locked LG Android devices, including D820 Nexus 5
- iOS unlock capability available for iPhone 4S, 5 and 5C devices running iOS versions 8.0 - 8.4.1
- A unique user screen lock removal method supporting 137 Samsung devices.
- Re-enable user lock for hundreds of Android devices
- Exclusive password extraction for 45 Motorola iDEN Android devices, including: i890, i836, i580, i876, i776, i855.
Extraction and Decoding Capabilities
Enhanced logical extraction for iOS and Android devices – includes file system and apps data. This comprehensive capability enables users to obtain both logical and file system extraction data from a single enhanced logical extraction process.
Nokia BB5 Physical Extraction, File System Reconstruction and Decoding
- Cellebrite supports bit-for-bit physical extraction while bypassing user lock code from selected Nokia BB5 devices. Using Cellebrite’s proprietary boot loaders, physical extraction is performed on the OneNAND memory chip with USB connection.
- File system reconstruction and decoding of selected data is enabled for these devices
- Password extraction is enabled on selected devices
The UFED Decoding Advantage
Cellebrite’s UFED Physical Analyzer features provide the most advanced decoding capabilities for multiple data types such as:
Deleted data, Applications, Chat, Email, Web Bookmarks (Favorites), Web History, SIM Data, Cookies, Notes, MMS, Instant Messages, Bluetooth Devices, Locations, Journeys, GPS Fixes, Call Logs, SMS, Contacts and more.
Decoding of the leading Chinese chipsets (MTK, Spreadtrum and others).
Advanced Verification Tools
Cellebrite provides a unique Highlights Engine which enables users to view multiple encoding types for selected texts and view the exact position for each decoded content entry. This provides full tractability for validation purposes between the analysed and the raw extracted data.
Cellebrite is the only vendor in the industry to provide a powerful offline map solution that enables users to visualize recovered locations already in the decoding process. This feature is available via UFED Physical Analyzer and UFED Logical Analyzer.
Run Scripts and Chains
Cellebrite provides an Open Advanced wizard that allows the user to run hundreds of scripts and chains; providing unmatched flexibility in decoding forensic images extracted by UFED or 3rd party tools.
Cellebrite was the first to add JTAG decoding capabilities. This is the most flexible solution in the industry and is used by those that perform JTAG extractions. Users can decode data from the widest range of prepaid “burner” devices, including decoding for JTAG extractions.
The UFED User Lock Code Recovery Tool provides solutions for locked devices. The tool supports Android and iOS operating systems, and enables users to access a locked device to reveal the device’s user lock code on-screen.
Supported devices include:
iPhone 4s, 5, 5c and 5s, Samsung Galaxy Note 3, Samsung Galaxy S5 and S4 as well as LG G3, among others.
The UFED Camera Advantage
Collect evidence by taking pictures or videos of a device.
Validate your results by capturing photographic evidence, or deploy when data cannot be extracted from a device. Capture internal screenshots directly from iOS, Android and BlackBerry® devices.
The UFED Malware Detection Advantage
Cellebrite was the first in the mobile forensic industry to integrate malware detection technology into its UFED Physical Analyzer, pinpointing whether investigated devices are infected with malware or not.
UFED Physical Analyzer users can perform an on demand search for viruses, spyware, Trojans and other malicious payloads within files extracted as part of physical or file system extractions. Users can also perform on-demand updates of the malware signature database to ensure the latest known malware is included in the automated search process.
The UFED Proprietary Bootloaders Advantage
Cellebrite’s proprietary read-only bootloaders enable forensically sound physical extractions, and are specifically designed for reading the contents of the device’s memory, and sending it back to the UFED system.
By controlling every part of the process, Cellebrite ensures that the bootloading is non-intrusive and that nothing is altered on the device, keeping the data forensically sound. This capability is delivered in proprietary bootloaders that support physical extraction while bypassing locks for mobile devices, which have no alternative solutions. Third-party bootloaders that perform full rooting of the device may carry risks of damaging device data.
Unlike 3rd party boot loaders, Cellebrite’s proprietary bootloaders contain code that is specifically designed to only read the memory chips, not write them, and are thus more flexible, generic, and work with a wider variety of devices, allowing Cellebrite to support more devices than other tools.
The UFED ANALYSIS Advantage
• Merge multiple extractions in a single unified report for collective analysis and more efficient investigations.
• Original file source validation. Validate the decoded date with the original file source, and reduce the need to use other mobile
forensic tools for validation.