Webinars | On Demand
Cellebrite Solutions – 2022 Summary
December’s here – and we are going to review Cellebrite solutions this year just in case you missed some of them!
There have been many updates to our solutions and new features added this year. So, please join our support team as they review and summarise everything new that happened in 2022.
Topics to be discussed:
- Mobile Forensics Solutions Updates in 2022
- Computer Forensics Solutions Update in 2022
- FAQ, Q&A – Scroll down to view the answered questions
Speakers
-
Corrine Hoo Technical Customer Support Engineer
-
Thasneem Marecar Technical Customer Support Engineer
-
Fit Talhah Technical Leader
-
Frederick Huang Technical Customer Support Manager
FAQ: Cellebrite Solutions – 2022 Summary
Where can I find and use the Universal Live Android consent-based capability in device profiles?
Universal Live Android consent-based capability is added exclusively to Smart Flow, and it's not available in device profiles. We received lots of feedback from our customers which helped them to resolve many cases, and to extract a number of devices that weren’t able to be extracted in the past.
This feature is implemented exclusively with Smart Flow. UFED will help you find the best way to access a device, and then this capability will be utilized. UFED will display the available options for your extraction and collections.
In what scenario should I consider using Smart Flow rather than device profiles?
When you are handling unlocked Android devices, with access to the USB debugging option, and you want to perform Physical/Full File System/Selective extractions, then Smart Flow is the best option. Only after a few unsuccessful attempts with Smart Flow might you go back to using the device profile. The keywords here are: Android, unlocked, USB debugging
When is the best time for me to switch to PA Ultra instead of PA?
Start using PA Ultra as soon as possible. That doesn't mean you have to stop using Physical Analyzer (PA). We developed the possibility of allowing users to use PA and PA Ultra on the same computer. These two applications can share the same license, so you can run both at the same time. When you require certain features in your daily operations that are still under development in PA Ultra, continue to use PA and refer to the release notes for feature updates of PA Ultra.
How does Android Keystore impact forensic operations?
Application vendors are trying to make data more difficult to extract, and Android Keystore is being used by some of them. Android Keystore is actually an Android security mechanism from Google, and it allows applications to store their encryption key in a secure container. At the same time, they're able to keep the key accessible by the application itself. Once the key is inside the Keystore, it’s more difficult to get it out and utilize it. In the release in 2022, we managed to implement something at the UFED level, and we are able to extract the required data in order to decrypt such applications.
Where can I access the upgraded capabilities in multiple live extraction methods in UFED?
The upgraded capabilities deployed to multiple live extraction methods are transparent to users. When users choose to use either Smart Flow or live extraction methods from profiles, upgraded capabilities will be attempted automatically without needing user input.
Can Smart Flow work on locked devices?
The answer is no because it is for unlocked devices not locked phones, and not for iOS either. As mentioned in the FAQ, there are some keywords that we need to search for before using Smart Flow. These are: Android, unlock, and USB packet.
If I don't use Smart Flow, what am I missing?
Sometimes it's not easy to ask our users to change what they have been used to doing. Many experienced users have been using the extraction method for many years, and most of them probably think this is the best way to work easily and will continue to do so. However, in this latest release, we have the universal engine concept-based extraction method which is only available inside Smart Flow. This is a very powerful extraction method that will help you with a lot of device extractions that you would not have been able to extract in the past. If users continue only using the device profile and do not go to Smart Flow, they might not be able to overcome challenges.
In the past, when I used Physical Analyzer, when I needed to save my job and close PA I created a PS file and there was a procedure for when I needed to re-open and continue my job. But when I started using PA Ultra, I found that there's no way to save the PS file.
The answer is that in PA Ultra, there's no requirement to save the jobs you have done. It uses the technology of the database, so whatever you do it will be automatically saved within the database and you don't need to do additional saving. When you want to resume a case, you are able to open the PA Ultra and you will come back to where you left off. As simple as that.
Loading a data thumb is much faster in PA Ultra than in PA. What is the reason for that?
In PA 7, the decoded data is stored in the computer memory. When data is stored in memory, it can be easily lost if you power off the computer or close the application. However, PA Ultra uses the database, so it saves the data to the hard disk which is much safer.
If I don’t have a successful extraction in the Smart Flow, can I still go back to use the device profile?
We didn't remove the device profile from UFED on the latest version. We kept them because we understood users might stick with the old method or might want to do logical extractions. We didn't move the profiles and they are still available.
This is why we recommend you firstly to try to use the Smart Flow in case it failed, and we recommend you attempt it three times. If it fails, then you can go back to the device profile or open the case and send us the info so we can understand what happened to the device and see if we are able to assist you.