OK, I know this sounds cliché, but queue the violins because I’m going to say it anyway, “Examiners have a tough job.” Think about it. Mobile-device technologies are advancing at such a fast pace, it seems like new devices and applications are being introduced faster than you can say “encryption.”

And even if you keep your skills honed to a fine edge through training, webinars, and the like, there are still times when you know there’s additional evidence there, but you just can’t seem to put your finger on it.

Encryptions may bar the door or you may be restricted by law as to which types of evidence you can access. Time-sensitive cases involving abductions or child sexual exploitation may require you to grab as much evidence as you can; as fast as you can. And what about those days when you need to appear in court, knowing that the judge you’re presenting to may require a lot of hand-holding to help them understand what the evidence is and how you obtained it?

You need a solution that can help you act fast and present evidence coherently.

A Solution for Fast-Movers

For those who follow us online regularly, you know that Cellebrite offers multiple ways to acquire data; from selective extraction to logical, physical, and full-file-system extractions. For the novice user, it may be a quick copy or screen capture. For certain unsupported applications it maybe APK downgrade, the Virtual Analyzer Android Emulator and many innovative capabilities that Cellebrite has introduced the past year.

Having all these solutions at your fingertips is important, but you probably encounter cases where these powerful and comprehensive extraction methods are less practical. It might be because a witness is sharing the data and you want to minimize the time of seizure. It might be due to search warrant restrictions or other operational needs that may require you to collect the data faster and in a selective manner.

We believe you need a full toolkit of collection methods that allows you to perform everything from a comprehensive device extraction to cherry-picking a single file or chat.

Drum roll, please…Cellebrite is now introducing a new acquisition method that will make your tool kit complete. It’s a consent-based, selective data collection for 3rd-party application data called “Chat Capture.”  

Chat Capture is a new collection method that will automatically grab screenshots from any Android device.  You may use it when you need to take a snapshot of a specific chat conversation, social app feed, or when other methods are not available due to time or operational restrictions.

The data captured with Chat Capture is indexed and can be easily analyzed by applying text-search, filters, tags, and more.

Two Ways to Capture Snapshots

In the current Cellebrite UFED and Cellebrite Responder versions, we provide two Chat Capture modes:

By App: This is a fully automated flow for select applications. With the recent Cellebrite UFED and Cellebrite 7.40 release, WhatsApp and Signal are supported. We are already working to enable support for more popular applications in the upcoming versions.

For the WhatsApp app, Cellebrite UFED will allow you to select the app (if installed on the device), select a designated time frame, and it will present a list of conversations. All you need to do is select the relevant chat conversations and let UFED do the rest. The Chat Capture capability will crawl the app and automatically capture screenshots.

UFED will capture the relevant chats and information about the chat participants such as their profile picture, name, phone number, and more.

Generic Mode: This method allows you to capture data from any other application that is not in the specific app list. For example, if you wish to capture a conversation on the TikTok app, you can navigate to the relevant screen on the mobile device and let UFED automatically scroll and capture screenshots. And you can stop the capturing process at any point. 

The captured screenshots can be viewed and analyzed in Cellebrite Physical Analyzer, Cellebrite Reader or in the Cellebrite Responder viewer under the “Images” model.

Text Searches Made Easy

You will be able to perform a text search on the captured screens as well. Many popular apps—Twitter, Telegram, Instagram, TikTok, SnapChat, Wicker, Skype, -will allow this functionality. However, the text-search option depends on the application where the screens were captured.

Check out the Chat Capture capability and share with us your feedback!

Share this post