Episode 12: iBeg to DFIR – Exploring Cellebrite Physical Analyzer’s Chat Capture Feature
In this episode, we will be discussing the new and powerful feature in Cellebrite Physical Analyzer called “Chat Capture”—what this feature is, how it works, and what can be done with it.
What is Chat Capture?
Chat Capture is a feature that is included in UFED and Cellebrite Responder for Android devices. It enables you to take automatic screenshots to capture chats anywhere on the device, regardless of whether you have a full file system extraction or not. It also makes the data searchable. As certain types of data collection can be more difficult depending on the device and the security level, this tool helps bridge that gap to make data more easily accessible.
How Does it Work?
The connection is through the phone as usual. You have the capability to pick the time you want to set it to, pick specific people to collect the data, or even use generic options. From there Chat Capture creates a ufd file that can be very easily loaded to Physical Analyzer and added to reports.
Why use it?
Sometimes it’s not possible to get access to a physical extraction and you may be stuck with an advanced logical extraction. As Android devices advance, it is becoming more and more difficult to get the necessary data without the use of advanced tools. Chat Capture bridges that gap and helps provide hard-to-obtain data.
Key Points Addressed
- Android only (for now)
- Two methods for data collection — generic and app-specific
- Works in Cellebrite UFED, UFED 4PC, UFED Touch, and Responder
- Parsed in Cellebrite Physical Analyzer
- Function available for models 740 or later
Listen to the full episode to hear more tips and tricks for using this amazing new Chat Capture feature, see a live demo, and hear answers to common questions.