To Add Sysdiagnose into Cellebrite Physical Analyzer, following these steps:

  1. Extract the gzip file to create a simple TAR file to load into Cellebrite Physical Analyzer.

  2. Open a case.

  3. Under “Add”, go to “Open Advanced” and start a blank project.

  4. Choose your zip archive, open it, and start to examine data.

The tool will then quickly process this archive file. Under the “Analyzed Data” section, you will be able to see all the configurations that are parsed for your data.

Additionally, you will see databases of interest, text files, and multiple other categories. From here, you have access to the entire file system. You can export files of interest and run them against scripts, using these log files to help you along in the investigation process. 

Share this post