How To Use The Open Advanced Feature In Cellebrite Physical Analyzer
In this episode, I’m going to show you an open advanced feature.
I go to File, Open Case, Load Evidence, Add Open Advanced, and I choose Select Device.
Now what I’m about to show you can be done for iOS, Android, and really any phone you want. I’m going to choose Apple, and then I’m just going to quickly type iTunes in the quick filter.
You’ll see there’s that little chain icon there, so I’m going to choose this and then I’m going to choose file system because I want to load an actual TAR file. Maybe you have a premium extraction, a gray key extraction, or some kind of TAR file that you want to load. The important step here is that you can switch your chain or you can customize it.
I choose a customized chain, and the program tells us what it’s going to do. You can always click on add.
Now let’s say you want to make sure it’s going to run across native databases, so I type database. I go down to iPhone databases and have it load that.
If I wanted to ensure it was going to parse SMS, you could start typing. And, as you find something that you want, you could say, I want to make sure it’s going to run the locations carver, or it’s going to do SMS, or there are even these ones where it converts state timestamps and so on.
So, as you choose what you want and you’re ready to go, you press okay, you navigate to your zip archive and you press next. Again, I’m showing you this on iOS devices and I chose backup even though it is a zip archive, a full file system extraction.
You can do this for Android and for iOS. Enjoy it and try it out, and take your investigation into your own hands. And don’t be afraid to dive in a little bit deeper than typically expected.
Watch the full episode to learn more.