In this episode of Tip Tuesday, Heather Mahalik answers the question ‘If a new version of UFED comes out, do you have to reacquire the device to get all of the information?

It is dependent on the device that is being extracted.

  1. Go into ‘Search Devices’ and ‘Recently Used’.
  2. Choose a device that was previously acquired.

NOTE:

  • If you see ‘Physical’ with a rooted device, there’s a high chance of that happening is slim.

  • If you see ‘File System’, head in, and heck if you can get a full file system extraction using one of the live methods.

  • If you have not acquired the device in a while, check if Smart Flow can assist you.

  • If you see Android backup, APK downgrade, or Advanced Logical upon login, most likely the extraction level of access has not improved.

To check on the level of improvement in access, head into Smart Flow. You will be walked through the best level of access to get a full file system acquisition.

If nothing changed in UFED with the update for the device of interest, what is the impact when it comes to Physical Analyzer?

For Physical Analyzer version 7 or Physical Analyzer Ultra with advanced techniques built-in or additional parsers for parsing artifacts, you can get more information.

In summary, it depends on the device and what is being supported.

Log into the community portal where you can access the list of supported devices and the information you need.

Share this post
How to Parse Single Applications with Digital Forensics Tools in Physical Analyzer View Now