Cellebrite released many updates to its digital intelligence and forensics solutions in 2022. This blog is a continuation of:

Enhanced User Experience

UFED now has its release notes available in its UI. It can be easily accessed by clicking on the question mark at the top of the page. The release notes are designed to help you understand the new features in each version. The next enhancement in UFED will enable you to stop an Android file system extraction halfway through and save the partial extraction data.

UFED – Mobile Device Forensics – Source: Cellebrite

The partial extraction can be opened in Physical Analyzer, and there will be a message in Physical Analyzer stating the extraction is partial and was stopped by the user. However, it will not be applied for the Android backup and APK downgrade extraction methods.

PA Ultra

It was released via the design partners in the initial phases, and we have continuously enhanced it based on feedback and suggestions received from this program. We have released them to all PA users.

The latest version released is 8.3, currently available for download in the Community Portal. You can use this Ultra series with the existing PA license. PA Ultra and PA 7 can work on the same workstation. This is to allow seamless usage between the two, sharing the license and eventually allowing a seamless migration fully to the Ultra series soon.

PA Ultra runs on a database instead of on memory utilization. This significantly improves the speed of data processing and accessibility. It has a similar UI experience to the PA 7. However, there are some updated dashboards and insights to give you more access to certain features that PA 7 doesn’t provide in the dashboard overview.

Note that because PA Ultra runs on a Postgres database, Pathfinder single user or any other application that runs on Postgres cannot be installed on the same workstation as this will cause conflict.

In addition, the Ultra series can process computer data directly. We are continuously developing and adding new features. For more details, check out the release notes and the manual, and feel free to reach out to the Cellebrite Technical Customer Support Team.

Cryptocurrency Enrichment

We partnered with Chainalysis this year to bring new insights into cryptocurrency data and enrichment, so 8.3 automatically identifies crypto artifacts that allow you to directly investigate the crypto asset in the dashboard and start your analysis.

We have added both online and offline enrichment features to enrich this data for you. The online features require an internet connection and are powered by Chainalysis. It provides detailed assets association like wallet addresses and highlights potential illicit activities associated with those addresses.

The analysis results can also be exported as a report, but note you’ll need an additional license to enjoy the Chainalysis enrichment. However, the enrichment by Cellebrite is already part of your existing PA license. Reach out to us for help with any questions, whether sales-related or technical.

Location Data

We recognized the importance of location data, and we have enhanced the way we display and handle them. In PA Ultra, we have added a New location tab. The location data is categorized into groups and subgroups and is broken down further with meaningful descriptions such as points of interest visited. This gives more prominence and allows better identification of significance to the case that you are working on.

Location Data Menu – Mobile Device Forensics – PA Ultra

We also display event-type locations, for example as if you search for a particular location, such as a restaurant or a destination in your maps app, PA Ultra creates a link location to show that aspect of the search. This is not necessarily the user’s actual location when the search was performed. It could be that they are in the city you live in, but you are searching for something based in another location.

Stay tuned for part 4 that covers Smart Translator, Payment Apps, WhatsApp Disappearing Messages and Cloud Extractions.

Share this post