Selective Mobile Forensics Decoding in Cellebrite Physical Analyzer
Selective Mobile Forensics Decoding is a feature built into Cellebrite Physical Analyzer that enables faster parsing for applications and key artifacts of interest. In Phase I of Selective Decoding, we provide the ability to select specific applications in addition to key artifacts for iOS and Android that a team of experts pre-selected for you.
Phase II will include the option to only parse the selected application artifacts or the ability to select the applications and key artifacts determined by Cellebrite.
Within Physical Analyzer, the examiner can select specific applications or application categories. If you’re wondering what’s being parsed, simply open the View>Trace Window and watch the parsing progress to explain which additional artifacts were also extracted.
This feature is not built to support cases where you only have the legal authority to examine specific items. Selective Decoding is designed to provide faster results and get you speedier answers during the triage process.
In order to leverage this new feature, begin by choosing “File” and “Open Case”
The Case Wizard will open, allowing you to select “Add” and then “Load Extraction”.
Once the file is loaded, you will see a new button that tells you to “Learn More”. Once you select it, it will tell you that Selective Decoding allows you to choose which apps you want to decode in order to speed up the processing time. Click “Examine Data” to have Physical Analyzer begin scanning the applications available on the device.
Once Physical Analyzer is done scanning, a list will appear with several filtration options. For example, you can choose “Social Networking” categories and then check the boxes for specific applications.
Another option is to simply search for whichever application is important to you.
Once you are happy with what you have included, select “Continue” and the processing will go through Physical Analyzer. This is a fast way to triage your case and get a quick glimpse of what applications the users were using.