The Power Of Actionable Intelligence In the Upcoming Cellebrite Physical Analyzer Release
This year, Cellebrite has been heavily focused on applying the tools and capabilities necessary to help investigators surface actionable insights to focus initial examination efforts quickly.
The Cellebrite 2020 Benchmark Report, shared earlier this year, showed that digital data extracted from devices under investigation has grown 82 percent compared to three years ago. The need for expertly trained staff to navigate and leverage vast amounts of data has also risen sharply.
The report also showed an average backlog of three months and 89 devices per station. In order to address these bottlenecks, examiners are being forced to prioritize their workload and only examine time-sensitive data or data from certain cases.
With these constraints in mind, it was clear that agencies needed additional capabilities and more insightful data to help them focus their examination efforts to locate critical evidence faster.
We set out on a journey to devise a more intuitive design with improved navigation, visuals, and tools to help users optimize their use of Cellebrite Physical Analyzer, and get the job done, accurately.
With the new Cellebrite Physical Analyzer 7.33 version, you can locate evidence faster than ever. The ability to surface actionable insights, along with advanced capabilities to dig deeper into the data where needed, are key to the success of any digital data investigation.
Cellebrite Physical Analyzer version 7.33 is the most substantial upgrade of this user interface we’ve ever done. This enhanced UI provides several new and useful features while improving accessibility to data from extracted devices.
We’ve accomplished this by adding a navigation bar to the tree, which allows you to search models in the project tree. We’ve also added a time bar to graphically view extracted phone data. Together, these new additions optimize the examination process downstream.
In this blog we will review the five main changes/enhancements that make this new version of Cellebrite Physical Analyzer the most powerful investigation tool yet.
1. A New User Interface
Cellebrite Physical Analyzer (PA) is used by forensics examiners and investigators all around the globe and for good reason.
The combination of outstanding decoding and decryption, along with powerful experience and examination capabilities, enable in-depth investigations to solve more cases for a safer word.
We have taken the user interface and the user experience of PA to a new level with a new UI that is more intuitive and convenient.
Let’s take a closer look at the changes of the new UI, starting with the new color scheme, design, tabs layout, and spacing.
2. A New Graphical Time Bar
A new graphical time bar is a true storyteller that enables investigators to see a sequence of time-related events, visually. You can quickly identify and track key events, filter and focus on the case’s date range, and analyze multiple timestamps of events. (The combination of multiple timestamps has proven to be far more powerful and revealing than any single timestamp on its own.)
From a developers’ point of view, we implemented this new tool bar to provide outstanding capabilities for both the user experience and performance.
The time bar helps to focus data from the extracted data to the crime timeframe.
The time bar appears in the timeline view and in all tables (models) for events with at least one timestamp field (excluding the chats model where each timeline bar will appear with each chat conversation).
This addition is super powerful for the timeline view. Now you can see any event with a timestamp and quickly view trends, volume of activities, and more.
You can select the date range of interest and easily filter the data on the fly. In addition, you can select the types of events and timestamps to be displayed in a time bar using the toggle bar filter. (Up to five fields can be filtered together and each field has a unique color that identifies it in the time bar).
The table and the time bar are both synced to the data shown, so you can filter information from graph to table and the other way around.
Buttons in the time bar include:
Apply—Filters the data according to the time-range selection.
Refresh time bar—Updates the graphical time bar to reflect active table filters.
Clear—Clears the data-range selection and returns the graphical time bar to its previous stage without affecting the table filters.
You can also zoom in on the time bar using the mouse or the scroll bar below the time bar.
3. The Before and After
In the previous version of PA, all events were presented in a table in chronological order. In this new version, a new graphical time bar has been added on top of the table, which is enhanced with more filtering capabilities.
4. A New Navigation Journey And Navigation Tree
We have created a new journey through the application, enabling a more streamlined and organized navigation experience. This allows you to get into the different data types faster, reducing the need to scroll up and down.
The navigation bar divides the old Project tree into eight sections: Home, Timeline, Analyzed Data, File System, Insights, Tags, Reports, and Cloud. Reviewing and searching for data in the old project tree was not fully convenient, so we decided to add this new navigation bar to help you find the requested data faster and easier.
Home—Allows you to display an extraction summary of the project in the data display area. The “Extraction Summary” tab is displayed automatically whenever you open a new extraction for analysis. In a future version, we plan to integrate a new dashboard view with different widgets and KPIs that will provide a complete high-level overview of information to show what is going on with the examined device. Stay tuned!
Timeline—A lot of examinations start by reviewing the “timeline view.” Now you can easily navigate into the timeline view, which is just below the “home” button.
Analyzed Data—We unified the analyzed data and data files under this navigation option. All extracted data can be found here. All of the tables (models) are now grouped into different categories to help unify related events data. Data of the same type will be found under the same category. For example, under the “Media” category you can find images, videos, and audio. To find data faster, we added a search option in the tree. The search is performed on all the models within the tree, while search results display only models containing the string you were looking for.
File system—Here you can find the file system tree item lists including the binary images.
Insights—In this navigation tree you can find important insights for your case such as malware scanner results, hash set results, and more. We plan to enhance the insights with more valuable and actionable information in a future version.
Tags—Finding important information and creating tags is a capability every investigator uses. Any tagged items will be presented here, including hex tags, enabling fast access to tagged items.
Reports—A list of the reports, which were already generated, and additional files added, like screen captures and external files, can be shown here.
Cloud—This option provides cloud insights including cloud tokens available on the device. You can use the token to extract data using Cellebrite UFED Cloud.
A few additional small-yet-important enhancements include new menu items that are shown in a “kebab” style. “Kebab” buttons were added to the project tree to enable you to perform operations on active projects, trees, and tables.
The first “kebab” button displays all operations on the project that were available in the old project tree via the right click (“add extraction,” “add external file,” “rename active project,” and “close active project”).
The second “kebab” button displays all operations on the tree and tables that existed above the old project tree including: “expand all,” “collapse all,” “select items for report,” and “unselect project for report.”
All of these exciting changes (and more to come) have been made to improve the user experience for examiners and to help focus data review, search, and analysis faster and more conveniently. With the valuable addition of the time bar, the simplification of the navigation journey, and the actionable insights that can be generated, the new, enhanced Cellebrite Physical Analyzer is the best tool on the market for investigative teams.
Learn more about how Cellebrite Physical Analyzer can help your team here.