UFED PHYSICAL ANALYZER: Intelligent Software for deeper investigations
| || |
The UFED Physical Analyzer is the most advanced analysis, decoding and reporting tool in the mobile forensics industry.
It allows you to perform a physical extraction from a mobile device. It enables to recover all available raw data stored in the device and analyze it to decode deleted data.
UFED Touch Physical PRO is particularly useful when faced with a mobile phone without a SIM Card, or with security locked devices.
The result of
Cellebrite`s constant research and development provides users with the
most unique and powerful features, addressing the needs in the mobile
forensic industry.The UFED Physical Analyzer includes enhanced
decoding, enabling support for multiple data types: chat, email, web
bookmarks (favorites), web history, SIM data, cookies, notes, MMS,
instant messages, Bluetooth devices, locations, journeys, GPS Fixes,
call logs, text messages, contacts and more.
The memory dump from each phone is a complex data structure.
But the UFED Touch Physical Pro software tool makes navigating this data easy.
The UFED Touch Physical Analyzer application focuses the user`s
attention on the most critical portions of phone memory first.
- Knowledge of the memory structure for each phone which allows the automated retrieval of appropriate data
- Hierarchical View for efficient navigation
- Advanced search capabilities for both novice and expert user
- Customizable parsing and search functions
Physical Analyzer has an improved user interface that provides for more efficient analysis work.
Users can do less work to see more information, including contact images and whether certain data within an entry has been deleted.
Physical Analyzer enables the physical extraction and decoding from all rooted and non-rooted Android devices. This means that Cellebrite now exclusively supports the mobile industry’s leading Android brands, Samsung and Motorola: Galaxy SII family, Galaxy Note, Milestone, Droid, and Defy.
Finally, Physical Analyzer includes the launch of the UFED Reader, a new tool allowing users to share extraction and analysis results with any authorized personnel, even if they don’t have a UFED license. This function allows for greater data sharing and collaboration among investigators, attorneys, supervisors, and others who need case details. The UFED Reader’s functionalities include report customization and generation, advanced search capabilities, bookmark management, and more.
The Physical Analyzer enables:
|USB Mass storage devices extraction and decoding for all major GPS portable devices|
Physical extraction from devices running iOS 3.0 or higher,
decrypting on-the-fly encrypted partitions for supporting devices
Advanced decoding of deleted, hidden and existing content from all
major mobile devices and platforms including, iOS devices, BlackBerry®
devices physical extraction, Android devices and more.
- Rich set of data: Handling ever growing rich set of data types (call logs, contacts SMS, MMS, chats and more)
- Hash Verification: Ensures that the extraction being decoded is the same extraction received from the UFED device
- Malware Detection: Perform on-demand searches for viruses, spyware, Trojans and other malicious payloads in files
- Project Analytics: View statistics on communications and identifying relationship strengths
- Timeline Graph: Visualize events over time, view distances between events and see the number of events within a defined timespan
- Exporting Locations: Export selected latitudes, longitudes, and timestamps to KML reports
- Exporting Emails: Export selected emails to EML format
- Embedded Text Viewer: View text files including file information, content, and Hex
- Watch list: Ability to highlight information based on predefined list of values
- Timeline: Monitor events in a single chronological view
- Image carving: Powerful feature used to recover deleted image files and fragments when only remnants are available. Only applicable for physical extraction
- All projects field search: Quick search within decoded data
- Advanced search: Ability to search based on several parameters either as an open text or based on specific parameters
- Conversation View: View communications between sources in date and time order
- Entities Bookmarks: A quick reference pointer that can be set to an analyzed data item and a data file item
- Hex Viewer: Shows binary view of the
extracted data, enabling advanced search based on multiple parameters,
regular expressions and more Parsed Content Highlighting in the
Hex– Highlights the exact position in extraction for each decoded
content entry, enabling full tractability between the analyzed data and
- Hex Bookmarks: Define and save specific locations in the Hex data
- SQLite Databases Viewer: Viewing, searching and exporting tables and content from SQLite database files
- Python Scripting: Using the python shell, enhances the capabilities for content decoding
- Plugin and Chain Management: Enable to run python scripts via plugins, and edit and create new decoding chains
- Generate and Customize Reports: Generates customized reports in
different formats such as PDF, HTML, XML, and Excel. The reports can be
customized in means of look and feel (header, footer), case related
information and content