HIGHLIGHTS

UFED Analytics Desktop – version 5.2 – serves as yourvirtual partner, saving precious time in the investigative process. Designed as a standalone desktop application, it simplifies and automates analytical tasks, allowing users to easily identify the critical relationships that can focus investigations. By immediately linking and unifying multiple disparate data sources, UFED Analytics Desktop’s latest release helps generate leads and uncover actionable insights from existing call logs, application data, text messages, locations, private cloud sources, images, videos and more. This powerful, cost-effective investigative tool allows digital data to be viewed from multiple angles and isolate key details for easy analysis and reporting to case stakeholders. Key capabilities incorporated in the latest release include:

◼ New Automated Analytics Tools – UFED AnalyticsDesktop is optimized to improve data search and filtering performance while managing data from an active case. No more painstaking review of large, cumbersome PDF reports.

◼ Text Analytics – Applies natural language processing toany textual artifact uploaded in the system and tags events related to specific topics of interest.

◼ Image Analytics – UFED Analytics automaticallycategorizes the images based on categories relevant for an investigation such as Weapons, Money, Drugs and Nudity.

◼ Advanced Filtering Capabilities – View commonconnections based on communications and locations; narrow data using advanced filters and search; tag data based on specific needs; highlight case related data using watch lists.

UFED ANALYTICS DESKTOPRELEASE NOTESVersion 5.2 | September 2016

ELIMINATE MANUAL ANALYTICAL TASKS AND SPEED INVESTIGATIONS WITH NEW

AUTOMATED ANALYTICS TOOLSBy using automated analytics tools that are integrated into an easy to use user-flow – you can now discover critical evidence hidden in data sources and increase the impact of digital forensic data throughout your investigation.

UNCOVER DEEPER DIGITAL DATA INSIGHTS WITH TEXT ANALYTICSThe latest version introduces a unique analytical

capability to speed investigations – integrated text analytics. The tool automatically goes over event content, including attachments, in order to find and highlight entities-of-interest – without the need for the user to predefine them, including phone numbers, personal names from a message, or even the language in which the message was written.

REVEAL AND VISUALIZE COMMON CONNECTIONS WITH UFED ANALYTICS DESKTOP’S

FILTERING CAPABILITIESUFED Analytics Desktop filters data by Person, Timeframes, Location Types, Distance, Entity, Tag, and more. With version 5.2, you can set minimum values per data type within link in order to focus on the most frequent communications with key individuals.

SAVE TIME AND RESOURCES WITH ADVANCED IMAGE ANALYTICSWith UFED Analytics Desktop, automatically

apply advanced categorization and image recognition methods - identified images of interest can then be used as a starting point of an investigation.

Cellebrite Release Notes | v5.2 | September 2016 | 2

New Automated Analytics Tools

Version 5.2 introduces several new innovative features that will help you address some of the major challenges in analyzing digital forensic data sources in an effective and timely manner. You will be able to better understand and discover the information hidden in the data sources and increase the impact of digital forensic data in your investigation using automated analytics tools that are integrated into an easy to use user-flow.

Text Analytics

An advanced integrated text analytics engine automatically goes over event content (including attachments) to find and highlight for the user entities-of-interest –without the need for the user to predefine them. For example, phone numbers and personal names from a message, or the language in which the message was written. This capability is not typically available to law enforcement investigators.

This unique analytical capability can assist in solving cases where more discovery is required, and/or accelerate an investigation by highlighting events of higher importance, i.e. credit card numbers.

Image Analytics

A typical smartphone may have more than ten thousand Images, and in a case involving multiple devices going over the images can take days, or may therefore be entirely overlooked during the investigation. UFED Analytics automatically categorizes the images based on categories relevant for an investigation such as Weapons, Money, Drugs and Nudity. This categorization is based on the latest in neural network machine learning models that are not typically available to law enforcement members. Subsequently, identified images of interest can then be used as a starting point of an investigation. With UFED Analytics, you can seamlessly link from the image-of-interest to its event, to gain a wider context of the chain of events.

Filtering

UFED Analytics Desktop filters data by Person, Timeframes, Location Types, Distance, Entity, Tags & more. In addition, you can set minimum values per data type within link in order to focus on the most frequent communications with key individuals. Map, Timeline & image views have additional, context-sensitive filters.

Once you’ve filtered the information, you can also search globally on the generated tables of data; or search on a single value, for example a name, to obtain highlighted results. You can now view the data either in table or graph form, and save your sessions.

In addition, and in order to elevate the investigator’s experience in filtering and searching mounds of data in a case, we have integrated a new capability of combining the filter behavior with that of a facet, creating an Advanced Filtering concept. A faceted search is a way to explore large amounts of data by displaying summaries about various dimensions of the data and later allowing narrowing the navigation to a specific dimension value. This is achieved by maintaining multiple dimensions (facets) for each event and thus enabling events to be accessed and ordered in multiple ways.

Supported Entity Extraction Categories

Supported Entity Extraction Languages

Supported Language Identification

Person Money

Location Number

Organization ID Number

Product Phone

Title Email

Nationality URL

Religion Distance

Credit Card Date

Lat/Long Time

Arabic Italian

Chinese, Simp. Japanese

Chinese, Trad. Korean

Dutch Pashto

English Persian

French Portuguese

German Russian

Hebrew Spanish

Indonesian Urdu

Albanian Danish

Arabic Dutch

Bengali English

Bulgarian Estonian

Catalan Finnish

Chinese, Simp. French

Chinese, Trad. German

Croatian Greek

Czech Gujarati

Hebrew Kurdish

Hindi Latvian

Hungarian Lithuanian

Icelandic Macedonian

DID YOU

KNOW?

Cellebrite Release Notes | v5.2 | September 2016 | 3

Supported Language Identification (continued)

Indonesian Malay

Italian Malayalam

Japanese Norwegian

Kannada Pashto

Korean Persian

Polish Swedish

Portuguese Tagalog

Romanian Tamil

Russian Telugu

Serbian Thai

Slovak Turkish

Slovenian Ukrainian

Somali Urdu

Spanish Uzbek

Vietnamese

Multiple Workspaces

A user can now define a workspace, which is a set of filters and views that summarize an analysis path that an investigator performed. Each workspace is independent, enabling the user to easily and quickly switch between analysis paths and follow the entire investigation flow.

Conversation View

An event by itself may not contain enough information to further the investigation. Sometimes a wider context is needed to give the user a better understanding of the chain of events. With UFED Analytics Desktop – a user can now expand any event into a fully correlated conversation of the participating parties.

Ingesting Cloud Data Source

Seeing and analyzing the different digital forensic data sources provide the users most closely related to solving the case with more investigative value. With the latest release, UFED Analytics Desktop can now ingest multiple data sources into a single integrated view including cloud data coming from UFED Cloud Analyzer. This enables the users to analyze how data from the various sources interacts.

Quick Tagging

Tagging events is a powerful tool, allowing the user to classify events and differentiate between what is important and what is not. You can now assign “Hot Keys” to customized tags, allowing for even quicker tagging of events.

You can now use UFED Physical Analyzer to create a UFDR file from images. Expand your investigation by utilizing this file in UFED Analytics Desktop via the newest image analytics features.

Cellebrite Release Notes | v5.2 | September 2016 | 4

UFED Analytics Desktop relies on physical, file system or logical extraction UFDR reports from Cellebrite’s UFED Physical Analyzer, UFED Logical Analyzer or UFED Cloud Analyzer. It automatically establishes contacts’ communication directions (uni- or bidirectional).

To provide each event with the different contexts that best provide comprehension on a specific event and its relationship to other events, multiple viewing types are supported:

Graph View

The Graph View displays the person in the center of the diagram, surrounded by the entities (phone numbers, apps ID and email addresses, or all of them combined) that were logged in the analyzed report. Arrowheads at the edges of each connection line represent the type of connections (incoming, outgoing, bidirectional) made between the Person and this phone number or email address.

◼ All Links – Shows all the persons selected from open reports,and all their linked entities. Filter the display by changing the selected persons, and by setting Timeframes and Entity and Link filters.

◼ Mutual Links – Displays only the linked entities shared bythe persons selected from open reports. Filter the display by changing the selected persons, and by setting Timeframes and Entity and Link filters.

◼ Entities Analytics – provides a statistical analysis of theinteractions of a particular entity and the device owner.

Note: Within each diagram, you can change and organize icons’ arrangement by moving persons and entities anywhere you desire.

Map Analysis View

The geo-location information in digital and mobile forensic data can be very important in identifying where the owner of the device was. Geo location metadata of events, whether they are images or instant messages, or even location events, can be viewed and filtered on the Map view. UFED Analytics Desktop includes additional analytical capabilities to identify whether two persons were in the same vicinity within a user defined radius and time. Suspects may claim that they don’t know each other, but in some cases the forensic data can prove that they were in the same vicinity at a certain time. Version 5.2 provides the deeper insights that accelerate investigations.

Locations of interest can then be used as a starting point into the investigation. In UFED Analytics you can then seamlessly link from the location to its event, to gain a wider context of the chain of events.

The Map View displays the locations—based on GPS coordinates, Wi-Fi or cell tower locations—that your persons of interest have visited.

◼ Filter the map by persons, timeframes, location category, andor mutual locations.

◼ You can zoom in and out of the map, and pan the map;show which locations your device owners and entities have in common

◼ Link to the event from location coordinates.

UFED ANALYTICS DESKTOP FUNCTIONALITY

Cellebrite Release Notes | v5.2 | September 2016 | 5

Timeline View

Timeline View displays the time-stamped events of the selected persons (calls, emails, SMS, MMS, and so on) in chronological order.

◼ Filter the table by changing the selected persons, and bysetting Timeframes and Categorical filters.

◼ Show all the events ordered by the time they occurred.

◼ Show conversation between two persons over time.

◼ Watch-list with set of words to look for and filter by.

Merge Multiple Entities

One of the key challenges in generating a clear map of links is the analytical ability to merge multiple identifiers, such as a person’s e-mail and phone number, as belonging to the same person. Now, UFED Analytics Desktop automatically merges identifiers into person objects, an operation that if performed manually is very time consuming and prone to error. Moreover, the merging identifiers is an investigation tool. The investigator can now split and merge identifiers into person as new information arrives from other sources

Ingesting Different Forensic Digital Data Sources

Seeing and analyzing the different digital forensic data sources enable the investigators and prosecutors most closely related to ‘solving’ the case with more value. To see how the Call Detail Records (CDR) or Location logs obtained from the communication service providers complement digital data extracted from smartphones. In this context, UFED Analytics can ingest multiple data sources into a single integrated view.

The following data sources are supported:

◼ UFED Physical Analyzer

◼ UFED Logical Analyzer

◼ UFED Cloud Analyzer

◼ XML report files generated by Micro Systemation XRY (6.15 and 6.16).

◼ Call Records and Location Records from CommunicationService Providers - CSV, XLS, XLSX, and TXT files that contain calls, SMS, MMS and location data generated by an external data source (CDR).

Free Text Search

UFED Analytics desktop has the ability to search for ANYTHING in the system. This enables to find key details amongst the sea of information.

––IMPORTANT INFORMATION––

Licensing information

UFED Analytics Desktop license is available in two flavors:

◼ Basic Configuration – Basic UFED Analytics Desktop package.Does not include text & image analytics capabilities.

◼ Full Configuration – Full UFED Analytics Desktop package. Includes support for all new features.

Existing customers with active UFED Link Analysis license will be able to download and use UFED Analytics Desktop basic.

You can verify your license by navigating to: File > Help > License Details

OTHER FUNCTIONALITY