Open Advanced in Ufed Physical Analyzer
Tip: Highlight text to annotate itX
UFED Physical Analyzer has the largest set of the decoding capabilities
in the mobile forensics industry. Using its open advance feature
you can decode third-party extractions such as JTAG and Chip Off
decode backup files, and conduct a customized decoding process
in this demonstration we will show you a few different uses
of open advanced. Let's start with a BlackBerry Chip Off
which can be decoded only on UFED Physical Analyzer thanks to the Open Advance feature
go to the main menu
click File and select Open Advanced
or click the Open Advanced icon
click Select Device
BlackBerry
and look for "Blackberry Generic"
in the binary dumps option, import a NAND file
you can choose to save the current chain as a UFD file
and use it in the future
finally, click Finish
the decoded data includes valuable information such as user data
the phones ICCID and IMEI
and serial numbers, SMS messages, images
and much more
let's try another extraction, this time with a .tar file
which contains iPhone data
click the Open Advance icon
click Select Device
select Apple from the vendor list
select Apple iPhone Physical
and click Next
in the advanced customization window click the Image button
choose the .tar file
and click Finish
the extraction summary here shows installed applications
text messages, thousands of images, databases
and more
another good use of Open Advanced is back up files decoding
to decode and iTunes or iPhone backup
click the Open Advance icon
in case of an iTunes backup, use the "Start without a UFD file" option
and click "Blank project." Click "Switch chain"
click "All chains" on the left and search for iPhone
and select the iPhone backup chain
add a file system dump, click the folder option
select the iPhone backup folder and click Finish
if the backup is password protected, UFED Physical Analyzer will ask you
to insert the password in click Next
physical Analyzer will automatically decode the backup's data
in case you have a BlackBerry backup file you need to decode
you can use Open Advance as well
go to open Open Advance
click "Blank project"
click "Switch chain"
then choose "All chains"
and search for BlackBerry IPD
in the binary dumps section select your IPD extraction file
and click Finish
the decoded data contains the BlackBerry pin number, model
phone data and more
