Using UFED Physical Analyzer Built-in Tools

UFED Physical Analyzer Consists of a number of built in tools:

1. Malware Scanner

• If you the Malware Signature Database of the built in malware scanner is not up to date, you would be prompted to download the update first
• Otherwise, you can just double click on the Malware Scanner tab on the side of the UFED Physical Analyzer and the Malware Scan would be initiated. Double click again and you would be shown the page below if there are any malware or potential malware detected.

2. Translation

• If you have not downloaded the language/translation package, you can click on Tools > Translation and you would be prompted to download the language pack(s)
• Otherwise, you would have a translate button that would appear and you would be able to translate languages after that using the button
  • *NOTE: For "Premium Languages" according to some sources there are limits to the number of "Premium Languages" you can register and can be registered on the Cellebrite Portal

3. SQL Database Viewer

• Just double click on any database file and it would be opened in the format shown below

4. Timeline

• A timeline based on the extracted data from the phone would be shown when you click on the Timeline tab in UFED Physical Analyzer. Allowing you to conduct timeline analysis on the suspect easily and conveniently.

5. Watch Lists

• You can pre-define a list of keywords to look out for before a case, depending on the search leads provided by the requester, in this case we are using the search lead of Alice Chan, and shown below are the matches found from the extracted data