Dear Reader –
I apologize. I didn’t mention in my post on Windows 8 64 bit that I was running PA/XRY in a virtual machine. Nor did I mention that my 32 bit XP box (in which XRY/PA worked just fine) was also a VM.
I apologize as well that I failed to follow up yesterday and post that I successfully installed Windows 7 ultimate 64 bit in a VM and got both PA XRY Complete to run just fine.
As Jansen Cohoon of Micro Systemation pointed out to me on Twitter he has Win 8 64 bit and XRY working fine on a dedicated Windows box.
I should have been more explicit in my post and mentioned the VMs. I should have followed up. I also should have been more scientific in my trouble shooting.
I got frustrated and ran out of time for my testing….but that’s a cop out. I owe it to you all to be more thorough.
So I’ll test it all again on the VM and again test it on some dedicated boxes when I can get my hands on them (they are being used in a course).
Thank you to those who pointed out my mistakes. I’d like to hear from people if they are also having problems using Win 8 in a VM. I know a lot of us use VMs for forensics. Perhaps my host needs some more TLC!
To recap :
- I was using a 64 bit Win 8 VM when I couldn’t get XRY/PA to work.
- My 32 bit XP VM runs PA and XRY just fine
- My 64 bit Win 7 VM runs XRY and PA without a hitch
- Test and validate!
P.S. Always follow your own advice 😉
Cellebrite just recently announced the release of their solution for performing dumping and analysis of mobile devices – Physical Analyser Pro 2.0.
Physical Analyser Pro is sporting a slick new UI, enhanced searching functionality, plugin chaining , enhanced decoding for iPhones and promises to be a huge leap forward in taking cell phone examinations to deeper level. Of particular interest to the community is bound to be support for working with chip off dumps.
When Cellebrite announced the release, there was a rumor that the update was only available as a new purchase. Chris Shin and Jason Rogers of Cellebrite quickly set the record straight – Physical Pro Analyser 2.0 is available as a firmware update with a current subscription.
I’ve attached the release notes for review – a syopsis of some key features follows – and plan to do a detailed review of the product for the community in the upcoming week. All in all it looks like just what the community needs!
Key Features of UFED Physical Pro Upgrade include:
· Deep access to internal memory and data inaccessible by logical methods (deleted text messages, call history, pictures, phonebook and videos)
Phone lock code/user password extraction
Open Source Plug-in support: author, collaborate on, and utilize custom search and value parsing algorithms
Plug in chain manager
Intelligent string finder
Hierarchical “tree” view for efficient and fast navigation
Advanced search capabilities both to novice and expert users
Customizable search, parsing and report functions
Exclusive physical support for Samsung and LG devices
Proprietary, forensically sound (read only) boot loaders for most supported devices
Phone internal data (ex. IMSI history, past SIM cards used, past user lock codes, Memory card and Bluetooth history where supported)
Latest Supported Features for Physical Pro !
iPhone deleted SMS, Phonebook , and Call Logs extraction
Visualization of GPS Data –Direct link (KML file) to Google Earth and Google Maps for tracking purposes
Windows Mobile devices Email and deleted mail extraction
Blackberry devices Email extraction/ (Blackberry Messenger, Blackberry PIN)
Physical Extraction of IDEN Phones ( over 30 models )
· iPhone decoding: includes calendar, call logs, contacts, text messages, email, locations (Wi-Fi and Cell Tower), MMS, notes, web history, web bookmarks (favorites), Skype (contacts, calls and chat), Facebook contacts, navigation applications, Bluetooth and more
Android, iOS iPhone, (Allows bypassing of user lock code) and Windows Phone 7 Physical dump capability coming soon