Paraben` s Device Seizure 6.5 Release Notes

Paraben’ s Device Seizure 6.5
Release Notes
1
Paraben Corporation
Welcome to Paraben’s Device Seizure!
Device Seizure is designed to allow investigators to acquire the data contained on mobile phones,
smartphones, GPS, and PDA devices in the most forensically sound manner possible. Since 2001
Paraben’s mobile tools have been acquiring data from devices. Device Seizure employs different
techniques with each type of device. In most cases, images are created both logically and physically.
This gives the examiner the maximum access to data that includes information such as phone
numbers, dates, times, pictures, call history, for both active and deleted data. There are many unique
analysis functions as well that come with the powerful Device Seizure acquisition engines to include
bookmarking, advanced searching, importing of backup data, and case data comparisons. Device
Seizure supports over 9,500 device profiles and the list growing with each release. Device Seizure is
a must-have tool for any lab.
Device Seizure has some additional functionality that makes it the ideal analysis engine. For data
associated with GPS coordinates or Call Detail Records (CDR) that might be included with the case,
you can import this information into Google Earth directly through Device Seizure. In addition to
importing data, Device Seizure contains the only case comparison functionality to allow for continued
review of case data against the original acquisition. This functionality is crucial to compare a device
after both sides have done examinations to insure changes have not occurred. Device Seizure was
designed with forensic examiner’s needs in mind.
This document allows you to get more information about Device Seizure 6.5 features and changes.
What’s new!
Support for iOS 7 logical acquisitions has been added
Support for Windows Phone 7.5 logical acquisitions has been added
Support for Windows Phone 8 logical acquisitions has been added
Support for Android 4.x* logical and 4.0 physical acquisitions has been added
New screen protection removal for Android devices has been added (Developer Mode Only)
Import of backup data from iOS 3.1 and higher encrypted iTunes back-ups has been
added
Support for Jailbroken iPhones/iPads/iPods in iPhone Physical plug-in has been added
Import of Tarantula backup data for support of Chinese phone models has been added
Improvements to recovered data parsing for iPhone and Android devices
Bookmarks creation and reports generation have been added to the Device Seizure Case
Compare
Acquisition of data from CDMA SIM Cards has been added
Portable Device Plug-in added for Windows 8 and all devices that mount as media devices
And more!
*Please check the supported models list for specific models. Not all device running Android
4.x are supported.
2
Paraben Corporation
Device Seizure Key Features
General Features:
- More than 50 plug-ins for working with more than 25 types of devices including:
-Cell phones
-Smartphones (iPhones, Androids, BlackBerry)
-[NEW!] Windows Phones & Portable devices
-PDAs
-Tablets (iPads/iPod Touches, Android tablets)
-Media Devices (iPods, eReaders-Not parsed)
-GPS devices
-Media cards
- Support of more than 9,500 device profiles
- USB, serial, and Bluetooth (Limited) support
- Verification of file integrity with use of MD5 and SHA1 hash values
- Deleted data recovery on all types of devices
- Encrypted image files to guarantee image integrity
- Google Earth integration
- Database driven case format for secure data storage and large volume storage
Bonus Features:
- Includes a free 1 year subscription with purchase
- Includes license to Deployable Device Seizure (DDS) for mobile triage
- Includes license to Link2 for full link analysis chart capabilities
- Includes comprehensive cable kit
GUI Features:
- Special Hex and Text viewers for viewing data in hex and text representation
- Image viewer for convenient viewing of all types of images
- File viewer for viewing files of different types (*.html, *.doc, etc.)
- Grid viewer for an easy-to-read format of SMS, Phonebook, Calendar, etc.
- Data Sorter function for sorting thousands files from the acquired data by file types
- Quick export functions for exporting media file types from case data
- Bookmarking for easy navigation and review of data
Plug-ins Features:
- Comprehensive data acquisition of text messages, address books, call logs, and more
- Built-in recovery of a variety of passwords from devices
- Portable Device Plug-in added for Windows 8 and all devices that mount as media
devices
- Windows CE registry viewer
- Acquisition of complete GSM and [NEW!]CDMA SIM card information including deleted
data
- Full flash download for certain models of cell phones, PDAs, and smartphones
- SIM Cards cloner
3
Paraben Corporation
Other Features:
- Exporting of the acquired data to the PC
- Search within the acquired data including file search, Hex, and Text (including Unicode)
searches
- Import of databases acquired with PDA Seizure, Cell Seizure, SIM Card Seizure, CSI
Stick, and Deployable Device Seizure
- Import of other desktop data:
-RIM BlackBerry Backup (IPD & BBB)
-Apple iPhone Backup ([NEW!] including encrypted back-ups)
-KLM and GPS maps
- Import of data from other tools
-Cellebrite cases
-[NEW!]Tarantula back-ups (Chinese Phone Support)
- Viewing acquired data with external viewers
- Comprehensive HTML, Text, CSV, XLS, and PDF reporting, including Timeline report
- Case Comparer compares two databases to verify differences in their structure with
[NEW!]
bookmarks creation and quick reporting
- Data saving to CD/DVD. You can easily take your case with you without using any
external applications
- Cell Tower Import for viewing call locations within Google Maps
Device Seizure 6.5 Changes
Import of Tarantula backup data has been added. (Chinese Phone Support)
4
Paraben Corporation
Import of iPhone 3.x and higher encrypted iTunes back-ups has been added
5
Paraben Corporation
Bookmarks creation and reports generation have been added to Device Seizure Case
Comparer
New Android drivers have been added to the Device Seizure Driver Pack
6
Paraben Corporation
Device Seizure 6.5 New Plug-ins
A new plug-in for acquisition of Windows Phone 7.5 has been added
A new plug-in for acquisition of portable devices that mount as media devices
(including Windows Phone 8) has been added
7
Paraben Corporation
Device Seizure 6.5 Plug-in Changes
Recovered data parsing for iPhone and Android devices is improved. Now more data is
parsed.
The ability to remove the screen lock protection for an Android device during the
acquisition has been added
8
Paraben Corporation
The bit-by-bit image collection for iPhone/iPad/iPod Touch devices has been added to
the physical plug-in
Spotlight search data parser is added to the iPhone/iPad/iPod Touch Physical plug-in
for devices iOS 5 and higher
9
Paraben Corporation
Acquisition of data from CDMA SIM Cards has been added
Android 4.x logical support and 4.0 physical acquisition support has been added
iOS 7 support has been added for iPhone/iPad/iPod Touch Advanced Logical plug-in
Support of iPhone Jailbroken devices has been added to the iPhone/iPad/iPod Touch
Physical plug-in
File checker is added for iPhone/iPad/iPod Touch Advanced Logical plug-in to allow for
better error message generation
Device Seizure 6.5 Issue Resolutions
10
Plug-in
Issues Resolved
iPhone Advanced Logical
Timestamps representation in recovered data
Nokia Symbian 7.x-8.x
Logical
Nokia 3230
RIM Blackberry
Parsing Unicode data
Android Logical
LG MyTouch, Samsung Nexus S,
Sanyo CDMA Logical
LG CDMA Logical
Sanyo Katana LX
LG CU515, LG C220
Windows Mobile Logical
Samsung i607
CDMA Physical
Samsung SCH R211
Paraben Corporation