Cellebrite Physical...
 
Notifications
Clear all

Cellebrite Physical Analyzer 3.0

13 Posts
7 Users
0 Likes
1,196 Views
sward6
(@sward6)
Posts: 23
Eminent Member
Topic starter
 

Has anyone had any issues using PA 3 (Version 3.2-3.6) with phones that have alot of data on them? I'm attempting to process an iPhone 3G (8GB), with over 10,000 photos and 30,000 SMS.

I confirmed it was not a hardware issue, as my CPU was using 5%, and my memory was at 40% max. I have the engine installed on its own HD, and the IOS data dump on a RAID 5.

The anaylzer is almost unusuable…it's like 56K dial up all over again. Any tips or tricks to speed this up?

I called Cellebrite Support and the employee stated it's a known software engine issue that they are working on. I hoping some of you have experienced this and may know a trick or two to assist me.

Thanks!

-Steven

 
Posted : 02/02/2013 1:08 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

Steven,

UFED PA v3.5 that was released 3 months ago addressed both memory and performance improvements related to heavy extractions.

Still if the extracted device has 50,000 images and 200,000 other data elements (SMS, MMS, Emails …) you might need to upgrade your computer to a 64bit Windows OS.

For over a year, we recommend using a 64bit Windows 7 with at least 8GB of memory.
A 32bit Windows OS limits the amount of memory UFED PA (or any other application can use)

If you have a lower computer configuration, I would suggest to upgrade.

I sent you more info in a PM

Ron

 
Posted : 02/02/2013 4:32 pm
bigjon
(@bigjon)
Posts: 159
Estimable Member
 

sward,
As Ron says, maybe you need to go to 64 bit.
We are using PA for all our ios systems, some exams have returned well over 50,000 images, the record in our office is 197,666 images returned - 8.5 hr dump-
You should not be experiencing problems with PA with "just" 10,000 images

 
Posted : 02/02/2013 11:00 pm
ForensicRanger
(@forensicranger)
Posts: 122
Estimable Member
 

Agreed - 10,000 images are nothing when you dump an iPhone or and iPad.. my shop also had had in access of 150,000 images, 70,000+ SMSs extracted from a device.

As was mentioned, ensure you have enough processing power and using 64-bit. We use an iMac that runs Win 7 Pro on it and it runs PA quite brilliantly.

 
Posted : 03/02/2013 10:17 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

A 32bit Windows OS limits the amount of memory UFED PA (or any other application can use)

Just for the record, yes, but no 😯 .

The issue is the license, Server type of 32 bit OS will use 8 Gb and more happily
http//www.geoffchappell.com/notes/windows/license/memory.htm

jaclaz

 
Posted : 03/02/2013 11:46 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

The maximum available amount of RAM per process for a 32-bit OS is 2 GB.
Yes, you can use the /3GB switch to get 3GB, but other applications on your computer might not like it and we decided not to use this.

http//msdn.microsoft.com/en-us/library/windows/desktop/aa366778(v=vs.85).aspx

Ron

 
Posted : 04/02/2013 1:14 am
sward6
(@sward6)
Posts: 23
Eminent Member
Topic starter
 

Thanks for all the replies!

Originally, I had installed the analyzer on our laptop (Duo Core/4GB/Win7 32b) because I wanted to use it out in the field, if needed. However, due to the processing issues, I opted to install the analyzer on our examination machine – which is due to be replaced soon, pending our new budget, but is still a very capable workstation. It's a FRED, 2x Xeon Quad Core/12GB RAm/Win 7 64b. Does this setup look adequate to run PA? It runs FTK 4.?? just fine.

While using the FRED, and to my surprise, I noticed the same processing issues. I noted while processing the data dump, the memory was at 40-percent of max and the proceesor was at 5-percent of max.

When attempting to view images, it's nearly impossible to do. Any time you scroll down, it's take 30-60 seconds for images to load, while the application freezes or states "not responding." It eventually starts to respond. SMS is faster, but still seems slower than it should be.

I have viewed several non-IOS data dumps on the laptop (not the FRED) and never had an issue with analyzing the data on earlier versions of PA. I have not yet tested non-IOS data dumps on the new version, which is something I ought to do.

 
Posted : 06/02/2013 8:09 pm
jmburns27
(@jmburns27)
Posts: 5
Active Member
 

if you have a MAC, install IPEX available free to law enforcement on https://acesle.org/

Its quick when it comes to extracting iOS devices

 
Posted : 07/02/2013 12:32 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

sward6,

It sounds that you are using an older version of PA.
Are you using v3.5 and above?

What you describe is not the experience that you should with v3.5 and above.

BTW, latest version is 3.6.1

Ron

 
Posted : 07/02/2013 1:52 am
sward6
(@sward6)
Posts: 23
Eminent Member
Topic starter
 

sward6,

It sounds that you are using an older version of PA.
Are you using v3.5 and above?

What you describe is not the experience that you should with v3.5 and above.

BTW, latest version is 3.6.1

Ron

I will double-check when I get back to my office next week, but I'm pretty sure I DL'ed the latest version. When I spoke with a cellebrite customer service rep, they advised I was on the current version.

Thanks for the help.

 
Posted : 07/02/2013 5:31 am
Page 1 / 2
Share: