The SMS message above can be selected and viewed in the SMS Messages section, which is where we will find the source file. At any point, you can untag an artifact if it is no longer relevant. You can create unique tags under Manage tags. To tag, select the tag as indicated by the arrow in Figure 3 below and select the category for the tag. Should you find a keyword hit that is relevant or interesting to your investigation, it can be tagged at this point. This means that if you searched for “hank” you would also get keyword hits for “thanks” and “thanksgiving”, which may useful. Fuzzy searching will be implemented here. To view your results, select Show All, and the keyword hits will appear on the screen for you to review. In this example, I conducted a search for the keyword “heather” and received 12 results. The option to search is in the top right corner of Reader, as shown in Figure 1 below. First and foremost is keyword searching.Ī keyword search is done in a logical manner in Reader. In this blog, I will be sharing key concepts to ensure you are as thorough as possible in your investigation using Reader. This is where it becomes an art as we verify or uncover artifacts that may have been identified or even missed by others. If you are working on an IR case, however, you may wish to start with installed applications and then a timeline. If you are working a child exploitation case, you may go right to images, videos, and browser data. What comes next depends on the type of investigation you are working on. Once settings have been enabled and a review of the platform has been made, you are ready to kick off your analysis. In our third and final blog in this series, we’ll look at best practices for conducting keyword searches, writing queries, setting up timelines, and generating reports.
In Part 2, we covered how to configure settings and review the Reader platform to allow you to collaborate and share information with your entire team more easily.
In Part 1 of this series on Cellebrite Reader, we began by learning how to create a UFDR file, add inclusions, and open the UFDR file.