Cellebrite Inseyets Physical Analyzer Release Notes 10.3

Release Notes
July 2024 | Version 10.3
Product Release Date 2024-07-17
Revision Date 2024-07-25

Contents
1. Introduction 4
2. What's New in Inseyets.PA Version 10.3 5
2.1. Python (Beta) 5
2.2. Introducing Our New Cellebrite Assistant! (Beta) 5
2.3. Performance Improvements 6
2.4. Warrant Return Automation Tool 7
2.5. Complimentary Reader Training 8
2.6. Learning Hub 8
2.6.1. Key Features: 8
2.6.2. Main Areas: 8
2.6.3. Video Labels: 8
2.7. Chat Activities (Recipients) 8
2.8. Hex Tags 9
2.9. Decoding Incremental 9
2.9.1. Downloading & Installing 9
2.9.2. Rolling Back 10
2.10. UFED to PA Streamline 11
2.11. SDL Translation Engine Update 8.6.3 11
2.12. Offline Maps 11
3. Decoding Engine Version 11.1,11.2 & 11.3 12
3.1. Updated Decoding Capabilities 12
3.2. Update Parsers 14
Cellebrite Physical Analyzer Release Notes Version 10.3 2

4. Known Limitations 15
5. Solved Issues 17
5.1. Packaging and Documentation 22
5.2. Packaging and Delivery Information 22
5.3. Software Components of Inseyets 23
5.4. Related Documentation 24
6. Features Included in Inseyets Core and Pro Licenses 25
7. Installation Guidelines 28
8. Supported Environments and Compatibility 29
8.1. Installation Suggestion and Specification Recommendations 29
8.2. Support for Virtual Machines 34
9. Supported Central Processing Units (CPU) 35
10. Supported Graphics Processing Unit (GPU) 36
10.1. What Does a GPU Do? 36
10.2. How Does Cellebrite Use the GPU? 36
10.3. Supported GPUs 37
11. Support for Application Languages 38
12. Feature Comparison — Inseyets.PA 10.x vs PA 7.x 40
13. Feature Modifications 44
14. Inseyets.PA FAQs 46
14.1. Before you Start 46
14.2. Manage your Case Data 47
15. General 49
Cellebrite Physical Analyzer Release Notes Version 10.3 3

1. Introduction
Cellebrite Inseyets Release Notes (referred to as " Physical Analyzer”, “Inseyets PA," Inseyets.PA" or
"PA 10.x”), provide an overview of new features, delivery details, and supported platforms. It is
recommended to review these Release Notes alongside the software package documentation. In case
of any conflicts these Release Notes take precedence over other documentation.
These Release Notes are regularly updated. You should check for any patches or changes in the
documentation that may have been released after the initial product launch on MyCellebrite
Community.
Revision Date Sections Revised Descriptions of Revisions
2024-07-17 New Release See all content
Cellebrite Physical Analyzer Release Notes Version 10.3 - 2024-07-17 4

2. What's New in Inseyets.PA Version 10.3
As announced in January 2024, Physical Analyzer Ultra has transitioned to become part of Cellebrite
Inseyets.PA. If you have already taken the step to Physical Analyzer Ultra 8.x, you will have a
straightforward upgrade to Cellebrite Inseyets.PA 10.
Physical Analyzer Ultra 8.x is now labeled Cellebrite Inseyets Physical Analyzer in MyCellebrite
Community.
Inseyets Physical Analyzer Version 10.3 introduces a range of new and exciting examination features
and capabilities, designed to enhance your analytical experience and efficiency.
2.1. Python (Beta)
We now provide the Python Shell and Decoding Scope script capabilities for Inseyets Pro license users.
You can create plugins to enable these scripts to run either as part of their generic/custom chains, or as
part of processing devices. To develop a new Python script and run this as part of a case creation
workflow, see Python Integration, Inseyets.PA User Manual 10.3.
This is an early release. We will continue to enhance this feature for a future
release.
2.2. Introducing Our New Cellebrite Assistant! (Beta)
We are thrilled to announce the launch of our latest innovation, the Cellebrite Assistant, designed to
revolutionize your interaction with our Physical Analyzer user guide.
Say goodbye to endless scrolling and searching for information. Our chatbot provides instant answers
drawn directly from our comprehensive user guides.
Effortless Interaction: Simply type your question, and our chatbot will deliver the information you
need.
Smart and Intuitive: Powered by AI, our chatbot understands the context of your queries, ensuring
you receive relevant responses.
Always Available: Our chatbot is available 24/7, providing uninterrupted access to the information
you need, whenever you need it.
To activate this Beta feature, contact support@cellebrite.com
Disclaimer: Please note that at this stage, the Cellebrite Assistant's knowledge is solely based on the
information contained within our user guide.

2.3. Performance Improvements
We’ve made significant enhancements to our software in performance:
Gallery Performance: Faster loading of images, improved 'mark for report’ speed, quicker filter
application and smoother scrolling and searching. Tagging and redacting numerous images is now
more efficient without delays or UI issues.
UFDR Reports: Fixed an issue to reduce the size of UFDR reports.
Chat Functionality: Chat views and message sorting are now faster making it easier to manage long
chat sequences.
Language Support: Upgraded to the latest engine for better language processing.
Telegram Extractions: Enhanced the opening of large Telegram data sets.
These updates aim to streamline your experience and boost productivity.

2.4. Warrant Return Automation Tool
We are excited to launch the Warrant Return Automation Tool (WRAT). This is a standalone
application, which simplifies the downloading and processing of Warrant Returns, initially targeting
Apple Warrant Return data. No installation or license is required, simply launch the
CellebriteWarrantReturnAutomationTool.exe.
The Warrant Return Automation Tool is available from the Community Portal under Technical Data
Sheet.
Information about getting started can be found under the Help Menu.
Simply provide the tool with the GPG file and Password from Apple and let WRAT download, decrypt
and organize the data, creating the UFD and UFDX files to make processing the data easier.

2.5. Complimentary Reader Training
You can now take free online Reader training in the new Learning Hub. This is aimed at Investigators,
Analysts, District Attorneys, and Private Investigators. Your agency can easily keep your teams updated
for better collaboration and faster case closure.
2.6. Learning Hub
Welcome to the Learning Hub in PA and Reader! Online Users Exclusive.
Dive into our Learning Hub, tailored for seamless navigation and enriched with over 40 new training
videos. Enhance your skills with interactive learning - download practical samples phone extractions
from MyCellebrite and apply them during video sessions.
Start now - boost your team’s expertise for peak performance!
2.6.1. Key Features:
Training videos for PA and Reader
Select videos as a favorite for quick access
Open Videos in a new window, allowing you to watch tutorials and navigate PA
simultaneously
Search function
Video duration
2.6.2. Main Areas:
Training
Beginner: Get started with essential tutorials
Advanced: Deepen your expertise with advanced guides
2.6.3. Video Labels:
Ask the Expert: Insights from professionals
Tips & Tricks: Useful shortcuts and best practices
How To: Step-by-step guides
2.7. Chat Activities (Recipients)
You can now view the status of a message that was sent from an owner’s device, such as Read,
Received, and Open. The status is updated with the date and time.

Other actions include:
Recipients tab: Open and view the status of a message by selecting Recipients on the Device
owner’s Conversation chat.
Status: No message sent: No messages were sent from this participant in this chat group.
2.8. Hex Tags
You can now tag highlighted bytes in Hex View for any file. Hex tags can be color-coded and reported
on like normal tags and they are viewable in Cellebrite Reader.
2.9. Decoding Incremental
We are excited to announce that Inseyets.PA 10.3 introduces support for incremental Decoding Engine
updates. This installation will only update the decoding engine and not the PA version which will
expand the support of decoded applications.
We recognize that applications are forever evolving; whether that’s an entire overhaul of the
application’s back-end or simply renaming a field in a database, these changes often affect the data
that can be decoded, sometimes completely preventing anything from parsing at all.
We at Cellebrite are constantly updating the support for these applications in an effort to expedite
your investigations.
Coming soon these incremental updates will be a small easy-to-install package requiring minimal
waiting time.
2.9.1. Downloading & Installing
Each Decoding Engine release is tied to a specific version of Physical Analyzer to ensure compatibility
and is available for download from the Community Portal. For users who are connected to the internet,
you may receive notifications when an update is available.
The current version of the Decoding Engine in use on your Physical Analyzer installation can be found
in the About Screen available via the Help menu.

The specific version of the Decoding Engine used to process an extraction can be found in the Case
Details.
2.9.2. Rolling Back
If for any reason you need to Roll Back to an earlier version of the Decoding Engine, simply run the
installer for the required version. Note that the currently installed version of Physical Analyzer must be
compatible with the DE version being installed.
The use of this feature is completely optional, and all Decoding Engine updates are
consolidated into the next release of this product. This feature is exclusive to PA
10 and it provides a more up to date and advanced decoding than PA 7. Please
note that this will create a disparity between PA7 and PA10.

2.10. UFED to PA Streamline
We are happy to introduce new and enhanced capabilities that allow you to enter additional
case/report information directly into the Inseyets UFED system. This information seamlessly transfers
to the Physical Analyzer system and is integrated into the generated reports, ensuring a more
comprehensive and organized case process.
The new parameters that can be entered in UFED and passed to Physical Analyzer are:
Crime Type
Department
Location
Report Path
Report Name
2.11. SDL Translation Engine Update 8.6.3
We've upgraded our language engine offering improved translation capabilities and an expanded
vocabulary. You can now enjoy more accurate translations and access a richer pool of words for
enhanced communication.
You can't run PA 7.68, which uses the old SDL engine, and Inseyets.PA 10.3, which
uses the new SDL 8.6.3 engine together on the same machine. The engine will
sync in the PA 7.69 release, which also uses the new SDL 8.6.3 engine. To use both
versions simultaneously, upgrade to PA 7.69 and Inseyets 10.3.
2.12. Offline Maps
The Offline Maps available for download have been updated and are available from the Cellebrite
Portal.

3. Decoding Engine Version 11.1,11.2 & 11.3
3.1. Updated Decoding Capabilities

Android
Decoding Engine 11.1 adds support for Location and Search data from
AlpineQuest Off-Road Explorer
AlpineQuest Off-road Explorer.
Support for Maps.Me support User Account, Search Queries and Location
Maps.Me
information.
DE11.2 brings support for Blue Kik; a mod designed to enhance the user
Blue Kik
experience of the Kik Messaging application.
DE11.3 introduces support for the ChatGPT AI Assistant app for Android. This
app allows users to have a Chat style conversation with ChatGPT who will
ChatGPT
respond to questions, provided internet search capabilities and create
images etc.
Nova is an alternative ChatGPT based AI Assistant that provides Chat

Nova conversation style messages with ChatGPT to find answers and create
content.
iOS
Secure Messenger Teleguard is a messaging application that guarantees

user anonymity. No data is stored on a server, making this application the
Teleguard
most secure way to obtain information. PA now supports User Account,
Messages, Posts, Call and Contacts.
Support for Maps.Me support User Account, Search Queries and Location
Maps.Me
information.
OnOff is a Burner style application that allows users to obtain disposable

OnOff phone numbers on their primary device to use for phone calls and
messaging.

iOS
DE11.3 introduces support for the ChatGPT AI Assistant app for iOS. This app
allows users to have a Chat style conversation with ChatGPT who will
ChatGPT
respond to questions, provide internet search capabilities and create images
etc.
MySudo for iOS is advertised as an ‘all-in-one’ privacy app which provides

MySudo users with secure communications (Phone, SMS, and Email) and allows for
temporary phone numbers to be assigned.
New support introduced for the Audio Route stream from knowledge &
Biome files. This new artifact indicates both the input audio route (e.g.
microphone, Bluetooth) and audio output route (e.g. Speaker, Earpiece,
iOS Native Improvements Bluetooth, Headset) and includes external device identifier information
where available.
DE11.1 introduces a new attribute to Call History artifacts to provide the

reason that a call ended such as User Hangup, Other Party Hangup or
Poor connection etc.
Cloud
Our cloud capabilities enhance the Facebook parser run time and add new
Facebook Data Source
important Facebook artifacts: Blocked contacts, comments, sub-comments,
Enhancements
and attachments of comments

3.2. Update Parsers
We updated 16 Parsers in this version.
App Android iOS
AlpineQuest Off-Road Explorer 2.3.8 N/A
Blue Kik 5.6.1 N/A
Facebook 465.0.0.60.83 464.0.0.39.106
Facebook Messenger 465.0.0.60.83 459.0.0.27.109
Maps.Me v15.7.71702-googleRelease 459.0.0.27.109
OnOff - 5.6.1
Snapchat 12.87.0.44 12.87.1
Snapchat Warrant Return N/A
Telegram 10.12.0 (4710) 10.12 (28784)
Teleguard Secure Messenger - 3.3.0
WhatsApp 2.24.10.85 2.24.10.79
Physical Analyzer is designed to provide examiners with a means to analyze a

single device at a time. A ‘single device’ may include multiple extractions such as a
phone image and an SD card for example. However, it is not recommended to add
extractions from different physical devices (such as 2 different phones) as a single
device in PA as this will likely result in cross-contaminated data.
Support for multiple devices in a single case will be supported in the future.
Do you have a suggestion for an app we should support? Email us at

CellebriteAppSupport@cellebrite.com with details.

4. Known Limitations
The following table is a list of Known Limitations and a brief description:
Known Limitations Ticket ID
PDF Report Limitation:
Some emojis may not be displayed correctly in PDF reports generated by PA and Reader.
00626711
This is because there is not a single font that supports all emojis. This issue is not
specific to PA/Reader, but rather it is an industry-wide challenge. Cellebrite will continue
to work towards finding a general solution.
Document Content search is not supported in Cellebrite Reader. N/A
If upgrading from PA 10.0 or earlier, document content searching is unavailable.

Reprocessing the extraction in 10.x or higher makes document content available for N/A
searching.
When selecting a location in the Locations model that includes >200 aggregated sub-
locations, PA will only highlight/select the first 200 in the table view. J_PAOD- 31303
This results in any sub-locations in excess of the first 200 not being highlighted/selected.
Filtering the Locations model table by source file may return less results than
J_PAOD- 31679
anticipated.
In extractions that contain an excessively large Telegram database, PA will fail during
J_31169
decoding.
When utilizing translation packages (SDL), users cannot run PA 7.68 and Inseyets.PA 10.3
together on the same machine due to conflicting translation engine versions.
N/A
The engine versions will sync in the PA 7.69 release. To use both versions at once ,
upgrade to PA 7.69 and Inseyets 10.3.
Commander cannot distribute Inseyets.PA version to the end points (targeted to PA 10.4).
N/A
It can only distribute the license.
UFDX files with long files path can cause issues. UFDX files which point to a UFD location
with a long file path can cause issues as they are not automatically converted to long file N/A
paths.
In some cases having multiple cryptocurrencies in one wallet may cause the dashboard
to go blank. When examining a cryptocurrency wallet with multiple different coins, N/A
selection of anything other than the primary currency return a blank page.
Not all app sources are displayed when searching by attached media. Not all Applications
N/A
may show in the Media Viewer’s Attachment Source Filter.

Known Limitations Ticket ID
When loading 2 UFDRs generated from the same source, duplicates are not recalculated
N/A
but rather taken from each UFDR separately, which may result in unidentified duplicates.
Learning Hub Reader Login Fails:
Users may occasionally encounter login issues when accessing the Learning Hub via N/A
Reader. Usually, retrying the log in process several times will resolve this issue.
Learning Hub favorites are not saved between sessions. Note that these favorite
N/A
selections are not currently saved when PA is closed.
Learning Hub videos selected on the Training tab duplicates the selected video on
N/A
Favorites tab.
Learning Hub All tab : There is a navigation issue between the "All Category" tab and the
N/A
rest of the categories.

5. Solved Issues
The following issues were solved in the Inseyets.PA application and decoding for version 10:
Solved Issue Descriptions Ticket ID
An issue was resolved that caused Reader to take

Load UFDR 00815440
longer than normal to open a UFDR.
Private Cloud Media Classify Images and videos to a case - PA hangs -

00817297
classification German UI.
00783798 |
00789894 |
Cloud tab unavailable when we open multiple 00796415 |
Private Cloud
evidence. 00803112 |
00812241 |
00823790
71155 | 00805415 |
Timezone settings PA / Reader
PA / Reader Ignores the Timezone settings. 00813594 |
Ignores
00814929
00813823 |
Cases Screen sorting Incorrect sorting by dates in the new cases screen. 00814299 |
00815461
00811359 |
Thumbnail view Latency Latency when scrolling down on multiple images. 00816190 |
00819213
Mistakenly identified Windows Registry Artifacts in

Physical Analyzer 00809544
iOS and Android extractions.
SDL Translate Mistake in translating Croatian->English. 00657334
SDL Translate SDL doesn't work when 2 dongles are attached. 00797274
Some media items caused PA to fail when trying to

Image Classification 00805935
open the Unclassified Media section.

Unable to select specific classifications after

Image Classification unselecting all classifications when attempting to run 00792370
media classification.
00773420 |
00785816 |
Media classification is run only on the first extraction
Image Classification 00785707 |
when multiple extractions belong to the same UFDX.
00807890 |
00810399
Number of files column sorting / filtering doesn't

Archive filtering and sorting 00797356
work.
Fails to process 'open advanced' extraction while

Adding extraction limitation 00796056
adding it to an existing case.
00802898 |
00831219 |
An issue was resolved which prevented Silk files from
Silk Files (Multiple) 00795120 |
playing.
00697708 |
00807914
PA Hangs when retrieving addresses for more than

Retrieve address 00795174
1000 locations.
Bitdefender download does not produce

Malware Scan 00800057
definitions64.msd file.
Case Info Case info is not shown in Reader. 00796028
00757488 |
00773412 |
Large Telegram databases (~10GB) would take a long 00775640 |
time to process, causing the appearance of a crash. 00777319 |
Telegram
Improvements have been made to the handling of 00735392 |
these large databases. 00802119 |
00819069 |
00816352

PDF report name Report can’t be generated when file name is too long. 00783766
00773420 |
00785816 |
Reader Dashboard Not showing the Report Filter used. 00785707 |
00807890 |
00810399
Reader crashes after deleting tagged items from a

Reader Crash 00820257
Report loaded with a PAS file.
Reader produces an empty PDF Report when loading

Empty PDF Report 00809500
a Report and a PAS file.
An edge case was discovered which resulted in Chat 00820702 |

Missing Chats in Reader
Messages not loading in UFDR reports. 00823541
Crypto Analysis Results in

Crypto data is not displayed in Reader. 00789541
Reader
For some extractions, the size of the generated UFDR

UFDR Size J_PAOD-32923
grossly exceeds the overall size of extraction.
When examining Media in Thumbnail View, PA

becomes sluggish and unresponsive. This includes
Thumbnail View J_PAOD-32533
applying/removing filters and tags (single and in-bulk)
and selecting items for report.
We have aligned Media Timestamps across PA, to

Media Timestamps have a consistent representation of Timestamps and 00771155
their Timezones.

Solved Decoding
Descriptions Ticket ID
Issues
Improvements made to the MetaMask parser to fix a

iOS MetaMask temperamental issue which caused the parser not to 00723556
run.
00803345 |
00803745 00806791
Updated Facebook Warrant Return parser to account
Facebook Warrant Returns | 00807262
for changes made to the formatting of the return.
00807253 |
00823211
Bug fixed which prevented System Messages from

iOS SnapChat 00808398
being parsed.
Bug fixed which resulted in padding remaining at the

iOS SnapChat end of decrypted media files. This padding caused the 00808710
files hash values to differ from the expected values.
Correction made which showed some 3rd party

iOS Call History DE-7639
application calls as “Answered” which were not.
Corrected an issue where Facebook failed to parse

iOS Facebook DE-7557
resulting in errors in the Trace window.
Fixed a bug which caused some Telegram media

Android Telegram DE-7473
attachments to not parse.
An issue was found which resulted in failure to parse

Nokia Multipart SMS 00648930
multipart SMS messages from some Nokia devices.
00782305 |
Changes were made to our parsers to handle the 00808883 00810392
Instagram Warrant Return updated changed Meta made to their Warrant | 00777715
Returns. 00811031 |
00810949 00805176
An issue was resolved which could cause the

Android Facebook Messenger 00816898
incorrect party to be labeled as the device owner.

Solved Decoding
Descriptions Ticket ID
Issues
Issue rectified that results in better deleted message

Telegram DE-7758
recovery.
Improved parser by connecting deleted/recovered

WhatsApp media messages to their correct timestamp/sender DE-7687
information.
iOS Coinbase Transactions An issue was found which prevented some

DE-5674
Missing transactions from appearing in the parsed data.

5.1. Packaging and Documentation
You can find downloads and guides for Inseyets at MyCellebrite Community.
The guides that are provided with the product or included in the product download are current when
the product is released. If there are any guide updates after the product is released, you can download
these updates from the MyCellebrite website. It’s important to regularly check the Release Notes as
they are frequently updated.
5.2. Packaging and Delivery Information
Inseyets is our digital forensics suite that enables forensic teams to increase their case closure rates
and scale to meet growing data demands. The technology is built to make your teams more efficient
and deliver insights so your teams can surface key digital evidence during an investigation. It’s all
available in a single solution so your department can start solving cases faster.
Inseyets.PA consists of many individual components:
Fig 1: Main components of Inseyets suite
For your convenience, this bundle is delivered as individual installers on Cellebrite MyCellebrite.

5.3. Software Components of Inseyets
The following table lists all components of Inseyets. Cellebrite recommends using MyCellebrite support
center to download software.
Group Components Version Availability
Inseyets Physical Analyzer 10.3 MyCellebrite Community
Inseyets.PA Pro customers

Cellebrite Physical Analyzer 7.x include 7.x license
MyCellebrite Community
Oct 25, 2021 release

Smart Translator Language Packs 10.3
Warrant Return Automation Tool

1.1.7 MyCellebrite Community
(WRAT)
Inseyets.PA Jan 13, 2020 release

Offline Map Packs
Streamline 10.3 MyCellebrite Community
BitDefender MyCellebrite Community
SHA256 Hash Generator MyCellebrite Community
iOS Device Support Package 5.19 5.19 MyCellebrite Community
Cloud
10.3 MyCellebrite Community
(formerly known as UFED Cloud)
Streamline 10.3 MyCellebrite Community
Inseyets.UFED Quick View 10.3 MyCellebrite Community
Triage 10.3 MyCellebrite Community
Commander Commander 7.30 MyCellebrite Community
Reader Reader 10.3 MyCellebrite Community
Autonomy Autonomy 10.3 MyCellebrite Community

5.4. Related Documentation
For additional information about Inseyets or for supplemental information about related products,
refer to the following documents, which are available on MyCellebrite Community.
Cellebrite Inseyets Physical Analyzer Manual
Get started quickly with our Inseyets onboarding videos
Free Open Source Software List - Inseyets.PA
Supported Apps: Android & iOS 10.3
Supported Apps: Win Phone BlackBerry 7.2
Supported models and fields
Drone support
Analyzing MTK Backup Files

6. Features Included in Inseyets Core and Pro Licenses
The following table lists all feature capabilities of Inseyets.PA Core and Pro licenses. Please consult with
your Cellebrite Account Representative to better understand the capabilities.
Category Feature Core Pro Notes
Mobile backup (Cellebrite, Graykey,

Elcomsoft)
Warrant returns
Cloud (Private)Computer (Windows

only)
Data Sources
Computer (Windows only)
Storage devices
Drones
Vehicle
Analyzed Data (Models)
Case Import/Export
Dashboard
Decoding Parser & Application

Data Review
Support
Search
Tags
Timeline

Carving
Hash Sets
Recover Data from Archives
Enrichment
Cryptocurrency 'Chainalysis'
Enrichment
Cryptocurrency Scanner
Media Classification
Commander Integration
Hex View
Malware Scanner
Selecting Decoding
Source File Info
Watchlist
Advanced
Tools AppGenie
Media Origin
Python In Preview Mode
Run Plug-in
Language Add-ons
Smart Translations (SDL) Premium
available in Pro ONLY
SQLite Wizard

Reader
Reports
Reports

7. Installation Guidelines
Use the following guidelines when installing Inseyets.PA Version 10.3:
Inseyets 10.3 can run simultaneously with 7.x versions of Physical Analyzer.
Inseyets 10.3 cannot be installed on the same PC as a Cellebrite Pathfinder installation.
The current version of Inseyets 10.3 supports upgrades without the need to uninstall prior to
upgrading.
When upgrading the Inseyets 10.3 version, the case data remains the same.
If you have version 8.8.x or higher installed, you can upgrade it to the current version without doing
an uninstall. For versions prior to 8.8, an uninstallation process is required.
Uninstalling Inseyets.PA 10.3 will remove all cases and case data, including
Global settings such as Watchlist and Hashset definitions. Existing cases will no
longer be accessible, unless exported prior to deletion.
During installation you will be prompted that certain services need to be stopped before the
install/upgrade can continue. Allow the installer to close all services.
In certain instances, the installation may encounter an issue re-starting one of the services it needs
to complete the installation.
Example: "Service 'SERVICE_NAME' failed to start. Verify that you have sufficient
privileges to start system services."
Where 'SERVICE NAME' is the name of the specified service that failed to start.
Despite the error message indicating insufficient privileges, there is no

privileges issue. If you encounter this issue, please cancel the install/upgrade,
which will roll back to your last installed version. Once the roll back is
complete, restart your machine and run the install/upgrade again. If this issue
persists contact support.

8. Supported Environments and Compatibility
The table below lists the recommended hardware configuration for running Inseyets.PA.
Due to Physical Analyzer now utilizing a database infrastructure, there is an increased number of disk
I/O operations, and it is highly recommended to use multiple, fast NVMe/SSD drives for PA’s setup.
HDD (Platter) drives are not recommended for either the PA Database or Temp Files locations, due to
their limited performance.
Best performance will be achieved if the extraction being processed is also stored on a high-
performance drive, but it is also supported from any media type including HDD, USB or Network
Storage.
8.1. Installation Suggestion and Specification Recommendations

Recommended Deployments
Number of Drives Disk One Disk Two
Windows OS
Two Drives PA Installation Database (Data Folder)
Temp Files
Windows OS
Three Drives Database (Data Folder)
PA Installation
NOTE: If the OS Drive has limited free storage, configure the Temp files on the same drive where the
evidence files are located.
The Database (Data Folder) should be allocated to the fastest drive, which should
not be the same as the OS Drive.

Minimum Specifications: Longer Processing Times
These specifications are designed for situations where extractions are infrequent and processing
speed is not a top priority. They allow users to open most extractions within a reasonable
timeframe, making them suitable for environments with occasional use of enrichments and a low
volume of data. Choosing standard enrichments may result in longer processing times.
CPU Line i5*
CPU Generation Gen. 8
RAM Size 16GB
RAM Type DDR3
RAM Speed 1600 MHz
1x SSD SATA (500MB/s) SSD is required -

Physical Analyzer has an internal database;
the type and speed of your storage
Disk Drives
significantly impacts product performance.
HDD storage will hinder performance
significantly.
All in One (1TB)
Disk Purpose & Size* 50 GB of free disk space for installation
Add-ons: 512 GB (offline maps)
Windows 10 (64 bit) or Windows 11

Operating System NOTE: From version 8.9, the minimum OS
version is Windows 10, version 1903.
Not required, but recommended for Media

GPU Cores
Analytics - 1900 CUDA Cores or Above.
Recommended GPU NVIDIA RTX A2000 (8/12GB)
Inseyets PA and the Windows OS both utilize Temp files to manage tasks and
supplement missing RAM. You must have enough available disk space in the
designated Temp folders to process large extractions. If the disk space is too low,
these extractions may not open.

Core Specifications: Standard Processing Times
Tailored for moderate-volume production, these specifications provide efficient access to most
extractions within a reasonable timeframe. While certain extractions or combinations with
enrichments may open more slowly, this is a good fit for environments where extractions
occasionally involve mixed enrichment settings, prioritizing overall speed and efficiency, though
not necessarily critical. Consistent processing times when standard enrichments are selected.
Choosing standard enrichments results in consistently shorter processing times.
CPU Line i7 K Variant*
CPU Generation Gen. 10
RAM Size 64 GB
RAM Type DDR4
RAM Speed 2666 MHz
Disk Drives 2x NVMe Drives (3000MB/s or Above)
1 Drive for OS
Disk Purpose & Size* PA Install Evidence (1 TB or Above)
1 Drive for PG Data (500 GB or Above)
Operating System Windows 11
GPU Cores 3500 CUDA Cores or Above
Recommended GPU NVIDIA RTX A4000 (16 GB)

Optimal Specifications: Fastest Processing Times
Crucial for consistently handling large extractions and maximizing the potential of all available
extraction enrichment combinations, these high-performance and scale specifications prioritize
critical speed and efficiency. Ideal for users with a frequent need to ingest, process, enrich, and
analyze extractions of varying sizes, where speed and efficiency are critical to the examiner's
workflow. Choosing additional enrichments results in fastest processing times.
CPU Line i9 K Variant*
CPU Generation Gen. 12 or Above
RAM Size 128 GB or Above
RAM Type DDR5
RAM Speed 3200 MHz or Above
3x NVMe Drives with PCIe (5000 MB/s or

Disk Drives
Above)
1 Drive for OS, PA Install (2 TB or

Above)
Disk Purpose & Size*
1 Drive for Evidence (2 TB or Above)
1 Drive for PG Data (1 TB or Above)
Operating System Windows 11
GPU Cores 3500 CUDA Cores or Above
Recommended GPU NVIDIA RTX A4000 (16 GB)
*AMD Equivalent Processors are supported although CPU based Media Classification performance may
be slightly slower due to differences in architecture.

Reader System Requirements
PC Windows compatible PC with intel i5 and higher or compatible
Operating Microsoft Windows 11, 64-bit
System Microsoft Windows 10,64-bit
Memory (RAM) 16 GB
The Reader.exe is approximately 1 GB. It will require an additional 800 MB when running.
Space
Additional space is required for temporary files that are needed when opening the UFDR.
Requirements
The total volume required is approximately 40% of the size of the UFDR.
Microsoft.NET version 4.6.2

Additional
Windows Media Player (default version for installed operating system or higher) to use
Requirements
the Capture tool and play video playback.
Machines with more RAM will enjoy a better user experience. We encourage
users to upgrade their system memory to fully benefit from these improvements.
Systems with limited memory may experience reduced performance. For an
optimal experience, ensure your computer has sufficient memory capacity.
Larger extractions may require more RAM and disk space than the minimum
specification.

8.2. Support for Virtual Machines
Inseyets.PA is compatible with the server versions of the operating systems specified in its release
notes. These versions can be installed on either physical or virtual hosts, including cloud platforms like
Google Cloud, Amazon Web Services, and Microsoft Azure. Customers opting for a virtual environment
are advised to choose a virtualization platform that is designed for production systems and is fully
endorsed by the server operating system provider.
Although virtualization products are not officially tested environments for Inseyets.PA, Cellebrite will
strive to provide support if any issues occur. In some cases, it may be necessary to replicate a problem
in a non-virtualized environment to accurately diagnose and resolve the issue.
Inseyets.PA is a resource intensive application and will need at least the same
amount of resources in a virtual environment as it does in a physical one. As a
result, virtual hosts may need additional resources beyond your standard VM
configuration to achieve desired performance. For scenarios where performance
is critical, static or committed resources within a virtual environment are typically
required. Virtual machines require software licenses.

9. Supported Central Processing Units (CPU)
The Central Processing Unit (CPU), the main component of a computer, carries out instructions from
computer programs, including arithmetic, logic, control, and input/output operations. If your system
has a Graphics Processing Unit (GPU) on a Physical Analyzer machine, you can use most CPUs because
the GPU will manage media classification tasks. If there’s no GPU, we use AI models that work with
Intel’s OpenVINO toolkit.
For the best performance and stability, Intel suggests using CPUs from their recommended list:
Intel Atom® processors with Intel® SSE4.2 support
Intel® Pentium® processors N4200/5, N3350/5, N3450/5 with Intel® HD Graphics
6th to 14th generation Intel® Core™ processors
Intel® Core™ Ultra (codename Meteor Lake)
1st to 5th generation Intel® Xeon® Scalable Processors
ARM and ARM64 CPUs; including Apple M1, M2, and Raspberry Pi models
The list provided above is applicable to the most recent version of the ImAn server, which is version
7.5.11. If you require details for previous versions, please refer to the resources mentioned below:
The present list is derived from the official OpenVINO website, which can be accessed at the
following URL: https://docs.openvino.ai/2023.3/system_requirements.html.
For system requirements pertaining to older versions of ImAn, which utilize previous releases of
OpenVINO, please see: https://docs.openvino.ai/archive/2020.1/_docs_install_guides_installing_
openvino_windows.html#system_requirements%20.

10. Supported Graphics Processing Unit (GPU)
10.1. What Does a GPU Do?
See the Intel Blog for a complete overview of the GPU. This overview will help you decide which GPU to
purchase.
The graphics processing unit, (GPU), has become one of the most important types of computing
technology, both for personal and business computing. Designed for parallel processing, the GPU is
used in a wide range of applications, including graphics and video rendering. Although they are best
known for their capabilities in gaming, GPUs are becoming more popular for their use in creative
production and Artificial Intelligence (AI).
GPUs were originally designed to accelerate the rendering of 3D graphics. Over time, they became
more flexible and programmable, enhancing their capabilities. This allowed graphics programmers to
create more interesting visual effects and realistic scenes with advanced lighting and shadowing
techniques. Other developers also began to tap the power of GPUs to dramatically accelerate
additional workloads in high performance computing (HPC), deep learning, and more.
10.2. How Does Cellebrite Use the GPU?
Cellebrite makes use of the GPU for the Image Analytics Service when categorizing media files. Moving
forward, we plan to leverage GPUs for more capabilities outlined in our roadmap, including thumbnail
generation and hash set matches, along with other operations that demand significant computing
resources.

10.3. Supported GPUs
Supported GPUs
We support all Ampere and Turing Architecture GPUs, specifically, we have tested the following GPUs:
NVIDIA RTX A2000*/A4000/A4500
NVIDIA RTX 4000/5000/6000
NVIDIA A10
NVIDIA V100
NVIDIA GeForce GTX 2070/2080
NVIDIA GeForce RTX 30 series (3060/3070/3090/3080**)
NVIDIA Tesla P40
NVIDIA Tesla M60
NVIDIA Tesla T4 (Requires sufficient cooling)
NVIDIA Quadro RTX 4000
NVIDIA Quadro P4000/P6000
* We consider this the best GPU option. (The results are not guaranteed and can vary.)
** Not specifically tested, but should be supported.

11. Support for Application Languages
Inseyets.PA supports the following user interface languages:
Language Language Code User Interface
Arabic AR Yes
Croation HR Yes
Czech CS Yes
Danish DA Yes
Dutch NL Yes
English EN Yes
Estonian ET Yes
French FR Yes
German DE Yes
Greek EL Yes
Hebrew HE Yes
Hindi HI Yes
Hungarian HU Yes
Italian IT Yes
Japanese JA Yes
Korean KO Yes
Latvian LV Yes
Lithuanian LT Yes
Norwegian NN Yes

Language Language Code User Interface
Polish PL Yes
Portuguese (Brazil) PT-BR Yes
Portuguese (Portugal) PT Yes
Slovak SK Yes
Spanish (EU) ES Yes
Spanish (LATAM) ES-419 Yes
Swedish SV Yes
Thai TH Yes
Vietnamese VI Yes
The default UI language for the components is English; other languages are available as language packs
or language module versions on MyCellebrite Community
In many cases, administrative user interfaces are only available in English.

12. Feature Comparison — Inseyets.PA 10.x vs PA 7.x
Features Inseyets.PA 10.x PA 7x
Mobile (Cellebrite,
Graykey) Mobile (Cellebrite,
Graykey)
Computer (Windows)
Warrant returns
Warrant returns
Cloud
Evidence Source Cloud
Drones
Drones
Vehicle
Vehicle
Storage device
Storage device
Backup
Backup
Decoding Parser & Application Support
Cases
Dashboard
Dedicated Locations Interface
Case Import / Export
Cryptocurrency ‘Chainalysis’
Enrichment
Media Origin
Database Infrastructure Based
Text Based Document Search

UFED to PA Streamline
Extraction Info
Reports
Analyzed Data (Models)
Timeline
Tags
Search
Advanced Search (Improved)

Hex View & Source File Info
UI Translation
Malware Scanner
Watch List
Hash Sets
Selective Decoding
Reader
Insights
Carving
Media Classification
Cryptocurrency Scanner
Recover Data from Archives
AppGenie
SQLite Wizard
Private Cloud Private Cloud Standalone License
Premium Translation (SDL) Smart Translation (SDL)

Optional Upgrade* Optional Upgrade*
Basic Translations

Run Fuzzy Model ?**
Python In Preview Mode
Run Plug-in
Screenshot Tool
Public Cloud
Tom Tom
Virtual Analyzer ?**
iPhysical extraction (iPhone 4 iOS) ?**
*Smart Translations (SDL) requires a license upgrade at an extra cost. Please contact your sales
representative for more information in the interim.
** These features are being reviewed for possible removal, inclusion into another feature, and/or
replacement.

13. Feature Modifications
The features in the table below have been modified to improve their functionality:
Feature Change Description
This tab provides a distinct area for all location-

New Location tab Provides related data. Locations have been categorized into:
more meaningful location Groups (visited, points of interest, media, other)
descriptions. Subgroups (places - mentioned, searched, harvested,
external, etc.)
In Inseyets.PA, the Location view displays only events

with actual locations. Inseyets.PA creates locations
for records even if the location where the event
occurred is not specified.
Locations All event types with specific For example if a device owner searched for a
restaurant that is located in Manhattan, Inseyets.PA
locations are displayed in the
creates a linked location to express the location
Map view. aspect of the search. However, this is not necessarily
the user’s actual location when the search was
performed.
Note: The linked location created in this case is not a

visited location.
This view displays the models of events that have

Location view - right pane.
actual, physical locations.
The Watchlist, Global Search, and Table Search have

been improved by removing irrelevant fields from the
list of fields that are searched. Field types are
excluded from Watchlists: PA generated (i.e., internal)
GUIDs and Hashes.
Note: Externally generated GUIDs (e.g.,

Watchlist Different number of results. Facebook/Google IDs) are not excluded. Timestamps.
Numeric (doubles and integers such as FileSize, or
various record counts, amounts of money, as well as
Offset in SourceFileInfo). Booleans, bit-flags, and
Enumeration fields. Anything that has a fixed set of
known values, such as DeletedState, hasAttachment,
DeviceType, etc.
Global Search See Watchlist, above. See Watchlist above.

Feature Change Description
Table Search See Watchlist, above. See Watchlist above.
Different counts of duplicate De-duplication logic used to identify duplicates and to

De-duplication items. select the main item that has been modified.
Different numbers of known The Inseyets.PA hash database is updated to include

Hash DB files. Computer Forensics Known Files.
PA7 reduces the number of records by unifying those

Different number of timeline that have identical start dates and end dates.
Timeline events. Inseyets.PA keeps individual records of each event
timestamp.
When importing hash sets into the Hash Manager

Importing hash set into the database, the file containing the hash set must be
Hash Sets Hash Manager database stored on the local workstation. Importing files from
network locations is not supported.

14. Inseyets.PA FAQs
Inseyets.PA brings persistence and resilience to your examinations and significantly boots your ability
to increase case closure rates and stay on top of growing data volumes. We are committed to providing
the best digital forensic offerings to ensure your teams are prepared to address these challenges.
We understand that by launching Inseyets.PA, you may have some unanswered questions. This FAQ
section was created to provide you with further clarity on how to use Inseyets.PA, including its features
and functionality, as well as insights into upcoming releases.
The FAQs will be updated with every release with the relevant information.
14.1. Before you Start
Q: Do I need a different license for Inseyets.PA?
No. The same PA license can be used for PA 7.x, PA Ultra, and Inseyets PA at no additional cost.
Q: Will I have to uninstall PA 7.x to install Inseyets 10.x?
No. Inseyets PA 10.x can be installed alongside PA 7.x and will even run at the same time. However,
you need to close PA 7.x while you install Inseyets 10.x.
Q: Will I have to uninstall previous versions of PA Ultra to upgrade to Inseyets.PA 10.x.?
No. Inseyets.PA includes an upgrade feature which will replace older versions without the need to
uninstall.
Q: What happens to my case data if I uninstall Inseyets.PA?
Uninstalling Inseyets.PA will cause the loss of any case data, unless you already exported the case
data and stored it. The original extraction will remain secure where you saved it. In addition
uninstalling will erase any Hash sets, Watch lists or any other non-default global settings.
Q: Will Inseyets PA work alongside my other forensic software?
Inseyets.PA will work alongside most other forensic tools. However, Inseyets.PA and PathFinder
(Single User) cannot be installed on the same computer.
Q: What is the recommended installation configuration? Installation of Inseyets.PA requires specifying

these two paths:
Application path
Default database path (Location can be changed on a case-by-case basis)
We recommend configuring the default database path on a separate, high-performance drive as this
can have a significant impact on the parsing speed.

As displayed above, using an NVMe drive is almost twice as fast at processing an extraction when
compared to a SATA Platter drive.
Q: Can I install Inseyets.PA and utilize a network drive/NAS to store the case data?
Installing the Postgres databases on a machine other than the Postgres Service is not supported.
Network instability can cause issues when creating or accessing the data from a network drive. This
option is not available.
Q: Does Inseyets.PA support GPU for Media Classification?
As of version PA 8.5, all versions of PA Ultra through 8.8 and Inseyets.PA include GPU support.
14.2. Manage your Case Data
Q: How do I manage Sessions (.pas) files?
Inseyets.PA is built on top of a database, any updates made by the user are immediately saved in
the database, so there is no longer a need to use .pas files before generating a UFDR file. If you are
using Inseyets.PA Reader to review a UFDR then you can use session files in a similar fashion as in
PA 7.x
You cannot use PAS files between PA 7.x and Inseyets.PA.
Q: How big are the cases in Inseyets.PA?
The database that Inseyets.PA creates only stores the results of the parsers but not the data itself.
While this necessitates continued access to the original extraction, it means that the database that
it creates is compact.
Example: A 60GB extraction results in a 7GB database and A 16GB extraction results
in a GB database.
Currently, it is possible to add multiple extractions to a device, but not to add multiple devices to a
case. We are working on adding support for multiple devices in a future release.
Q: Can I place my extractions and other evidence files on a network drive and open them from my
machine?

Yes. This is possible. Note that if the extraction becomes inaccessible, you will lose access to the
data files until the extraction is restored.
Q: How are the cases separated in Inseyets PA?
Each case is separated into its own database and saved in either the default case data location or in
the location specified at the time of case creation.
Q: Does Inseyets PA perform cross-device comparisons?
No. Although Inseyets.PA is designed to eventually allow multiple devices to exist in a single case, it
is still a tool for examining a single device at a time and not for cross-device analysis.
Q: How do I edit/delete/export a case in Inseyets.PA?
Editing a case includes altering the Case information, Device information or adding extractions to a
case. In the future, this will also include adding additional devices to a case.
The user must first ensure that the case is not open, then, from the Case Management screen, use
the inline case action menu (three vertical dots) where you can Close, Edit, Delete, Export, or
Upgrade a case.
Q: What is “Case Upgrade”?
With each release of Inseyets.PA, there might be slight changes to the database schema with the
addition of new functionality. This necessitates each case being “upgraded” to work in the current
release. It does not make any changes to the data other than making it compatible with the latest
database schema.
Q: What happens to existing cases during upgrade?
During the Inseyets.PA upgrade process, your existing cases will be backed up and restored
automatically.
Q: Are existing cases reprocessed with the new parsers when upgrading to new versions?
No. Minor adjustments may be made to the database schema to ensure compatibility, but no data
will be altered. This means that you can open an old case at any point in the future and be
confident the data is the same as when it was first parsed.
To take advantage of new parsing capabilities in the new version of Inseyets.PA, a new case must
be recreated and reprocessed. There is no requirement to delete the existing case if you wish to
retain both.

15. General
Q: Why did I get different results in Inseyets.PA compared to PA 7.x?
PA Ultra and Inseyets.PA use the same decoding engine as PA7.x and are fully aligned with PA7.x
releases as shown in the table below.
PA Ultra/Inseyets.PA Version Aligned to PA 7.x
Inseyets.PA 10.0 7.66
Inseyets.PA 10.2.1 7.68
It is important to also note that differences in the deduplication logic may result in some differences in
the record counts.
Q: Does Inseyets.PA allow multiple users to collaborate?
Like PA7.x, Inseyets.PA is designed as a single user tool. It is not designed for multi-user
collaboration.
Q: Does Inseyets.PA support running multiple instances?
Yes – Inseyets.PA supports running multiple instances of the same version and future releases will
support the installation of different Inseyets.PA versions.
It is not recommended to run resource-heavy activity, such as processing an

extraction, in multiple instances at the same time.
Q: When would I use Inseyets.PA instead of Cellebrite Inspector? And vice versa.
The breadth (number of source types) and depth (number of artifact types) differs between
Inseyets.PA and Inspector and deciding which product to use will depend on your case needs. In
some cases, you may start your examination in one and complete it in the other. Generally,
Inseyets.PA is your go-to solution allowing a single examiner advanced mobile insight, and vital
Windows® computer data, with Mac OS support on the horizon. If your case requires advanced, in-
depth analysis of Windows and Mac OS machines, Inspector is the right tool for you.
Q: Will Inseyets.PA automatically process backups found on a computer image?

No. The decision was made to not process backups found in a Windows image (such as an iTunes
backup) as part of the computer data. This decision was made to simplify examinations.
If you would like to parse the backup data, you must extract the backup files and process it as a
separate device.
Q: Will Inseyets.PA allow for the review of Mac data?
The current version of Inseyets.PA only supports Windows data from e01, .l01, .vmdk and .bin files.
The computer data roadmap for Inseyets.PA includes supporting a complete, case driven
intelligence picture of different digital data sources. If you want to parse macOS, please use
Inspector.

Cellebrite Inseyets Physical Analyzer Release Notes 10.3

Uploaded by

Copyright:

Available Formats

Cellebrite Inseyets Physical Analyzer Release Notes 10.3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cellebrite Inseyets Physical Analyzer Release Notes 10.3

Uploaded by

Copyright:

Available Formats

Release Notes

July 2024 | Version 10.3

Product Release Date 2024-07-17

Revision Date 2024-07-25

2. What's New in Inseyets.PA Version 10.3 5

2.1. Python (Beta) 5

2.2. Introducing Our New Cellebrite Assistant! (Beta) 5

2.3. Performance Improvements 6

2.4. Warrant Return Automation Tool 7

2.5. Complimentary Reader Training 8

2.6. Learning Hub 8

2.6.1. Key Features: 8

2.6.2. Main Areas: 8

2.6.3. Video Labels: 8

2.7. Chat Activities (Recipients) 8

2.8. Hex Tags 9

2.9. Decoding Incremental 9

2.9.1. Downloading & Installing 9

2.9.2. Rolling Back 10

2.10. UFED to PA Streamline 11

2.11. SDL Translation Engine Update 8.6.3 11

2.12. Offline Maps 11

3. Decoding Engine Version 11.1,11.2 & 11.3 12

3.1. Updated Decoding Capabilities 12

3.2. Update Parsers 14

Cellebrite Physical Analyzer Release Notes Version 10.3 2

5.1. Packaging and Documentation 22

5.2. Packaging and Delivery Information 22

5.3. Software Components of Inseyets 23

5.4. Related Documentation 24

6. Features Included in Inseyets Core and Pro Licenses 25

8. Supported Environments and Compatibility 29

8.1. Installation Suggestion and Specification Recommendations 29

8.2. Support for Virtual Machines 34

9. Supported Central Processing Units (CPU) 35

10. Supported Graphics Processing Unit (GPU) 36

10.1. What Does a GPU Do? 36

10.2. How Does Cellebrite Use the GPU? 36

10.3. Supported GPUs 37

11. Support for Application Languages 38

12. Feature Comparison — Inseyets.PA 10.x vs PA 7.x 40

13. Feature Modifications 44

14. Inseyets.PA FAQs 46

14.1. Before you Start 46

14.2. Manage your Case Data 47

Cellebrite Physical Analyzer Release Notes Version 10.3 3

Revision Date Sections Revised Descriptions of Revisions

2024-07-17 New Release See all content

Cellebrite Physical Analyzer Release Notes Version 10.3 - 2024-07-17 4

2.1. Python (Beta)

2.2. Introducing Our New Cellebrite Assistant! (Beta)

To activate this Beta feature, contact support@cellebrite.com

Cellebrite Physical Analyzer Release Notes Version 10.3 - 2024-07-17 5

We’ve made significant enhancements to our software in performance:

UFDR Reports: Fixed an issue to reduce the size of UFDR reports.

Telegram Extractions: Enhanced the opening of large Telegram data sets.

These updates aim to streamline your experience and boost productivity.

Cellebrite Physical Analyzer Release Notes Version 10.3 - 2024-07-17 6

Cellebrite Physical Analyzer Release Notes Version 10.3 - 2024-07-17 7

2.6. Learning Hub