Cellebrite UFED Touch Ultimate
May 01, 2013
Starts at $10,000
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: This device is easy to use, fast, portable and powerful.
- Weaknesses: A bit pricey for smaller organizations. Could use a direct export to a media forensic format, such as dd.
- Verdict: This device for mobile forensics is unsurpassed for use in the field. For mobile device forensics we designate this Recommended.
The Cellebrite UFED Touch Ultimate is a fully equipped mobile forensic tool that enables quick and easy data acquisition from more than 8,000 mobile devices, including not only cellphones, but handheld GPS units, tablets and other mobile platforms. The list of supported devices is constantly growing (and posted on Cellebrite's website). The tool can not only take data from phones, but also directly from a SIM card. This system allows the user to attach the device being examined and quickly extract data by either selecting the device or allowing the system to auto-detect the device.
When we received our UFED Touch Ultimate, we were able to power it on right away. As the device powers on, the familiar Windows XP splash screen is engaged. The UFED Touch program is automatically configured with the XP OS. The main menu of the UFED Touch Ultimate is straightforward giving the choice to perform logical and physical extractions, as well as SIM extracting and copying. Another feature is the ability to extract passwords from mobile devices. The device also comes with powerful and easy-to-use analytic software that generates full forensic reports. The solution has the ability to carve images from physical, as well as logical extractions. The extent of the data recovery available may be limited based on the mobile device being examined. Some units, such as iOS devices, do not keep deleted artifacts as do many lower quality phones. For many phones, the tool can bypass or extract passwords or PINs.
While the tool has a fair number of export formats - e.g., formats that allow link analysis - it does not export directly in a media forensic format - e.g., e01, dd and more. That makes it simple to add data to a computer/media forensic case analysis. That limitation does not, however, detract from the UFED's power in the field, its ease of use and speed of extraction. As a field tool, the UFED Touch Ultimate is unsurpassed.
The offering has a long battery life and can charge from the 12-volt adapter in a car, as well as AC wall power. The availability of a mobile charge is one of the many features that make this unit ready for field use. The product comes with a rugged rubber case protecting it from any potential physical harm. The case also comfortably holds all the necessary peripherals. When doing mobile extractions to the included USB flash drive, we experienced logical extraction times ranging from two to 15 minutes depending on the device being examined. For a physical extraction, the times ranged from 20 to 45 minutes. In both cases, the battery life of the unit had plenty of juice to spare after taking images of the phones.
This package of hardware and software could go for far above its listed price point. Having one tool that can extract data as easily and efficiently as does the UFED Touch Ultimate is an advantage to any forensic team. Allowing this technology to be as portable as this extends its functionality and practicality. The portability of the device is what we believe will make it the most essential tool in any mobile forensic teams' kit. All in all, UFED Touch Ultimate is an essential device for mobile forensics in the field. It is well worth the cost.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Cisco shedding 7% of its workforce
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought