Content

SC Lab Approved: One Year Later: Cellebrite UFED Analytics

We heard a law enforcement officer being interviewed on TV say that social media was law enforcement's best friend. In fact, the Supreme Court, in Riley v. California, opined that "90 percent of American adults who own cell phones keep on their person a digital record of nearly every aspect of their lives." The Court decided that warrantless searches of mobile devices followed the same rules as other warrantless searches, largely due to privacy concerns. The moral? Get a warrant. Then search all you want (within the bounds of the warrant, of course).

From the information on mobile devices, home computers and in the social media cloud from Facebook, Twitter and a whole batch of others, an investigator can draw a very accurate profile of an individual and that person's habits, companions and movements. Maybe. The key to success very likely will lie in your ability to cross-correlate a myriad of apparently disparate data points. Every crime is a story with plots, sub-plots, characters, etc. Unraveling all of that information is the only way to tell the full story.

We've all heard tales such as the one about the pot growers who took selfies of themselves with their weed crop that were date/time stamped. Extracting the data from the mobile phone gave the GPS coordinates and from there it was "game-over." While that seems - and, actually, is - pretty simple, it is not the norm today. Today there is a large collection of evidentiary data for any case and it's splattered all over devices and clouds. How does one deal with that?

There are two pieces to the solution of this puzzle. First, you need to extract data from appropriate sources. That in itself can be a daunting task - with lots of warrants. Data may sit on laptops, cell phones, tablets, in the social media clouds, in cloud storage unrelated to social media, etc., ad nauseam. Once the data are discovered and extracted - and this can be a crap-shoot as well since you may only suspect that data you need are residing in a particular place - it is likely that you are facing an analytical mare's nest or, at best, a search for a needle in a pile of needles.

The UFED Analytics suite solves half of the problem and the collection of other UFED tools solve the other half. UFED analytics combines a number of analytic techniques, such as link analysis (one of our favorite workhorses in the SC Labs) with the ability to work across groups of investigators with disparate cases that may or may not be linked and to then provide centralized storage for evidence.

Within the UFED Analytics suite there are three components: Desktop, Workgroup and Enterprise. The main difference among these three is how they are used. You can select an individual investigator (Desktop), Groups of up to 50 users, or a complete, unified, mobile forensics workflow (Enterprise). In those cases where one of the multiuser products is the choice, cross-correlation of data points is between analysts as well as within the data collection itself.

This assumes that the analysts, working with investigators, are collecting, categorizing and decoding evidence for sharing within the group. This likely is the only practical way to attack a very complex case with dozens of actors and victims, thousands of data points (pieces of evidence) and hundreds of data sources.

In the SC Labs, we use the tool as a quality control system when preparing those product reviews that include interaction with mobile devices or social media analysis. While this is not standard investigative fare - we have done that in the past, of course - it is an excellent example of tying together a lot of data into a neat bundle that answers the important investigative questions: who, what, where, when, why and how.


Product UFED Analytics

Company Cellebrite

Price Depends on configuration.

What it does Mobile analytics supporting Cellebrite extraction tools for individual forensic analysts, workgroups and enterprises.

What we liked UFED Analytics works the way forensic analysts work. Given a collection of mobile and mobile-related data, the UFED makes the connections - "connects the dots" to enable the disparate parts of the investigation to fit together in a coherent whole.

The bottom line It really does not matter what your mobile device forensics requirements are. If you are doing anything but the most rudimentary analysis you need the Cellebrite suite. From data collection - device, cloud, etc. - to advanced analytics and group collaboration, this is a complete mobile forensic platform that can handle just about anything you throw at it. SC Lab approved for one more year.

Product title
SC Lab Approved: One Year Later: Cellebrite UFED Analytics
Product info
Name: Cellebrite UFED Analytics Enterprise Platform Description: Very comprehensive feature set, solid analytics and well-thought-out user interface. Price: Depends on configuration.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.