SIMPLIFYING THE COMPLEXITY
OF MOBILE DATA FORENSICS
Extract the Insights that Focus Investigations
THE CHALLENGE
As the Importance of Mobile Evidence Grows, the Need
for New Tools and Capabilities Take Center Stage
Mobile digital data. It’s defining the outcomes of criminal cases and putting growing pressure on forensic examiners to extract, filter, analyze and share insights quickly. The volume and complexity this data now represents has stretched forensic labs beyond their capacity. Multiple device types per suspect, victim and crime only complicate matters further. With demand for mobile data only accelerating and device backlogs building, your operations have reached a critical tipping point.
The challenges are daunting. Managing rapidly evolving device types, encryption methods and operating systems becomes nearly impossible without the right tools. As does accessing critical new cloud data sources and sifting through mountains of data now generated by each device. Roadblocks and red tape abound. Uncooperative providers, lengthy legal processes – including MLAT for international search warrants – make obtaining private and cloud-based data an ongoing challenge. The ability to extract deeper insights and visualize key connections quickly, will help unlock the intelligence of mobile data to unify investigative teams, speed investigations and produce evidence you can stand behind.
THE SOLUTION
Cellebrite’s UFED PRO Series
Our innovative UFED PRO components deliver the most comprehensive mobile forensics extraction and decoding capabilities in the industry. With more data now residing outside mobile devices, examiners can’t risk missing critical, time-sensitive evidence. Our solution uncovers the deep insights needed to accelerate investigations and streamline workflows. Unified data flows seamlessly between tools so forensic examiners and investigators don’t have to spend valuable time requesting information from numerous service providers, and then manually collating and merging multiple data formats. Flexible, scalable and secure, unique tools allow forensic examiners, in all lab environments, to access and import data from the widest variety of mobile and GPS devices, as well as from private cloud data sources and mobile operators.
To turn information into timely, actionable intelligence requires easy-to-use analytics. The strength of the UFED PRO Series comes from its ability to simplify complex analytical tasks. Robust analysis, advanced visualization and reporting tools allow examiners to organize, search, map and carve data easily to find patterns and reveal meaningful connections between one or numerous subjects. The UFED PRO platform features industry trusted tools and analysis capabilities that allow users to:
Bypass user locks, recover application data and reveal deleted data Extract and decode rich sets of encrypted and non-encrypted data while
ensuring extractions are performed in a forensically sound manner via proprietary read-only bootloaders:
Calls, SMS, MMS, Media, emails, calendar and contact files Location information decoded from apps, GPS, cell towers, Wi-Fi
networks and media files
Application data and private user cloud* data
(*requires UFED Cloud Analyzer)
Validate recovered artifacts with a unique evidence verification engine Narrow the results using search and advanced filters
Utilize a rich set of analysis capabilities including timeline, project analytics, watch lists, malware detection, language translation and more
Generate and share easy-to-read, custom reports in different file formats
2014 Cellebrite Customer Predictions Survey
THE DATA
SOURCES THAT
MATTER MOST
95
%
MOBILE DEVICE ITSELF45
%
WIRELESS/ CELLULAR PROVIDERS59
%
THIRD-PARTY APPS32
%
CLOUD PROVIDERSDevice Backlogs Continue to
Challenge Lab Operations
Nearly 80% of respondents report some level
of device backlog in the last year; 44% of those
lasting 1 to 12+ months.
Source: 2014 Cellebrite Customer Predictions Survey
of Cellebrite customers stated
service providers’ non-compliance
with legal process is a challenge
POWERFUL COMPONENTS MAKE THE UFED PRO SERIES
THE INDUSTRY GOLD STANDARD
The strength of the UFED PRO solution lies in the sum of its impressive parts.
Whether leveraged individually or together, they help examiners collect, protect and
act decisively on mobile data with the speed and accuracy a situation demands –
without ever compromising one for the other.
Our most robust offering for lab forensic specialists, UFED Pro CLX integrates UFED Ultimate, UFED Cloud Analyzer and UFED Link Analysis into one powerful solution. UFED Ultimate enables the physical, logical and file system extraction of all data and passwords – even deleted – from the widest range of mobile phones, portable GPS devices and tablets. UFED Cloud Analyzer provides real-time access to private cloud-based data, saving time in having to acquire it from service providers like Facebook, Twitter, etc. Armed with intuitive UFED Link Analysis, examiners can rapidly import, normalize and organize disparate data, including third party data, from one or more devices into a unified view. Empowered with robust search, filter and dynamic graphic capabilities, including timeline and map-based views, examiners can quickly uncover common connections and correlate critical evidence that can help solve cases faster.
Time is the enemy of criminal investigations. Device backlogs of any length put criminal cases in jeopardy. With UFED Pro LX, forensic professionals can spend more time analyzing data and less time collecting and normalizing it from a variety of locked and unlocked mobile devices. By combining the in-depth extraction and advanced decoding capabilities of UFED Ultimate and UFED Link Analysis, users can effectively mine and efficiently organize, search, filter and carve visible, hidden and deleted data to identify patterns and visualize connections. Designed to shorten investigation times, the task-flow oriented interface reduces the complexity of distilled data and turns raw mobile data into actionable intelligence.
A police officer pulls over a suspect driving a recently reported stolen car. He identifies the driver
as a suspected gang member and makes an arrest, seizing both his phone and tablet. In the lab, an
examiner uses UFED PRO CLX to access deleted texts uncovering boasts about stealing not only this
car, but three others. UFED Cloud Analyzer reveals Facebook posts showing the suspect in front of the
car and details about the “take”. Unified data extracted from both devices uncover communications
between a number of people, both known and unknown to police. UFED Link Analysis reveals
connections to these suspects and highlighted case related data, indicating involvement in an even
larger city-wide auto theft ring.
A state trooper stops a suspicious van for a moving violation. Noting the nervous behavior of the
driver and facial bruises on the teenage male occupants, the officer is immediately concerned. After
detailed questioning, the driver confesses to not knowing the boys and the officer arrests him and
seizes his phone. Using UFED PRO in the lab, it’s determined that the driver was in route to transfer
his passengers to various locations in a five-state area. Six of the passengers were identified as
victims of human labor trafficking. UFED Link Analysis identified multiple common connections,
uncovering an even larger nationwide trafficking ring and providing actionable leads for federal law
enforcement to pursue.
UFED Pro CLX
UFED Pro LX
UFED PRO AT A GLANCE
With warehouses of mobile device and cloud data being created daily, forensics examiners need fast and efficient ways to tap into and unify data sources when a situation demands. The UFED Pro Series is designed for forensic examiners and investigators who require the most comprehensive mobile data extraction and decoding support available. Key solution components include:
UFED Ultimate
UFED Ultimate enables the physical, logical and file system extraction of all data and passwords – even deleted – from the widest range of mobile phones, portable GPS devices and tablets. The powerful combination of proprietary boot loaders, UFED Physical Analyzer, UFED Phone Detective and UFED Reader, enables advanced decoding, mobile phone detection, data analysis and reporting every time.
UFED Cloud Analyzer
UFED Cloud Analyzer provides forensic practitioners with real-time extraction, preservation and analysis of private social media, file storage or other cloud-based account content. This unique application automatically collects both existing cloud data and metadata, and packages it in a forensically preserved manner making it easy to report relevant intelligence, and export to other advanced analytical tools.
UFED Link Analysis
UFED Link Analysis immediately identifies common connections between multiple devices and disparate data sources to generate leads and uncover actionable insights from existing call logs, text messages, multimedia, applications and location data. Advanced visualizations allow users to see connections and case-related data in a unified view, and search and filter data based on date and time stamps, communication methods, location types and distance.
Extract Insights to Focus Investigative Efforts
The ability to dig deeply into on and off-device data sources is now a critical operational imperative. Texts, call logs and photos are only the tip of the iceberg. Our comprehensive toolset makes it easy for examiners to quickly and effectively access and analyze a variety of cloud, operator and third-party data sources never before possible. No Facebook or Twitter post gets left behind. Advanced capabilities bypass device user locks, decrypt encrypted data from rapidly changing device operating systems and recover texts, deleted emails, location details and account profile data. Coupled with pre-qualified device data evidence from the field, the deeper insights UFED PRO generates brings the focus required to speed investigations.
Unify Disparate Data to Visualize Critical Connections
Big data continues to get bigger. Device backlogs grow longer. Without the right solution in place, already taxed forensic labs will be drastically overwhelmed with cases. UFED PRO normalizes raw, disparate mobile, cloud and operator data (including third-party data) into a unified format, for quick analysis and can easily integrate with other big data analytical tools when needed. The ability to search, analyze and cross-reference large data sets in a simplified, consistent and visual format, brings key insights into view quickly for immediate action by investigators.
Identify Evidence you can Stand Behind
Mobile data evidence continues to provide prosecutors with the smoking gun in criminal investigations worldwide. UFED PRO delivers the relevant context examiners and investigators need to see the big picture and all the critical connections that define it, drastically reducing case cycle times. Robust reporting capabilities document every action and make it easy to share critical intelligence with supervisors, command leaders, attorneys and other outside agencies. Our proven, repeatable forensic process ensures the integrity of collected evidence and empowers personnel to testify with confidence about the tools and processes used to uncover it.
GOAL
1
GOAL
2
GOAL
3
UNLOCK THE INTELLIGENCE OF MOBILE FORENSIC DATA
AND SPEED INVESTIGATIONS
© 2015 Cellebrite Mobile Synchronization LTD. All rights reserved.
www.cellebrite.com
[email protected]
About Cellebrite
Cellebrite is the world leader in delivering cutting–edge mobile forensic solutions. Cellebrite provides flexible, field–proven and innovative cross–platform solutions for lab and field via its UFED Pro and UFED Field Series.
The company’s comprehensive Universal Forensic Extraction Device (UFED) is designed to meet the challenges of unveiling the massive amount of data stored in the modern mobile device. The UFED Series is able to extract, decode, analyze and report data from thousands of mobile devices, including, smartphones, legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets. With more than 30,000 units deployed across 100 countries, UFED Series is the primary choice for forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery.
Founded in 1999, Cellebrite is a subsidiary of the Sun Corporation, a publicly traded Japanese company (6736/JQ)
To learn more, visit
A DYNAMIC NEW
MODEL FOR WHAT
COMES NEXT
It’s a brave new digital frontier. With the average person relying on up to three mobile devices to manage their personal and business lives, terabytes of potential evidence hide in plain sight. As a forensic examiner, it’s your job to dive deeply into rapidly changing device operating systems, file types and complex, data warehouses to find the critical connections that help law enforcement and enterprises successfully prove innocence or guilt; successfully close criminal cases. Missing potential evidence simply isn’t an option -- nor are backlogs of any kind. Best-in-class solutions like the UFED PRO Series help create a new, more effective operational model. One that will help simplify the complexity of mobile data to focus insights, reduce backlogs and deliver forensically sound evidence you can stand behind.
