Cellebrite’s Advanced Endpoint Collection Capabilities Provide a New Vision For Solving Enterprise Investigation Challenges
Editor’s Note: This is Part 2 of a two-part series. Check out part 1 here.
Enterprise worldwide has undergone a massive transformation in the last year as businesses scrambled to move from an office-centered environment to a remote workplace. This transition has been followed by a rapid increase in enterprise-related crimes as both employees inside and cyberattackers outside have stepped up their efforts to defraud businesses.
Deloitte suggests, cyberattacks alone are costing companies millions of dollars in “above the surface” incident costs (technical investigations, customer breach notifications, regulatory compliance, attorney fees, and security improvements) and “beneath the surface” hidden costs (insurance premium increases, impact or destruction of operations, loss of contract revenue, devaluation of the trade name, loss of intellectual property).
Add to this the increased revenue losses due to employee misconduct, fraud, and IP theft, and it’s easy to see why enterprises are spending vast sums to protect themselves. Research And Markets projects, “The eDiscovery market size is expected to grow from USD 10.76 billion in 2018 to USD 17.32 billion by 2023.”
Not surprisingly, there has been a dramatic increase in the percentage of IT service teams supporting e-discovery operations, as businesses move to stop the losses and shore up security. Exterro reports “Compared to last year, there’s been a five-fold increase in the number of teams with a dedicated IT services group assisting legal departments, up to 60% this year from only 11% last year.
As businesses seek solutions to mitigate risk, the remote collection of data remains the biggest challenge. With the acquisition of BlackBag Technologies one year ago, Cellebrite is now able to offer a total enterprise solution that answers this challenge.
By integrating BlackBag’s capabilities in computer data collection across their entire portfolio, Cellebrite has been able to relaunch existing products with powerful new capabilities while bringing entirely new offerings to market for the enterprise category, providing businesses with the unmatched ability to collect data from any type of device—anywhere, anytime.
A New Vision
We want to own the ability to access devices no matter where they are, and then be able to do the targeted collection that they [enterprise] need to be able to do.
Unlike law enforcement, which wants to look at all of the data, enterprise investigations need to focus on highly targeted data collections. Enterprise needs the ability in their workflow to not over-collect beyond what the court has said that they can collect. So, you need to give them that ability in their workflow upfront, to be able to say, “Okay, I want to restrict my collection to this,” and to be able to produce it.
To meet this challenge, Cellebrite has introduced a trio of Digital Intelligence tools that provide enterprise investigators with a one-stop-shop for data collection.
Formerly MacQuisition, Digital Collector, now offers powerful data collection capabilities for both Apple and Windows platforms to assist enterprise investigations in key areas including employee misconduct, eDiscovery, and IP Theft.
Digital Collector’s powerful capabilities allow investigators to:
Recover Data from Windows and Mac Computers
- This single tool saves time, streamlines workflow, and gains actionable intelligence faster
- The only forensic solution on the market today that does live and dead box imaging for Windows and Mac
- Do quick triage and analysis, on-scene or in the lab
- Determine if relevant data exists prior to imaging
- Browse through files and folders of the device and any connected storage
- Search for data on devices with advanced search features
- See file previews of images on Windows computers and all file types supported by Mac computers
- Select files and folders to collect while triaging with the Browser and Search views
Perform Targeted Data Collection
- Selectively acquire email, chat, address book, and other data on a per-user, per-volume basis
- Create physical images of Macs with the Apple T2 chip
- Target and forensically acquire files, folders, and user directories while avoiding known system files and other unneeded data
- Authenticate collected data using any or all MD5, SHA-1, or SHA-256 hash functions
Collect From Live systems
- Capture RAM, volatile memory, and targeted collections live on Catalina
- Capture important live data such as Internet, chat, and multimedia files in real-time
- Save live collections to a forensically-sound destination device
Create Forensic Images
- Support for imaging APFS Fusion drives
- Automatically recognizes a combined volume from a Fusion Drive and presents it for imaging
- Decrypt FileVault 2 volumes if the password, Keychain file, or recovery key is provided, and then mount the volume as read-only to allow triage, collection of specific files, or imaging
- Write-protect source devices while maintaining read-write access on destination devices
Complementing Digital Collector is Cellebrite Inspector. This solution allows investigators to quickly analyze data on digital devices to shed light on user actions, locate images, or find conversations to reveal endpoint intelligence. Specific capabilities include:
Comprehensive Analysis from Windows and Mac
- Enables the in-depth analysis of computer volumes to shed light on user actions and surface leads
- Advanced search and filtering capabilities provide best-in-class analysis for computer data
- Supports the latest systems including T2 chip, Fusion, and encrypted devices
- Review history in APFS Snapshots and Time Machine backups
- Display and Search Spotlight metadata
- Review network connections, recent documents, user activity, and more
- Review device history from Microsoft Volume Shadow Copies
- Built-in Windows Memory and Windows Registry analysis
- Automatically parse account information, recent documents, downloads, recycle bin, USB connections, and more
UFED iOS and Android Extraction Support
- Easily view message conversations
- View location data information for pictures
- Report on all device messages, applications, or contacts with simple report options
The third part of the enterprise investigation solution is Cellebrite Pathfinder, a comprehensive and scalable solution that automatically surfaces formative leads, and allows investigators to discover connections that might be missed by the human eye in the critical hours of an investigation.
Cellebrite Pathfinder allows investigators to:
Visualize The Journey Of Suspects And Victims
- Automatically generate visual case reports and target packages for key stakeholders.
- Collaborate as a team with an integrated solution available to everyone in the organization.
Scale Up or Down
- Infrastructure designed to scale infinitely, along with extended add-on capabilities.
Integrate With Your Existing Ecosystem
- Open architecture integration with third-party software and data lakes using a comprehensive set of APIs.
Provide Built-In Business Continuity
- Secure your operations with capabilities for high availability, backup, and recovery.
With our smart collection capability, not only can we pull the data from devices all over in the myriad of ways that we’ve talked about, but we can smartly collect from those endpoints and not have to just dump everything.
Looking ahead I see a number of additional solutions for the enterprise that will soon be available from Cellebrite.
Cellebrite Mobile Elite is an intelligent solution that empowers corporations and service providers with lawful access to the majority of locked iOS and Android devices.
Cellebrite Mobile Collection is a remote solution that provides enterprises with the ability to perform remote selective collections to get the most data from the device, from anywhere at any time.
Cellebrite Remote Computer Collection is a collection solution that provides corporations and service providers with the power to remotely gather data on endpoints without having to be in physical contact with the device. This is performed through preloaded software on their computer (MAC or Windows), at any time from anywhere.
Cellebrite Legalview is an eDiscovery solution that enables corporations and service providers to seamlessly upload computer and mobile data directly into their review platform.
Customized Enterprise Solutions
Until now, enterprises have been forced to use solutions designed for law enforcement investigations. Cellebrite is reinventing enterprise investigative solutions by customizing tools specifically for the private-business sector.
Enterprise has different use cases, different workflows. And we are pushing hard to adapt our products specifically to their use cases, not to something where they have to take a law enforcement use case and try to make it work with what they’re doing.
We have the ability to provide enterprises with solutions that can deal with all of their endpoints, in ways that no other vendor can, and bring all of that together so they can understand what is going on in their business.
To learn more about how Cellebrite’s enterprise solutions can streamline the investigative workflow for your business, click here.
About the Author: As General Manager, Enterprise Solutions at Cellebrite, Ken is a seasoned executive and 20-year veteran of law enforcement and computer forensics. He brings knowledge, trusted business experience, and the proven leadership ability needed to promote the mission and unique culture of Cellebrite.
An expert in the fields of IT, digital investigations, and law enforcement, Ken deeply understands the customer point-of-view, and this helps guide him in the management of the company’s private sector business unit. Prior to joining Cellebrite, Ken was CEO at BlackBag Technologies until its acquisition by Cellebrite, and also Senior Vice President of Product Engineering for Guidance Software.
During his over 20-year tenure in the private sector, Ken held executive roles in engineering, training, information technology, and professional services, and in his current role, Ken is responsible for all aspects of the private sector business for Cellebrite.
Editor’s Note: This is Part 2 of a two-part series. Check out part 1 here.