Handling Android Devices with the Latest Innovations in Cellebrite UFED
The mobile forensics landscape has shifted dramatically over the last years with the rapid distribution and adoption of new Android Operating System updates and Android-powered devices. With frequent updates come generation leaps in operating system security that can feature commodity hardware-enabled encryption.
The simultaneous usage of old and new Android OS’s (Fig. 1) can be used on several devices belonging to one person. This presents a situation where multiple formats and techniques must be used to build a single digital profile and communication history of a person of interest.
Figure 1: Mobile & Tablet Android Version Market Share Worldwide – March 2019
This dynamic OS ecosystem of software and hardware innovation has created a reality where many investigators and examiners must constantly overcome new challenges when trying to access and extract potential digital evidence. The difficulty is especially compounded when dealing with locked devices.
At Cellebrite, we are dedicated to researching and developing extraction technology designed to exploit vulnerabilities in device software. By applying the mechanics of vulnerability research to the digital forensics field, we create unmatched innovative solutions. Additionally, data modification or persistence is avoided as forensics soundness of digital evidence is retained.
Opportunities arising with the publication of security bulletins in iOS or Android are constantly evaluated on whether they can be exploited reliably in forensics scenarios. As part of this ongoing effort, we recently released LockPick, a new digital forensics method that can unlock hundreds of devices running modern Android OS versions.
When the LockPick method is completed, the mobile device will reboot once and the Lock Screen will be eliminated. This may sound like a simple process, but actually requires a lot of attention to detail across a vast variety of supported devices and Android OS versions. Our ability to swiftly research, develop, test, and release such generic solutions help create one of Cellebrite UFED’s greatest benefits. We endeavor to always bring cutting-edge capabilities, often years before others, to the digital forensics community.
The newest LockPick capability since Cellebrite UFED 7.15, allows investigators and examiners to automatically bypass even more locked Android devices with expanded support for vendors including Samsung, LG. Motorola, Sony, and Xiaomi. We are proud of the fact that LockPick is making a huge impact on some of the toughest cases in the DFIR community.
With the extensive experience and skillset we have here at Cellebrite, you can expect us to continue leading in this domain.