Ever since early man put his handprints on the wall of a cave, humans have left a traceable trail of identifiers (evidence) behind. Nowhere has the identification of the suspects behind these trails been more sought after or tested than in the investigation of crimes. From fingerprint matching to hand-writing analysis to DNA testing, law enforcement has continually sought new ways to identify the guilty and exonerate the innocent.

Today, identifying suspects in crimes is most easily done through the analysis of digital evidence. With smartphones now the primary evidence source in 96% of investigations*, developing ways to lawfully access data from mobile devices has become critical in accelerating justice.

With mobile devices turning up in almost every case, examiners need solutions to lawfully access the data on these devices to protect and save lives. Cellebrite’s UFED and Premium ES solutions are the answer. (Source: Shutterstock)

As the global leader in Digital Intelligence solutions, Cellebrite has been at the forefront of providing law enforcement investigators with the tools to gain actionable intelligence for more than 20 years. (Digital Intelligence is the data collected and preserved from digital sources and data types [smartphones, computers, and the Cloud] and the process by which agencies collect, review, analyze, manage, and obtain insights from this data to run their investigations more efficiently.)

Long before the introduction of the first UFED (Universal Forensic Extraction Device), Cellebrite was leading the way with the development of solutions for transferring data from cell phone to cell phone when someone traded in or upgraded their device.

UFED Becomes the Industry Standard

In 2007 Cellebrite founded its Mobile Forensics Division and introduced Cellebrite UFED, which changed the mobile forensics world forever. With UFED, investigators now had the ability to extract both physical and logical data from mobile devices. This included the ability to recover deleted data and decipher encrypted and password-protected information.

“UFED is kind of the king of mobile. Everyone relies on UFED. People know they need it in their lab and it’s odd to find someone who does mobile forensics that does not have Cellebrite in their toolbox.”

Since its introduction, UFED has become the industry standard for lawfully accessing and collecting data, with thousands of units deployed globally. And UFED’s have been used in over 5 million investigations worldwide.

“UFED is kind of the king of mobile,” says Senior Director of Digital Intelligence, Heather Mahalik, “Everyone relies on UFED. People know they need it in their lab and it’s odd to find someone who does mobile forensics that does not have Cellebrite in their toolbox.”

“I actually had one of the very first UFEDs, as a customer, and these were for old Nokia phones, feature phones, like the Razr. This was before touch screens. If you think about it, it’s crazy to think we actually had push buttons on these phones. They weren’t smartphones. You were lucky if you could record a video on your phone.”

UFED has become the industry standard for lawfully accessing and collecting data. (Source: Cellebrite)

“UFED used to be very basic and phones were easy then,” Heather continued. “Now, phones are getting complex. “Premium came along and provided additional access to the most recent and harder-to-access devices due to encryption, locks, and other protection mechanisms put in place by the manufacturers. It’s as if you’re looking at the evolution of man. As humans become more complex, so do phones. Premium gets you into those most complex devices… But some people still need the basics, so you really need both to have everything.

“[In a way,] UFED helped structure how digital forensics or DI is working,” Heather continued. “It placed the fundamentals of the extraction, of the logical, of the reporting, and drew all those pieces together. Cellebrite also tied it all together and put training and certification on top of it to tell the entire story, and really pushed the industry to standardize the entire process.”

Since then, mobile security installed by manufacturers has been steadily increasing, but around three years ago it became a really crazy race. Each year, the security has been different from the previous year. And everything became more challenging: researching capabilities, lawfully collecting data, and protecting it. So we came out with Cellebrite Premium, which was designed to maintain lawful access for law enforcement agencies while protecting IP.”

“The introduction of Premium Enterprise (ES) is now another huge leap forward, allowing examiners to handle access to locked and encrypted devices while easily integrating into the lab workflow.”

Premium Enterprise (ES) Brings Scalability and Advanced Access Capabilities

With the advent of more complex devices that now hold far more data than previous models of just a year ago, labs are finding themselves overrun by skyrocketing numbers of encrypted devices being submitted for data collection.

“Clearing the hurdle with locked devices became easier with Premium,” Heather said. “You’re able to extract the richest sets of data in your lab, versus having to rely on others to get you access.”

The introduction of Cellebrite Premium Enterprise (ES) is now another huge leap forward, allowing examiners to handle access to locked and encrypted devices while easily integrating into the lab workflow.

To access the toughest locked and encrypted devices (including high-end Android and iOS devices), Cellebrite recently introduced Premium ES to reduce time to evidence, boost agency productivity, maintain the chain of evidence, and manage an agency’s entire UFED Fleet. (Source: Cellebrite)

Key Benefits of Premium Enterprise (ES) include:

  • Enabling Every UFED Unprecedented Advanced Access and Scale: Performs unlock and full-file-system for leading iOS and Android device models running the latest operating systems to accelerate advanced access to critical data and allow agencies to scale with a flexible enterprise-grade solution.

  • Increased Productivity: With each authorized UFEDs’ access to the Premium server, digital forensics labs can now perform more device collections and accelerate investigations by empowering every UFED endpoint with Premium capabilities.

  • Maintaining the Chain of Custody and Keeping Evidence Intact: Access to the Premium ES server over the network eliminates the need for data to be transferred to a secured lab, helps preserve the chain of evidence, and improves how agencies manage their Cellebrite UFED fleet.

  • Centralizing User and Fleet Management: Deployed with Cellebrite Commander, agencies can limit access data and UFED devices, creating the ability to have an audit trail and monitor the distribution of all Premium ES actions on a simple centralized dashboard; this improves operational efficiency, maintains security and transparency, and helps agencies get closer to a digital policing infrastructure.

“When we think about this from the examiner’s point of view,” Heather said, “they need to deal with more applications, more data sources, and they need to handle more data. The standard storage today on the iPhone is 128GB of data, and I’m putting aside the iCloud that you have as a backup to it, which is probably 200GB or maybe more. Think about how vast this data set is. Two years ago, it was 32GB, then it became 64GB. Now it doubled itself in a year. And it will keep doubling, or even multiplying by four or more times.” Dealing with this much data is causing huge problems.

“Examiners need a solution that allows them to extract the data they want (selective extraction) in the least amount of time from as wide a range of devices as possible including encrypted Android and iOS devices.”

“With Premium Enterprise, you don’t need to move it to the other main lab or wait until Premium will finish. You can process everything faster, at least on the extraction side. You don’t have to wait until the extraction machine is finished. You can process it and send it to the next in line because you have more advanced access end-points.”

“The key to solving the encrypted apps [challenge] is in the extraction level,” she continued. “If you’re providing a full-file-system [extraction], you’ll get the keys for the encryption. If you don’t have a full-file-system extraction, you probably won’t get the keys. Therefore, you will have spent a lot of time on the extraction, but you won’t be able to decode the application. Consequently, you won’t find the evidence.”

“Premium allows you to access the device, (get the keys), and later on also do the selective extraction. Selective extraction is even more powerful because it’s going to save a lot of time extracting only the WhatsApp [data], for example. So from hours, you can often [bring the extraction time] down to minutes.”

As part of Cellebrite’s Digital Intelligence Investigative Platform, Cellebrite Premium ES, is designed to modernize investigative workflows for agencies of all sizes.

To learn more about Cellebrite Premium ES and how it can help your team reduce backlogs and get to actionable intelligence faster, click here.



* Cellebrite Digital Intelligence Benchmark Report 2021

Share this post