Cellebrite is known as the biggest mobile forensics technology company in the industry. The Israeli-based company has contracts with thousands of agencies worldwide to extract information from smartphones and other computing devices. Most of the kinds of information – and what devices it can’t crack – is privileged to the investigators cracking the phone of a criminal or a victim.
But a series of extraction reports were leaked to reporters at the website ZDNet, and some were published online this morning.
The images published in the story showed the total information amassed from an iPhone 5 running iOS 8 – and without a passcode enabled.
The UFED devices appears to have collected everything from the device – including deleted text and multimedia messages, deleted call log items, and even deleted cookies from browsing.
The geolocations amassed from the iPhone’s data shows dozens of pinpoints on a Google Map, extending from the San Bernardino National Forest east of Los Angeles, all the way south across the border to the Mexican city of Tijuana.
A series of text messages showed a conversation in August 2013. It also shows every time the phone connected to Wi-Fi networks, in various hotels and airports.
Shopping lists for household items were pulled from the phone, as well.
The extraction was a “logical” one – meaning it was the simplest way of taking the information from a subject device, as Cellebrite experts had shown in a demonstration for Forensic Magazine last year in their Parsippany, N.J. offices.
The law-enforcement agency as identified as the Riverside Sheriff’s Office in California – and the location was the Lake Elsinore offices.
The extent of the information taken from the unencrypted iPhone 5 is commonly accessible to mobile forensics investigators.
Cellebrite explained the UFED platform’s workings to Forensic Magazine during the in-office demonstration.
The device pulls data from a smartphone, giving locations, times, uses and just about any other data. Some phones can be cracked with the most simple, “logical” extraction, like in the Lake Elsinore leak. For the toughest cases, it could extend to a “physical” extraction, by which the UFED images the memory of the device – and then it essentially loads an application over the memory to “trick” it into yielding the valuable data.
Once complete, the company’s Link Analysis tool allows a trained user to reconstruct phone networks, map timelines of GPS locations, posts on social-media and text messages to essentially recreate the total usage. (That’s what appears to be enumerated in the extraction reports acquired by ZDNet).
The tool has obvious value in homicide cases or gang probes, Christopher Shin, Cellebrite’s vice president of engineering, said at their corporate office. The company employs about 300 computer experts at the company’s lab in Israel, constantly working at the proliferating phone types, SIM cards, carriers, and applications people use everyday.