Spring Ahead and See What April Has in Store for Cellebrite: A snapshot of Cellebrite’s April 2016 events

Spring is here and April 2016 is an exciting, action-packed time for Cellebrite. We will be participating in a multitude of events around the world – hitting every one of the globe’s hemispheres. Meet us in Zagreb, Rio de Janeiro, London, Orlando, among other leading international hubs, where our subject-matter experts will present the UFED product line, providing live demos and delivering presentations on hot industry topics for security and law enforcement markets, alike.

Take a look below and see a snapshot of our April events. We hope to see you somewhere around the globe – soon!

April 5, 2016: DATAFOCUS 2016 International Conference on Digital Evidence, Zagreb, Croatia

Cellebrite is springing into April with the DATAFOCUS 2016 International Conference on Digital Evidence in Zagreb, Croatia.  DataFocus is a one-day conference, with two-tracks, aimed towards both lawyers involved in digital cases that include digital evidence and investigators whose everyday jobs entail digital forensic investigations.

Don’t miss the Cellebrite speaking engagement under the umbrella, “UFED Series: Cellebrite Mobile and Cloud Forensic Solutions” – entitled, “Unparalleled Extraction and Analysis Capabilities, Optimized for the Lab and Field.”

April 12-14, 2016: LAAD Security 2016, Rio de Janeiro, Brazil

Next on our April schedule, Cellebrite will be exhibiting at LAAD Security 2016, Riocentro in Rio de Janeiro, Brazil, from April 12 – 14, 2016.  LAAD Security – Public and Corporate Security International Exhibition– brings together Brazilian and international companies in the industry of security, equipment, services and advanced security technologies.

Come by our booth number F.22, Hall 4, where we will be showcasing our many solutions that are sure to accelerate your investigations – anytime, anywhere.

April 19 – 20, 2016: Forensics Europe Expo, London, UK

Moving towards mid-April, Forensics Europe Expo, the only international event dedicated to forensic technology, will bring leading UK and International forensics professionals together to network, learn, and source new products and innovations.

Come and say hi to Cellebrite at booth number 1-C27, and learn about our products and solutions via live demos, among other hands-on sessions.

April 19-22, 2016: National Law Enforcement Training on Child Exploitation (NLETCE), Atlanta, GA, USA

Across the pond, Cellebrite is slated to take part at NLETCE, where subject-matter experts will be providing cutting-edge training on a wide range of trending and important topics. In addition, over 240 lecture and hands-on computer workshops designed specifically for local, state, tribal and federal law enforcement personnel and prosecutors who are responsible for combating child exploitation.  To learn more about Cellebrite’s role in combatting sexual extortion,together with INTERPOL, read our case study here:

April 25-27, 2016: National Cyber Crime Conference, Norwood, MA, USA

Back by popular demand—for its fifth year— the Massachusetts Attorney General’s Office is hosting the 2016 National Cyber Crime Conference to be held  April 25-April 27 in Norwood – and Cellebrite will be there in full-force. The conference will feature three tracks of instruction: a track for prosecutors, a track for investigators and a track for digital evidence forensic examiners. Each track will have multiple breakout sessions featuring instruction from nationally recognized experts in the field of cybercrime. All participants will be provided with an opportunity to receive hands-on instruction.

Drop by our booth number 10, where we will showcaserecent developments and demonstrating how Cellebrite’s mobile forensics solutions can help solve crime.

April 26-28, 2016: IACIS (The International Association of Computer Investigative Specialists), Orlando, FL, USA

Heading into the final stretch of this busy month of April, Cellebrite present at IACIS , a non-profit corporation composed entirely of volunteer computer forensic professionals dedicated to fostering and perpetuating educational excellence in the field of forensic computer science.  The audience will be comprised of professionals from the Federal, State, Local and International Law Enforcement community, as well as the business/commerce and academic communities. Stop by and meet the Cellebrite team!

April 26-28, 2016: Youth Technology and Virtual Communities Conference Bond University, Gold Coast, Australia

With the theme Prevent, Protect, Prosecute, the Youth Technology and Virtual Communities Conference will provide attendees with the latest developments, strategies and challenges across all facets in the collaborative effort to fight crimes against children. The conference is aimed at practitioners in the fields of law enforcement, prosecution, education, child protective services, social work, children’s advocacy and therapy who work directly with child victims of crime. In a testimonial video, hear how Detective Jim Bolt of ASP Security Services used Cellebrite’s UFED Physical Analyzer to recover deleted images as evidence in a case related to child abuse.

Come visit us our booth down under and learn how Cellebrite’s technical and training solutions accelerate investigations.

Visit our website to learn more about our events.

Cellebrite will be exhibiting all over the map this October

October is gearing up to be a super busy month for Cellebrite! A wide variety of events are scheduled for Cellebrite all across the globe. Meet us in Prague, Moscow, Miami, Orlando, London, Beijing and Bogota, where we will be presenting the UFED product line, provide live demo’s, and deliver presentations on hot industry topics for e-Discovery, security and law enforcement markets.

e-Discovery

 Mobile users leave behind digital traces on their devices, which can come a long way in any legal proceedings involving criminal or civil matters. Electronically stored information on mobile devices (or mobile ESI) represents an important category of relevant information and is quickly becoming critical for wide variety of investigations and litigations including employment, fraud, intellectual property, securities, and others.

October 19-21: LawTech Europe, Prague, Czech Republic

Cellebirite will kick things off at the Clarion Congress Hotel in Prague for the LawTech (LTECH) Europe Congress. LTech brings together professionals in law, technology, governance, and compliance to address four core areas in digital forensics: Digital evidence, forensic investigations, cyber security and legal technology.  Yuval Ben-Moshe, Cellebrite’s Senior Director, Forensic Technologies, will deliver two presentations during the show:

  • Mobile Devices and Mobile ESI – Facts and Myths, together with Daniel Bican from Ernst & Young
  • Mobile Devices and Mobile ESI – Proactivity Goes a Long Way

(For further details on Cellebrite’s presentations, please see the show’s agenda: http://www.lawtecheuropecongress.com/)

Stop by booth #601 to learn about live demo sessions, where we will that cover current techniques and tools for data search and data collection from mobile devices.

October 23: e-Discovery & e-Investigations Forum, London, United Kingdom

Join us at the Park Plaza Victoria Hotel in London for a one-day e-Discovery and e-Investigations Forum to learn how Cellebrite addresses the challenges that are surfacing the e-Discovery domain for mobile data collection. Yuval Ben-Moshe, Senior Director, Forensic Technologies, will be presenting on ‘Mobile Devices and Mobile ESI – Facts and Myths,’ and enlightening the crowd on the need to retrieve mobile data in cases of litigation, regulation or investigation, and discuss the processes required to obtain information from mobile devices within a litigation process.

Attendees from legal, compliance, finance, HR, investigations and more, are welcome to our booth to learn about our expertise in mobile data retrieval and analysis.

Security

October 21-24: Intepolitex, Moscow, Russia

As LawTech ends, another exciting show begins for Cellebrite in Moscow. The Interpolitex is the largest homeland security exhibition in Russia, taking place, organized by the Ministry of Interior of the Russian Federation, Russian Federal Security Service, and Russian Federal Service for Military-Technical Cooperation.  Drop by booth #1C3-1 to learn about the UFED’s recent developments, and how Cellebrite’s mobile forensics solutions can help solve cybercrime.

October 23-24: Latin America and Caribbean Summit 2014, Miami, Florida

Join our LATAM Forensics Sales Director, Frederico Bonincontro, for a two-day summit in Miami. LATAM & Caribbean event is focused on assessing the current digital security landscape and threats in the Caribbean, Central and South America region. Stop by booth #20 to learn about Cellebrite’s latest product developments and how our solutions can help you tackle your mobile forensic challenges.

October 28-31: 2014 Security China

Cellebrite’s APAC team will head to Beijing to showcase the UFED Series at the China International Exhibition on Public Safety and Security. Cellebrite, a thought leader in mobile forensics, will be presenting the UFED line of products for the security industry in booth # E1F01.

Stop by our booth to meet the Cellebrite team!

October 29-31: Expodefensa, Bogota, Colombia

Cellebrite will end its October events at another prestigious government-level security show, Expodefensa, organized by the Ministry of National Defense of Colombia, and the High-Tech Corporation and the International Business and Exhibition of Bogota. Our LATAM team will head to Bogota, Columbia to showcase the innovative UFED Series.

Drop by booth #439, pavilion 6 to learn about UFED’s accomplishments in security and defense!

Law Enforcement

October 25-28: International Association of Chiefs of Police (IACP), Orlando, Florida

Later in the week in Orlando, Florida, Cellebrite USA representatives will be on hand at the 2014 International Association of Chiefs of Police Conference to demonstrate to police leaders at all levels how they can use a mix of training, policy, and technology to implement mobile forensics strategies in a post-Riley world.

Visit us at Booth #769 to learn more about how Cellebrite’s technical and training solutions accelerate investigations by affording investigators the ability to collaborate more readily with digital forensics examiners, supervisors, and prosecuting attorneys.

A case study on mobile victimology from #CACC2014

What is mobile victimology? The concept of “victimology” involves in-depth analysis of a victim’s life, including the normal and abnormal patterns of life over the days, weeks, even months leading up to a violent crime.

Mobile devices help this process because they are so intimately tied to an individual’s life that they often help to fill in incomplete or inaccurate witness statements, surveillance video footage, credit card receipts, and other information.

As this February 2014 article in Police Magazine noted:

Smartphones, GPS devices and other mobile media can be good starting points in any investigation, whether the victim is alive or deceased. The existing, deleted, and hidden data stored on them can help you develop leads to focus your investigation and move it forward. The data can also serve as corroborative or exculpatory evidence, along with mobile carrier data.

In a post-Riley world, of course, getting access to this degree of data requires proper legal authority: written consent, a search warrant, or a defensible exception to the search warrant requirement. Once you do identify the device as a nexus to a crime, however, its evidence can make all the difference.

Case study: mobile victimology in action

Last week at the Crimes Against Children Conference, Ronen Engler, senior manager of technology and innovation joined Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., to present how just this type of analysis helped prove how a rapist had premeditated the murder of his rape victim.

Their session was a corollary to a case study offered by the Dallas County District Attorney’s felony chief, Brandon Birmingham, together with Carrollton Police Det. Dena Williams and the DCDA’s special field bureau chief, Russell Wilson. Over that session, the three detailed how rapist-murderer Franklin Davis Googled the name and location of his victim, Shania Gray, as well as phrases like “Best way to get off a sexual assault charge” and “Gun shows in Mesquite,” after which point he purchased a gun and used social media to harass and intimidate Shania.

Davis also used a mobile app to spoof messages from Shania that appeared to recant her accusations against him, which he then used in his own defense. Our case study, published jointly with DriveSavers, shows how forensic examiners were able to prove definitively that not only had the messages come from his phone, not hers, but also the level of premeditation he engaged in. Davis was sentenced to death in November 2013.

Have a case study you’d like us to feature? Leave us a comment!

Join Cellebrite at these 4 August events!

Cellebrite will be present at four events in the United States during the month of August. Visit us in San Diego, Calif., Santa Clara, Calif., Dallas, Tex., and/or Austin, Tex., to see our latest products demonstrated and to hear our subject matter experts talk about the latest issues and trends in mobile forensics.

August 5-7, 2014: San Diego and Santa Clara

Cellebrite will be at two California-based shows this week: National Technical Investigators Association (NATIA) and the Flash Memory Summit.

At NATIA, held in San Diego, senior trainer Keith Daniels will instruct a hands-on lab, “Extracting and Decoding Mobile Device Evidence with UFED Technology,” on Thursday, August 7 from  3:00-5:00 PM. Here, learn about timeline, analytics, mapping, and other analytical capabilities of the Cellebrite UFED Series, along with how best to preserve the evidence.

We’ll be exhibiting the UFED Series at Booth #417. Stop by with your NATIA “Bingo” card and ask one of our booth staff to stamp our logo on your card.  Once you have collected stamps from all the exhibitors featured on your card, turn the card in to event managers to be eligible for special prizes. These include, among others, a 2015 paid conference fee package!

The same week will see us in Santa Clara for the Flash Memory Summit, being held at the Santa Clara Convention Center. There, Ronen Engler, senior manager of technology and innovation, will present “Micro Storage, Macro Crimes” on Wednesday, August 6 from 8:30-9:35 AM.

In this session, understand how developments in data protection, prepaid and unsupported devices, and app proliferation challenge investigators, and what workarounds are available. Learn not only what can be retrieved, but also how examiners analyze it once they have the raw data—and what it all means for criminal cases both now and into the future.

August 11-14, 2014: Dallas

The week following will see Cellebrite exhibiting at the Crimes Against Children Conference (CACC) in Dallas, Texas at Booth #5. Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., will join Ronen Engler to present a workshop on “Mobile Victimology: How Mobile Data Can Help Focus Investigations.”

The workshop will take place Tuesday, August 12 from 10:00-11:30. Hall will be bringing to bear a case study on how DriveSavers forensic examiners used UFED Physical Analyzer to help prosecutors build a capital murder case against a rape and murder suspect in Texas. The case demonstrates what mobile device usage can reveal about victims, suspects, and where their paths cross via carrier call detail records, social media graphs, and other data sources.

CACC is sponsoring a tablet giveaway! Participants in this workshop will receive one entry for a chance to win this giveaway. To win, you must be present Wednesday evening at the social event. See the CACC’s final program for more details.

August 25-27, 2014: Austin

Cellebrite is proud to be a Gold Sponsor of the High Tech Crime Investigation Association (HTCIA)’s annual conference, held this year in Austin, Texas. In addition to exhibiting at Booth #201, we’re pleased to offer all conference participants the opportunity to attend our five lectures and hands-on labs.

Tuesday at 3:30PM, we’ll present a lecture, “Mobile Devices: Extraction Methods and Advanced Decoding,” covering forensic workarounds for recent advancements in mobile device hardware and operating systems, developments in data protection, prepaid and unsupported devices, and app proliferation. Learn not only what can be retrieved, but how to analyze it once you have the raw data.

Each hands-on lab, “Basic Mobile Device Extraction with Cellebrite UFED4PC” and “Introduction to UFED Physical Analyzer,” will be presented twice on Wednesday for a total of four sessions that day. Join Cellebrite Forensic Training staff to learn how to get the most from UFED extraction and analysis software.

Whether you’re new to Cellebrite or a long-time customer, we look forward to seeing you and hearing about your mobile forensics experiences!

Mark your calendar and join Cellebrite at US, India, or South Africa events this July

Cellebrite will be hosting three consecutive law enforcement/security-oriented events across the globe this July. Join us in the United States, India or South Africa, and experience a live demo of the UFED product line with all its latest features.

Palm Springs: National Association of School Resource Officer Conference (NASRO)

NASRO is dedicated to providing the highest quality of training to school-based law enforcement officers in order to promote safer schools and safer kids in the US.

From July 13 – 15 Cellebrite will be at NASRO’s annual conference in southern California, presenting the UFED Series to school resource officers, law enforcement personnel, and other school security/safety professionals.

Cellebrite staff will also be highlighting success stories of where our leading mobile forensics tool was used to help solve school related crime and violence. Look for us at Booth #11.

Johannesburg: Intelligence Support Systems (ISS) World 2014

As NASRO ends, the ISS World event begins in South Africa on July 15 – 17. ISS is a place where law enforcement, public safety, telecoms and the intelligence community turn for technical training and product selection. Cellebrite will be exhibiting at Booth #204.

As part of the ISS World Programs, Roy Shamir, Cellebrite’s Director of Sales, EMEA, will be providing a presentation on Trends in Mobile Forensics, including the UFED portfolio, during the ISS for Mobile Location, Surveillance and Signal Intercept track on Wednesday, July 16 from 14:00-14:30.

New Delhi: India International Police Expo 2014

Cellebrite will be showcasing its mobile forensics solutions at the International Police Expo in India on July 17 – 19. An exhibition focused on policing equipment, the Expo provides vendors and visitors with the opportunity to learn about new technologies and solutions that are shaping the mobile forensics industry, among other technologies related to safety and protection.

Visit with Cellebrite representatives there at Booth #60, and be sure to see Cellebrite APAC’s Jeremy Chua present on “International Trends of Mobile Device Forensics and Their Impact on Law Enforcement” July 19!

We hope to meet and greet with you at one of these upcoming shows!

DIY app forensics: What does it take?

Digital evidence from the millions of apps currently available in the Google Play Store is frequently material to criminal and civil cases and investigations. Yet app evidence is time consuming and costly to decode, analyze, and produce while facing deadlines and a backlog of cases.

What’s in app support? At Mobile Forensics World this year, you have a chance to find out. On Tuesday, June 3, John Carney and Don Huettl, of Minneapolis (Minnesota, US)-based Carney Forensics, are presenting a two-part lecture and live demo on what it took for them to develop plugin support for the Burner Android app. We took the time to sit down with John and get the story behind the lectures.

Cellebrite: What first drove you to start developing plug-ins to support third party apps?

John Carney: We’ve seen a dramatic change in mobile phone architecture in recent years as smart phone and tablet makers rely on apps as basic building blocks.

This makes for an industry challenge faced by tools vendors and examiners alike.  Over one million iOS apps and one million Android apps are available today through app stores, but automated forensic analysis is supported for only a few hundred.

And, even though scripting capabilities exist for examiners to develop their own forensic app support, very few are decoding apps and writing the scripts and plug-ins to probe their device evidence.  We wanted to attempt to show examiners a path forward and how to get involved.

CB: How did you come to choose this particular app?

JC: Mobile messaging apps are an extremely interesting family of mobile apps that phone users are shifting to in great numbers all over the world as they abandon traditional text messaging offered through the service providers.

We noticed examples of these apps that support message deletion and user-specified retention periods after which they are deleted.  Snapchat is perhaps the best example.  TigerText is another.  We chose to support Burner.

We wanted to see if we could find message evidence after the message was deleted or “burned”, and to support a new app that the tools vendors did not support.  Cellebrite now supports Burner on iOS, but ours is the only Burner plug-in or script available for Android.

CB: What challenges did you face at the outset?

JC: We had to choose a reasonably interesting app that was supportable and an app platform that made sense for us. We made our determination using three criteria:

  1. We wanted to add something of value to existing app support. For example, because GoSMSPro uses the same core data structures that UFED already supports to decode other SMS, we found there was really no work to be done.
  2. The app data couldn’t be too difficult to acquire. It would be fruitless to try to support an app whose data is encrypted.
  3. Along similar lines, we wanted to support an app that would give us plenty of artifacts to uncover. Some app developers, who are experienced with writing secure apps, do a lot of garbage collection and data wiping along the way. They don’t leave much behind as a result.

Burner, as it turned out, gave us an almost “Sherlock Holmesian” opportunity—after the phone number is burned, we found we had a shot at finding artifacts left behind, and we did!

Then, we had to construct a development environment that gave us about half a dozen features that would make our research, development and testing flow more easily. Basically, we built a “nest” for doing productive work: in the short term, nimble, fast, cost effective results, and for the long term, investment in future development.

For example, virtual phone support—Android emulators—allowed for experimentation across makes and models without a significant cost outlay. We could then create two virtual phones and have them call and text each other from a single platform.

For another example, platform virtualization allows us to take advantage of various computing architectures. Developers can use Mac, Windows or Linux platforms for full flexibility in the development environment.

Another challenge was that we had to learn how to decode mobile apps evidence, which proved to be one of our most critical challenges. We also had to learn how Cellebrite encodes phone evidence for reporting our results, and advanced analytic options like timelines, maps, and activity analytics.

On the other hand, having looked at other plug-in writing environments, we can say that UFED Physical Analyzer offers the best support for developers. It is equipped with advanced SQLite and plist decoding, highly modular decoding chains, and it provides an excellent debugger. We don’t have to worry about flash translation layers, reconstructing file systems, or parsing common phone data structures.

We wanted to be 80% done with plug-in development from the moment we started, and UFED gave us that level of advanced and broad-based support in a way that many other tools do not.

CB: What did you find you needed in terms of resources (time, team members, etc.)?

JC: We needed a skilled software engineer with digital forensics training who understood object-oriented development and who could quickly learn Python.  Don Huettl had those skills and was also a clever designer who constructed a highly innovative development environment. Don came to us as part of an internship with a degree program from a nearby academic institution, where I serve on the advisory board. In addition to the right people, we needed time to decode our app, and write and test our Python code.  We also had to learn how to present our project so that examiners could understand and appreciate what we had done.

This took several iterations of slide decks, including a comprehensive live demo of our development environment. Don shows how we decode the app, take the script and turn it into a plug-in, put it on a decoding chain, perform the examination, and then create a report—all in a way that anyone could understand, even if they don’t have a background in scripting.

Documentation is key to this process. It’s good scientific practice anyway, but in this case, it provides the framework for learning how to do this. Besides documentation of our own methods, we found that the Iron Python libraries and .NET libraries were critical to our success, and important for sharing with the community. Finally, we found that we needed more than one UFED Physical Analyzer license to support the decoding, development, and testing of our plug-in.

CB: What skills did you and your team members already have, and what skills needed to be developed or sourced?

JC: We had software architecture, design, and engineering skills.  I was a software engineer and architect in a former life and an experienced mobile device forensics examiner for the past five years.

Don was an experienced software engineer who learned computer and mobile forensics and got certified during his degree program.  He was looking for a challenging internship.  We didn’t need any more skills than that.

CB: What technical challenges did you face at various stages in the project?

JC: We had to learn how to decode mobile apps including SQLite app databases and how to expose other artifacts and files in our mobile app.

We had to find phone emulators for Android phone models and learn how they worked and what didn’t work. The quality of the emulators and how many features they support or don’t support figured into this research.

For example, creating two different virtual devices—different makes and models—with a full range of functionality might mean that different VOIP apps, or forwarding rather than simply sending and receiving text messages, crash the emulator. We had to figure out how to work around the bugs.

We also had to learn how UFED Physical Analyzer organizes and structures phone data for presentation to examiners. In other words, we had to figure out how to plug the examination results back into UFED PA so that reporting and analytics would work on the back end.

We had to learn and develop debugging techniques for perfecting our Python script and plug-in. Even for a software engineer with plenty of experience, the debugger, which provides an atomic level look at code execution and data, is important to figure out why something isn’t working.

Fortunately, the UFED’s support for the debugging environment in Python shell made this trial and error process much easier.

CB: What have you learned thus far about the plug-in development process?

JC: We’ve learned that the process is very dependent on the specific mobile app that we have targeted to support.  We have to become experts on our app. This involves understanding the app’s user model, what the app’s purpose is, what it does and doesn’t do, and so forth.

Decoding the app, in turn, requires understanding the connection between the user model and the data model. You can’t have just a passing knowledge of the app and expect to be able to write a plug-in; you need to understand the app at the same level as its own developer.

We’ve learned that encryption and cleansed data are not our friends as we attempt to acquire and report phone evidence.

We’ve learned that leveraging UFED in our work is like standing on the shoulders of a giant.  Physical Analyzer helps us with decoding, reporting, and debugging.  And all of the various pre-existing UFED plug-ins acquire, translate, reconstruct, and prepare mobile app data for us so that we can do our best work.

We’ve learned that we have to document our process and our code so that we can remain nimble, grow our team, and develop quality plug-ins.

CB: What will you be exploring in future research and development?

JC: Many app families are interesting to us including personal navigation, spyware and malware, and also payment. We want to explore additional mobile apps that have not been decoded and automated by any of the tools vendors yet, but that are desperately needed by examiners.

Because we’ve only developed one plug-in, we don’t yet have a quantitative idea what kind of time commitment is required for different kinds of apps.

However, understanding that mobile examiners are busy people, it may become possible and necessary for people to plug in to the process at different points and share their skills and aptitudes. Rather than developing “cradle to grave” plug-ins, in other words, one person might focus on decoding, another on script testing, etc.

We also want to construct a development environment for iOS including iDevice emulators so that we can develop multi-platform app plug-ins.

Join John and Don for their two-part presentation in Oleander A on Tuesday, June 3. From 11:00 – 11:50 a.m., John will present “A Case Study in Mobile App Forensics Plug-in Development – Examiners/Developers to the Rescue (Part 1). From 4:30 – 5:20 PM, Don will present “A Case Study in Mobile App Forensics Plug-in Development – Build Your Own Plug-ins (Part 2). We hope to see you there!

Setting the stage for mobile device e-discovery

Electronically stored information on mobile devices—mobile ESI—is quickly becoming relevant, if not critical, in a wide variety of corporate investigations and litigation including employment, intellectual property and trade secrets, securities, and other areas. Even so, many organizations face a number of challenges in obtaining mobile ESI, not least of which is the blurry and sometimes shifting line between personal and corporate data.

Scott-Giordano-255x300Scott Giordano, Exterro’s Corporate Technology Counsel, applies legal, business, and technical skills to problem-solving in corporate ethics and compliance, information security, and electronic discovery. Together with Cellebrite’s forensic technical director Yuval Ben Moshe, Scott will present during Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection.

I took the opportunity to speak with Scott about the need for mobile forensics as part of a holistic e-discovery approach, how privacy laws affect mobile e-discovery globally, and the need for strong policy as a result—no matter the size of an organization.

Christa Miller: Many companies resist collecting mobile device evidence because they see it as redundant, especially when their burden of proof is only preponderance of the evidence, and they must take proportionality and cost into account. What’s the tipping point between collecting enough, and being thorough in building a case?

Scott Giordano: While there is a fair amount of redundancy between what’s already on the network and what’s on mobile devices, much of the information likely to resolve a matter can only be found on the latter—geolocation information, for example.

I can tell you that the first time I saw a Cellebrite presentation, I was made a believer.  The best way to meet the preponderance standard is to identify those few “documents” – pieces of information, really, that succinctly demonstrate to a jury a particular chain of events and merit only one conclusion.

Christa Miller: You’re a Certified Information Privacy Professional (CIPP) in both the US and Europe. How do privacy laws in each region affect mobile devices in the workplace? How do they overlap, and how are they different, especially with regard to BYOD? What might US corporations take away from European corporate compliance, particularly around concepts like “the right to be forgotten”?

Scott Giordano: Employee-owned mobile devices are rapidly being woven into the fabric of U.S. corporate operations via BYOD, but in the EU they’re still considered completely separate and off limits.

As a result, if U.S. multinationals want to use the same model, they’re going to have to take into account regulations at both the EU- and local levels, build policies that adhere to them (including the right to be forgotten to the extent it’s implemented) and deploy if allowable, which is not always a given.

Christa Miller: Some corporate counselors recommend that companies audit mobile devices upon employees’ exits and at other designated intervals. Others shy from collecting BYOD data because they don’t want to be liable for access to deeply private data such as personal health information. Can you give examples of how companies can address the need to protect their own data, vs. the need to protect employees’ privacy?

Scott Giordano: All of this has to be addressed via policy from the introduction of the mobile device into the corporate firewall, otherwise you’ll potentially face different outcomes in every jurisdiction and even then it will likely vary from case to case.  This lack of policy clarity is essentially the reason for the result in the Cotton v. Costco opinion that was handed down this year.

Christa Miller: Smaller companies, including SMBs, may perceive that corporate compliance is only for the Fortune 500. From an infosec and employee privacy standpoint, what steps can these firms take to protect themselves in the event of BYOD-related litigation?

Scott Giordano: SMBs have to take these issues seriously and, again, it goes back to developing policies and setting expectations for both the employer and employee.  Employees often fail to understand that employer data that’s on their devices is still the employer’s property and litigation over privacy and intellectual property can (and often does) get ugly.  Moreover, those devices broaden the corporate attack surface and have to be addressed from that standpoint.  Better to prevent or mitigate it in the first place.

Christa Miller: You are speaking on Exterro and Cellebrite’s upcoming webcast (May 14), Step Up Your ECA Game Plan with Mobile Device Data Collection. What do you hope viewers come away with from the presentation?

Scott Giordano: I hope that they’ll come away with the following:

  1. Mobile devices are rapidly become part of the larger e-discovery universe
  2. Early data- and early case assessment for mobile devices are crucial tasks for litigation success
  3. The time to prepare is now.

Read more about Cellebrite’s perspective in Exterro’s interview with Yuval. To learn more from Scott and Yuval about the necessary policies to defensibly collect mobile data and best practices for speeding up the mobile data collection process, register for Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection, airing on May 14.

Join Cellebrite at US, UK events next week

Cellebrite's booth at LAAD 2014Cellebrite will be busy during the last week in April, as four events start almost simultaneously! In the United States, join us in greater Boston, Washington D.C., or Orlando; across the pond, we’ll also be in London, England.

Boston: the National Cybercrime Conference

April 28-30 will see us just south of Boston, in Norwood (Massachusetts), for the third annual National Cybercrime Conference. Join us at the Four Points Sheraton, where you’ll find us in Booth 11&12. We’ll also offer two speaking slots and, for the first time, we’re sponsoring a Mock Trial around mobile forensics testimony.

The Mock Trial will happen on Tuesday, April 29th from 2:00pm – 3:15pm. Mobile device evidence will be presented and challenged, as prosecutors examine and cross-examine an expert witness. Learn how to present your case if you’re a prosecutor, or if you’re in law enforcement, how to be a good witness.

Immediately following the Mock Trial, from 3:30 – 4:45pm senior manager of technology and innovation Ronen Engler will speak on “Dealing with Persistent Smartphone Forensic Challenges.” The session will discuss forensic workarounds for the latest data protection, prepaid and unsupported devices, and apps.

Tuesday night from 5:00 – 7:00pm, Cellebrite is hosting a networking reception in Zachariah’s at the Four Points Sheraton. Enjoy complimentary cocktails and hors d’oeuvres while also being entered into a raffle, and network with law enforcement, prosecutors and Cellebrite staff.

Wednesday, April 30th from 9:50am – 11:00am, Ronen will offer a live demonstration on “Using Intelligence Methods in Mobile Forensic Exams.” This will show what mobile device usage can reveal about victims, suspects, where their paths cross, and how this information proactively and reactively helps your investigations.

Orlando: International Association of Computer Investigative Specialists (IACIS)

Also starting April 28, and running through May 9, will be IACIS’ annual training convention in Maitland, part of Metro Orlando (Florida). In addition to having a table at the event from May 5-7, Cellebrite internal training staff members, Buddy Tidwell and Joe Duke – both of whom hold the IACIS CFCE certification – will serve as IACIS Instructional Staff for its Advanced Smartphone Training.

In addition, we’re hosting a vendor night with giveaways! Join us on Wednesday, May 7 at 6pm, where we’ll serve refreshments from the Margaritaville menu.

London: Forensic Europe Expo 2014

Join us at Upper West Hall, Olympia, London (United Kingdom) for the two-day Forensic Europe Expo starting April 29, where Cellebrite is exhibiting in Booth 1-B25. As part of the Digital Forensics Conference stream, Yuval Ben-Moshe, Cellebrite’s senior forensics technical director, will present “When a Phone is not a Phone” in the Mobile Forensics track on Wednesday, April 30 from 11:55am – 12:20pm. This presentation will cover mobile devices as an integral part of people’s daily lives, as lockboxes for vast chunks of personal data, and as evidence or containers of evidence after a crime. Participants will get global perspective and an opportunity to share your own views and opinions.

Washington, D.C.: US Cybercrime

Also starting April 29, but running through May 2, will be the US Cybercrime Conference in Dulles (Virginia). Cellebrite is exhibiting in Booth # 401, and will offer lecture tracks in addition to pre-conference training and certification.

Sunday and Monday, April 27-28, Buddy Tidwell, director of global training at Cellebrite, will take students through the Certified Logical Operator (CCLO) course. Designed for first responders and basic to intermediate investigator / examiners, this course exposes students to the fundamentals of mobile device investigations, logical extraction of user data, and analysis of mobile devices. Participants will have the option to become certified as a Cellebrite Certified Logical Operator.

On Thursday, May 1 we’ll be offering two sessions. From 11:10am – 12:00pm, Ronen Engler will reprise the live “Using Intelligence Methods in Mobile Forensic Exams” demonstration. After lunch, from 1:30 – 2:20pm, Ronen will join Cindy Murphy and Heather Mahalik for a presentation on “Mobile Malware.” In this session, learn the difference between malicious targeting and inadvertent mobile malware installation, what to look for in mobile forensic exams, and how to examine malware to learn its purpose.

Whichever side of the pond you’re on, we hope to meet you soon!