Join us at LegalTech 2014 and learn about mobile ESI

This week we’re at the Hilton New York for LegalTech 2014, where we’ll be exhibiting UFED 4PC, UFED Touch, and UFED Link Analysis for e-discovery and litigation support practitioners.

Mobile e-discovery is still a nascent discipline, but text messages, data found in apps, and even GPS data have all proven relevant in employment, intellectual property, fraud, and other cases. At LawTech Europe Congress last October, Cellebrite forensic technical director Yuval Ben-Moshe moderated a panel of experts in discussing these issues at length.

Panelists Patrick Burke, e-discovery counsel at Reed Burke, and Damien Murphy, a barrister at Enterprise Chambers, agreed that they’d worked on several cases in which mobile evidence would have made the litigation go easier, while panelist Jo Sherman, founder and CEO of EDT, raised the point that better awareness is needed around what’s possible: a less document-oriented approach that considers how to find information in new ways, depending on the needs and circumstances of the case.

Watch the entire panel presentation in the video below. And, if you’d like to discuss further with our experts this side of the pond, visit us in New York at Booth #1503!

Webinar: Link analysis for everyday investigations

Mutual connections in UFED Link AnalysisLink analysis isn’t just for gang, fraud, narcotics, or other large-scale or complex investigations. It’s also useful in a wide variety of “everyday” crimes: prostitution, assault, even homicide and property crimes.

Whether you’re a detective or investigator that does mobile forensics part-time, or a dedicated digital forensics analyst, link analysis can help you focus and direct your investigation or analysis. In Cellebrite’s next upcoming webinar, learn how to rapidly visualize key relationships and identify the connections and communication methods between known and potential victims and suspects.

The session will touch on key features from Cellebrite’s UFED Link Analysis software, including:

  • Communication links between multiple mobile devices and their contacts, calls, SMSs, MMSs, emails, chats, application transactions, Bluetooth devices, locations, and more.
  • Visual data representations that show how entities are connected
  • Data filtering by time, date, number of contact times, and categories
  • Bidirectional and unidirectional communications patterns between entities
  • Location analytics that show whether entities were at the same place at the same time

You’ll also learn how to share your findings with colleagues, supervisors, attorneys and others who require the information.

Use this link to register for one of 6 scheduled sessions:

Tuesday, 03 December 2013

Session 1: 8am PDT / 11am EDT / 4pm GMT / 6pm Eastern Europe
Session 2:  1pm PDT / 4pm EDT / 9pm GMT / 11pm Eastern Europe

Wednesday, 04 December 2013

Session 3:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 4:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

Thursday, 05 December 2013

Session 5:  10am GMT / 10am Central Europe / 11am Eastern Europe
Session 6:  8am PDT / 11am EDT / 4pm GMT / 5pm Central Europe / 6pm Eastern Europe

We look forward to seeing you in Cellebrite’s next webinar!

Join Cellebrite for IACP, LTEC and Interpolitex this October 2013

Cellebrite is sponsoring and/or exhibiting at the following events this month. We hope you’ll join us to learn more about mobile forensics’ importance in a variety of sectors worldwide, and of course, about the latest additions to the UFED Series!

IACP Annual: October 19-23

IACP_headerThe International Association of Chiefs of Police is holding its annual trade show and expo at the Pennsylvania Convention Center in Philadelphia, PA, USA this year. This is the place for law enforcement command staff to learn about how our solutions minimize the time and effort needed to gather mobile device evidence.

If you’re a law enforcement decision maker, join us in Booth #2760 to learn more about the UFED 4PC and UFED TK, as well as our flagship UFED Touch and our investigative tool, UFED Link Analysis.

Lawtech Europe Congress: October 21-22

LawTech Europe CongressThis annual Prague, Czech Republic event focuses on electronic evidence, computer forensics, cyber securityand legal technology. As blogger Chris Dale wrote, “It is not therefore just an eDiscovery conference, although eDiscovery is about evidence, it depends on forensics, it increasingly overlaps with cyber security and it is obviously about legal technology.”

Join Cellebrite’s forensic technical director, Yuval Ben-Moshe, for two speaking opportunities. On October 21, he’ll be speaking about how data stored in mobile devices can be essential to e-discovery and civil proceedings just as it is for criminal ones. The following day, Yuval will moderate a panel that examines the various aspects of mobile ESI admissibility, privacy, and proportionality.

Interested EUR20 delegates who are located remotely will be able to view these and other sessions via Cisco Live Video Streaming. If you qualify, please register for the streaming sessions here.

In addition, LTEC’s “Meet the Solution Providers” facility allows you to avoid any queue at the conference if you need your questions answered by the array of solution providers. Schedule your meeting here.

Finally, Cellebrite has access to a limited supply of all-access passes to LTEC next month. Use the pass to join us with full access to the conference and exhibit hall; meet leading European legal technology professionals and experience the latest technological advancements. To obtain your pass, please leave us a comment and we will get back to you with more details.

We encourage you to register and take advantage of the spectrum of activities at LTEC. We look forward to seeing you!

Interpolitex 2013: October 22-25

interpolitexAt the Moscow, Russia-based Interpolitex, our booth is located in the All-Russian Exhibition Centre’s main hall in the International Exhibition of Police Systems and Equipment area. Join us in Booth #1C11-2 as we introduce UFED 4PC and UFED TK to our Russian law enforcement customers, and continue to promote the other tools in the UFED Series.

Join Cellebrite at events this September

Cellebrite is exhibiting at a number of events around the world this month. Join us in the following times and places:

HTCIA, September 8 through September 11

htcia_logo_new21Join Cellebrite in Las Vegas, Nevada, USA as we offer a series of 4 all-new, 90-minute hands-on labs. Each lab will be presented twice over the conference’s three days, and will teach you how to maximize the value of your mobile device evidence:

  • In  “Finding the Missing Link,” use Cellebrite’s new UFED Link Analysis software to visualize mutual links in multiple complex mobile device data sets.
  • In “Physical Analyzer Overview” take the opportunity to use UFED Physical Analyzer to examine smartphone data at the binary level.
  • “Location, Location, Location” will get even more granular in showing you how UFED Physical Analyzer parses location data stored in cell phone and GPS devices.
  • Finally, come see what’s new in the “Cellebrite New Technology and Training Update” lab, including the exciting new shape of Cellebrite’s Training and Certification Program.

Don’t forget also to join Cellebrite for the HTCIA Vendor Showcase. We’re holding a demo on Monday, September 9 from 1 – 1:30 pm inside the exhibit hall.

Finally, Cellebrite Authorized Training Partner Root9b will additionally offer UFED training, affording students the opportunity to be among the first to test for the new Cellebrite Certified Logical Operator (CCLO) certification.

Find out more at http://www.htciaconference.org/.

Exterro inFusion, September 23 through September 25

infusion13We’re joining strategic partner Exterro at their user conference, inFusion ‘13, where engineering product manager Ronen Engler will participate in a panel discussion. The panel, “E-Discovery Roundtable: BYOD & Social Media: Defensible Management & Approaches in E-Discovery” will run on Wednesday, September 25 from 10:15am to 11:15am. Joining Ronen will be Edwin Lee, Managing Director, Alvarez & Marsal; Ronni Solomon, Partner, King & Spalding; and Joe Mullenex, Sales Engineer, Exterro.

Learn more at http://www.exterro.com/infusion13/user-conference/.

kazakhstan_securityFinally, September 11 through September 13, Cellebrite will be at the Kazakhstan Security Systems show in Astana. This exhibition focuses on a wide variety of public safety, border security, law enforcement and intelligence requirements. Learn more about this conference at http://www.clondians.com/en/site.xp/053053049.html.

2 free webinars highlight Cellebrite UFED software

This week and next we’re pleased to offer two free webinars that give you deeper insight into using two UFED software applications: the newly introduced UFED Link Analysis, and the award-winning UFED Physical Analyzer.

Generate leads with UFED Link Analysis

This Wednesday, July 17th, join Yuval Ben-Moshe, Cellebrite’s Forensic Technical Director, as he shows how UFED Link Analysis can help you identify connections between multiple devices and generate important leads based on data extracted from mobile devices.

Register here for Session 1, 8:00 AM UTC / 4:00 PM SGT (Singapore Time)

Register here for Session 2, 3:00 PM UTC / 8:00 AM PDT / 11:00 AM EDT

Drill into deleted, hidden and existing data with UFED Physical Analyzer

Next Wednesday, July 24th at 8:00 AM PT / 11:00 AM ET (3:00 PM UTC), join us for an overview of how UFED Physical Analyzer’s timelines, watch lists, project analytics, image carving, geolocation mapping, malware detection and many other features maximize your investigative power.

Register here for Session 1, 8:00 AM UTC / 4:00 PM SGT (Singapore Time)

Register here for Session 2, 3:00 PM UTC / 8:00 AM PDT / 11:00 AM EDT

Also don’t forget to register for the upcoming SANS webinar, “Digital Forensics in Modern Times,” scheduled for this coming Thursday, July 18th!

Visit with Cellebrite at upcoming events this July

July will be a busy month for us, as we present at four shows in the United States and Brazil. Read on for details about our talks regarding best practices for effective mobile forensics, data analytics, mobile forensics and school safety, and our latest contributions to the mobile forensics workflow:

July 9-10: SANS DFIR Summit

SANSlogoJoin us tomorrow and Wednesday at the Omni Austin Hotel Downtown for the 2013 SANS DFIR Summit. Tomorrow from 12:30pm – 1:45pm we’ll be holding a Lunch & Learn in the Lone Star room – Ballroom Level. There, forensic engineering product manager Ronen Engler will discuss “Using Data Analytics to Focus and Streamline Forensic Exams.”

Both Tuesday and Wednesday we’ll be available at our booth in the Capital Ballroom Foyer – Ballroom Level. Join us there as well!

July 14-16: NASRO

JOSS Conference BannerCurrent case law supports searches of student mobile devices when school officials have a reasonable suspicion that the student has violated school policy, or the law. At the National Association of School Resource Officers (NASRO) Conference, we’re offering an exhibitor demo on best practices, data analytics and the documentation SROs need to communicate their methods to school administrators, parents and students.

Join us on July 16 from 11:20am – 12:00pm on L4 – Level 1 of the Rosen Shingle Creek Hotel in Orlando, Florida, where sales engineer Lee Papathanasiou will detail what data might support or disprove allegations of bullying, assault, drug abuse, dating violence, property crimes and even school violence. We’ll also be available to talk at Booth #11 in the Panzacola F Ballroom – Level 1.

July 16-18: NATIA

memphis_small_natiaThe National Technical Investigators’ Association (NATIA) gives exhibitors three days in their week-long conference, and we’ll be at the Memphis Cook Convention Center (Memphis, Tennessee) in Booth 344 offering demos of UFED Link Analysis, UFED Touch and other products.

We’re also presenting a 2-hour lecture session on two days: July 16 from 5-7pm, and July 17 from 10am – 12pm. In “Secure, Extract, Analyze, Act – Best Practices to Seize, Process and Follow the Data Where It Leads,” forensic sales director Keith Daniels and forensic engineering product manager Ronen Engler will help you understand the best practices that help you build stronger cases and better credibility, as well as how to get more meaningful leads that you can put to work right away in an investigation.

July 23-25: ISS World LATAM

ISS WORLD Latin America 2013ISS (Intelligence Support Systems) World Latin America is the world’s largest gathering of Latin American law enforcement, intelligence and homeland security professionals. At this conference, Cellebrite LATAM’s Nicolas Mauricio Wernicke will be presenting on the latest ways we are “Revolutionizing Mobile Forensics.”

Are you attending any of the above events? Be sure to visit with us once you’re there!

How the past 6 months have shaped mobile forensics trends: MFW 2013 panel

Since releasing our “Trends in Mobile Forensics” white paper in January, the industry has continued to rocket forward. In just six months, some of our panelists’ predictions have remained accurate—and others have arisen. Watch the video to learn more, and keep reading for some additional highlights (and presentations) on mobile apps, evidence validation and gang suppression, among other things:

Mobile forensics as its own subspecialty

David Papargiris, director of digital forensics at Evidox Corp., believes that mobile forensics is becoming its own discipline because phones are so much more complex. For example, even three years ago, malware on mobile devices was unheard of. In addition, Papargiris believes that issues like apps and chip-off extractions are a good reason for mobile forensics to be a separate discipline.

Heather Mahalik, mobile forensics technical lead with Basis Technology and a SANS Certified Instructor, noted that specialization is already happening among defense contractors. In her lab, hard drive forensic specialists don’t handle mobile devices at all and vice versa.

Her team’s ability to specialize has led them to methodology like chip-off extractions, which are most handy on devices damaged by water, bullets or explosives, devices whose locks can’t otherwise be bypassed, and so on. “We rely heavily on tools like UFED to parse the data,” said Mahalik.

However, because these specialists go deep–“sector by sector”–on the devices they do examine, parsing is a “huge issue,” said Mahalik. She questioned whether examiners are fully aware of what they might be missing after they get their data and print a report. “What if a third-party app is the only way [your suspects] communicate?” she asked. “The tool needs to obtain that data.”

Asked what her caseload is like, such that her 4-person team can fully analyze every handset, Mahalik responded that priorities are ranked—and not every device that comes in is processed. “Knockoffs and simple phones are easy because we know exactly where to look,” she explained, while iPhones – especially those containing apps – can take a few weeks.

Dan Morrissey, a sergeant with the Sacramento County Sheriff’s Department, questioned whether mobile forensics was progressing to a point where chip-off extractions—still considered by many to be “hacking” despite efforts to legitimize it within the forensic community—become less popular than wiretapping. “Encryption is getting better, so if [evidence is] not intercepted in transit, we don’t get it,” he explained.

Even so, Papargiris pointed out, while encryption tools like BitLocker led to the same thought process, the forensic community ultimately overcame the issues with better technology and live acquisition.

John Carney, chief technology officer at Carney Forensics, agreed that specialization appears to be a trend. However, he also pointed out an apparent trend towards the integration of computer and mobile forensics.

That fit with an observation from audience member (and 2012 panelist) Shafik Punja, a Calgary, Alberta, Canada police officer, who pointed out that mobile forensics’ foundation remains in the bits and bytes and binary data derived from computer forensics, making the original discipline an important “fallback” to dealing with mobile devices.

Apps are another rich source of data that may require specialist skills, such as Python programming. Learn more in Mr. Carney’s presentation on the subject:

A need for analytics beyond data

The days are going away where all an examiner had to do was dump the phone and give a report. That’s because at one time, asking for everything on phone was doable; today, storage is moving into terabyte territory, not just because of what phones can store but also because of how much removable media like microSD cards can hold.

Because digital forensics’ ultimate goal is to put the suspect behind the keyboard, mobile forensics needs to be about not only how to extract the data, but also perform analytics and explain the data. In cases where investigators don’t know what to look for, analytics can help them determine keywords and other basic information to drive a case forward.

One type of casework where this is most critical: gang suppression. “There’s a distinct difference from the way things used to be on the gang scene compared to where they are now,” said Morrissey. Thirty years ago, gangs were large, paramilitary organizations with distinct hierarchies.

This made it easy to pinpoint and disrupt their leadership. Now, however, small hybrid gangs have created an “asymmetric” threat. Their communication activity is more limited, and they lack a consistent leader. Moreover, members may switch alliances as often as it suits them.

Morrissey observed that this activity echoes what has been happening in overseas battle theaters for about the past 10 years. “In the 2000s in Iraq and Afghanistan, we hit everyone’s houses, dumped their phones, and mapped out their networks. But it killed communication events because we took their phones.”

To avoid a similar problem here, first responders, who come in contact with phones on a daily basis, need to get device data into the law enforcement information cycle faster so that it becomes actionable. How do teams like Sgt. Morrissey’s combat gang threats like these? Take a look at his presentation:

Training, certification and ensuring data accuracy

Joe Church, founder and owner of Digital Shield Inc., raised the related issues of casework and court. When your forensic tool pulls SMS, location information or any other data, do you look at where in the file system the tool is extracting from to verify the data is true and accurate? How do you validate (for example) the 99 SMS messages the tool tells you are there?

Audience members responded that you can look on the device, or else refer to call detail records that can corroborate dates and times. You can also verify with other tools to show due diligence in ensuring that your original tool was correct.

Church pointed out, though, that this process is very time consuming. Cases pile up at the same time that supervisors demand results “today,” which forensic examiners must balance against the eventuality of having to face a defense attorney and expert witness who have had time to mount reasonable doubt as to whether you could have missed information.

Why is this important? “Experts” have gone on the record to testify that they were never properly trained, or else admitting to it on listservs and forums. An untrained, uncertified forensic examiner presents another way for the defense to attack; certification provides a baseline for the court, showing that the expert had to pass a test at one point that says s/he knows how to utilize the tool.

Mahalik raised the point that even if you are certified, you still have to know how tool currently works in its latest version; a UFED certification from 3y ago is outdated. Carney added that if you own 5 tools, you must be able to stay up to date on them all (another argument for mobile forensics as subspecialty).

But the basics are important, too. Some investigators continue to believe that they only need training to learn how to push a button, a matter of policy compliance rather than developing skills. Morrissey noted that even chain of custody can be breached when officers take pictures of evidence with their own phones, forget to isolate a device from its network, or pile evidence devices on an examiner’s desk.

Mr. Church presented at MFW in greater detail about mobile forensic validation. Learn more:

What trends have you spotted in over the past 6 months, and where do you see the industry headed? Leave a comment!

Cellebrite at SANSFIRE in Washington, DC

Earlier this week at the Washington Hilton in the US capital, we joined the SANSFIRE conference for a Lunch & Learn and Tuesday’s exhibit. Our visitors, most of whom were very familiar with UFED tools, asked many questions about deleted data, encryption, and other advanced topics during both opportunities.

On Monday, our Lunch & Learn covered our Smartphone Drill-Down: OS Extraction, Decoding & Analysis. Forensic engineering product manager Ronen Engler took his audience through locked devices, encrypted and deleted content, databases, and applications as just some of the complications investigators may encounter when examining a smartphone.

Participants asked a lot of questions during the hour, mainly regarding deleted data. What can be recovered? In what cases is deleted really deleted (including when a phone has been wiped)? What about encrypted data and deleted encrypted data?

Ronen has contributed answers and more about these issues in two recent articles: “6 Persistent Challenges with Smartphone Forensics” from DFI News, and “Smartphone Overload” from Law Enforcement Technology (note: this article starts on page 44 of LET’s digital edition).

We’ll be rejoining SANS at the SANS DFIR Summit in Austin, Texas in just a few weeks. There, we’ll be offering a second Lunch & Learn about our new UFED Link Analysis software and how it can help narrow and focus investigations. We hope we’ll see you in Austin!

Cellebrite is at the SANS Mobile Device Security Summit this week!

Mobile Device Security Summit 2013  Anaheim  CAIn Anaheim (California) this week at the Disneyland Resort, IT and security architects, auditors, security analysts, inspectors general and other information security professionals are converging on the SANS Mobile Device Security Summit to discuss the policies, architectures and security controls that are becoming necessary to secure bring your own device (BYOD) environments.

Along with the case studies and other topics being presented, Cellebrite is presenting a Lunch & Learn. Director of Forensic Sales Sonny Farinas and Technical & Sales Engineer Lee Papathanasiou will speak about smartphone forensics including:

  • Cellebrite’s current extraction support & the unique R&D challenges faced when developing physical extraction and password bypass around Android, iOS, & BlackBerry platforms.
  • Overview of UFED Physical Analyzer’s decoding support including application data, location data, and malware detection

The Lunch & Learn will be held in the Magic Kingdom Ballroom 1. We are also exhibiting at the Sleeping Beauty Pavilion today and tomorrow from 9am to 5pm. If you’re in Anaheim, please stop by and say hello!

Unable to join the summit? All approved presentations will be available online following the Summit at https://files.sans.org/summits/mobile13.

Thanks for a great #CEIC 2013!

ceic2013If you joined us at CEIC in Orlando this past week, thank you for coming! If you weren’t able to make it this year, we’re sorry we missed you. Guidance Software put on another excellent event with a variety of interesting sessions, a packed exhibition hall, and multiple networking opportunities.

Our booth was rarely empty even during sessions, and participants showed a lot of interest in what we had to offer, especially our recently released UFED Link Analysis software. We also demonstrated a proof-of-concept ingestion of our extraction reports into EnCase for parsing alongside computer and other digital data.

Our next event is Mobile Forensics World in Myrtle Beach, SC from June 2-5 — just a little over a week from now! We hope we’ll see you there.