Cellebrite will be exhibiting all over the map this October

October is gearing up to be a super busy month for Cellebrite! A wide variety of events are scheduled for Cellebrite all across the globe. Meet us in Prague, Moscow, Miami, Orlando, London, Beijing and Bogota, where we will be presenting the UFED product line, provide live demo’s, and deliver presentations on hot industry topics for e-Discovery, security and law enforcement markets.


 Mobile users leave behind digital traces on their devices, which can come a long way in any legal proceedings involving criminal or civil matters. Electronically stored information on mobile devices (or mobile ESI) represents an important category of relevant information and is quickly becoming critical for wide variety of investigations and litigations including employment, fraud, intellectual property, securities, and others.

October 19-21: LawTech Europe, Prague, Czech Republic

Cellebirite will kick things off at the Clarion Congress Hotel in Prague for the LawTech (LTECH) Europe Congress. LTech brings together professionals in law, technology, governance, and compliance to address four core areas in digital forensics: Digital evidence, forensic investigations, cyber security and legal technology.  Yuval Ben-Moshe, Cellebrite’s Senior Director, Forensic Technologies, will deliver two presentations during the show:

  • Mobile Devices and Mobile ESI – Facts and Myths, together with Daniel Bican from Ernst & Young
  • Mobile Devices and Mobile ESI – Proactivity Goes a Long Way

(For further details on Cellebrite’s presentations, please see the show’s agenda: http://www.lawtecheuropecongress.com/)

Stop by booth #601 to learn about live demo sessions, where we will that cover current techniques and tools for data search and data collection from mobile devices.

October 23: e-Discovery & e-Investigations Forum, London, United Kingdom

Join us at the Park Plaza Victoria Hotel in London for a one-day e-Discovery and e-Investigations Forum to learn how Cellebrite addresses the challenges that are surfacing the e-Discovery domain for mobile data collection. Yuval Ben-Moshe, Senior Director, Forensic Technologies, will be presenting on ‘Mobile Devices and Mobile ESI – Facts and Myths,’ and enlightening the crowd on the need to retrieve mobile data in cases of litigation, regulation or investigation, and discuss the processes required to obtain information from mobile devices within a litigation process.

Attendees from legal, compliance, finance, HR, investigations and more, are welcome to our booth to learn about our expertise in mobile data retrieval and analysis.


October 21-24: Intepolitex, Moscow, Russia

As LawTech ends, another exciting show begins for Cellebrite in Moscow. The Interpolitex is the largest homeland security exhibition in Russia, taking place, organized by the Ministry of Interior of the Russian Federation, Russian Federal Security Service, and Russian Federal Service for Military-Technical Cooperation.  Drop by booth #1C3-1 to learn about the UFED’s recent developments, and how Cellebrite’s mobile forensics solutions can help solve cybercrime.

October 23-24: Latin America and Caribbean Summit 2014, Miami, Florida

Join our LATAM Forensics Sales Director, Frederico Bonincontro, for a two-day summit in Miami. LATAM & Caribbean event is focused on assessing the current digital security landscape and threats in the Caribbean, Central and South America region. Stop by booth #20 to learn about Cellebrite’s latest product developments and how our solutions can help you tackle your mobile forensic challenges.

October 28-31: 2014 Security China

Cellebrite’s APAC team will head to Beijing to showcase the UFED Series at the China International Exhibition on Public Safety and Security. Cellebrite, a thought leader in mobile forensics, will be presenting the UFED line of products for the security industry in booth # E1F01.

Stop by our booth to meet the Cellebrite team!

October 29-31: Expodefensa, Bogota, Colombia

Cellebrite will end its October events at another prestigious government-level security show, Expodefensa, organized by the Ministry of National Defense of Colombia, and the High-Tech Corporation and the International Business and Exhibition of Bogota. Our LATAM team will head to Bogota, Columbia to showcase the innovative UFED Series.

Drop by booth #439, pavilion 6 to learn about UFED’s accomplishments in security and defense!

Law Enforcement

October 25-28: International Association of Chiefs of Police (IACP), Orlando, Florida

Later in the week in Orlando, Florida, Cellebrite USA representatives will be on hand at the 2014 International Association of Chiefs of Police Conference to demonstrate to police leaders at all levels how they can use a mix of training, policy, and technology to implement mobile forensics strategies in a post-Riley world.

Visit us at Booth #769 to learn more about how Cellebrite’s technical and training solutions accelerate investigations by affording investigators the ability to collaborate more readily with digital forensics examiners, supervisors, and prosecuting attorneys.

Setting the stage for mobile device e-discovery

Electronically stored information on mobile devices—mobile ESI—is quickly becoming relevant, if not critical, in a wide variety of corporate investigations and litigation including employment, intellectual property and trade secrets, securities, and other areas. Even so, many organizations face a number of challenges in obtaining mobile ESI, not least of which is the blurry and sometimes shifting line between personal and corporate data.

Scott-Giordano-255x300Scott Giordano, Exterro’s Corporate Technology Counsel, applies legal, business, and technical skills to problem-solving in corporate ethics and compliance, information security, and electronic discovery. Together with Cellebrite’s forensic technical director Yuval Ben Moshe, Scott will present during Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection.

I took the opportunity to speak with Scott about the need for mobile forensics as part of a holistic e-discovery approach, how privacy laws affect mobile e-discovery globally, and the need for strong policy as a result—no matter the size of an organization.

Christa Miller: Many companies resist collecting mobile device evidence because they see it as redundant, especially when their burden of proof is only preponderance of the evidence, and they must take proportionality and cost into account. What’s the tipping point between collecting enough, and being thorough in building a case?

Scott Giordano: While there is a fair amount of redundancy between what’s already on the network and what’s on mobile devices, much of the information likely to resolve a matter can only be found on the latter—geolocation information, for example.

I can tell you that the first time I saw a Cellebrite presentation, I was made a believer.  The best way to meet the preponderance standard is to identify those few “documents” – pieces of information, really, that succinctly demonstrate to a jury a particular chain of events and merit only one conclusion.

Christa Miller: You’re a Certified Information Privacy Professional (CIPP) in both the US and Europe. How do privacy laws in each region affect mobile devices in the workplace? How do they overlap, and how are they different, especially with regard to BYOD? What might US corporations take away from European corporate compliance, particularly around concepts like “the right to be forgotten”?

Scott Giordano: Employee-owned mobile devices are rapidly being woven into the fabric of U.S. corporate operations via BYOD, but in the EU they’re still considered completely separate and off limits.

As a result, if U.S. multinationals want to use the same model, they’re going to have to take into account regulations at both the EU- and local levels, build policies that adhere to them (including the right to be forgotten to the extent it’s implemented) and deploy if allowable, which is not always a given.

Christa Miller: Some corporate counselors recommend that companies audit mobile devices upon employees’ exits and at other designated intervals. Others shy from collecting BYOD data because they don’t want to be liable for access to deeply private data such as personal health information. Can you give examples of how companies can address the need to protect their own data, vs. the need to protect employees’ privacy?

Scott Giordano: All of this has to be addressed via policy from the introduction of the mobile device into the corporate firewall, otherwise you’ll potentially face different outcomes in every jurisdiction and even then it will likely vary from case to case.  This lack of policy clarity is essentially the reason for the result in the Cotton v. Costco opinion that was handed down this year.

Christa Miller: Smaller companies, including SMBs, may perceive that corporate compliance is only for the Fortune 500. From an infosec and employee privacy standpoint, what steps can these firms take to protect themselves in the event of BYOD-related litigation?

Scott Giordano: SMBs have to take these issues seriously and, again, it goes back to developing policies and setting expectations for both the employer and employee.  Employees often fail to understand that employer data that’s on their devices is still the employer’s property and litigation over privacy and intellectual property can (and often does) get ugly.  Moreover, those devices broaden the corporate attack surface and have to be addressed from that standpoint.  Better to prevent or mitigate it in the first place.

Christa Miller: You are speaking on Exterro and Cellebrite’s upcoming webcast (May 14), Step Up Your ECA Game Plan with Mobile Device Data Collection. What do you hope viewers come away with from the presentation?

Scott Giordano: I hope that they’ll come away with the following:

  1. Mobile devices are rapidly become part of the larger e-discovery universe
  2. Early data- and early case assessment for mobile devices are crucial tasks for litigation success
  3. The time to prepare is now.

Read more about Cellebrite’s perspective in Exterro’s interview with Yuval. To learn more from Scott and Yuval about the necessary policies to defensibly collect mobile data and best practices for speeding up the mobile data collection process, register for Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection, airing on May 14.

Join us at LegalTech 2014 and learn about mobile ESI

This week we’re at the Hilton New York for LegalTech 2014, where we’ll be exhibiting UFED 4PC, UFED Touch, and UFED Link Analysis for e-discovery and litigation support practitioners.

Mobile e-discovery is still a nascent discipline, but text messages, data found in apps, and even GPS data have all proven relevant in employment, intellectual property, fraud, and other cases. At LawTech Europe Congress last October, Cellebrite forensic technical director Yuval Ben-Moshe moderated a panel of experts in discussing these issues at length.

Panelists Patrick Burke, e-discovery counsel at Reed Burke, and Damien Murphy, a barrister at Enterprise Chambers, agreed that they’d worked on several cases in which mobile evidence would have made the litigation go easier, while panelist Jo Sherman, founder and CEO of EDT, raised the point that better awareness is needed around what’s possible: a less document-oriented approach that considers how to find information in new ways, depending on the needs and circumstances of the case.

Watch the entire panel presentation in the video below. And, if you’d like to discuss further with our experts this side of the pond, visit us in New York at Booth #1503!

Takeaways from “Mobile Evidence in Modern E-Discovery”

Tuesday, SANS instructors Paul Henry and Benjamin Wright joined Cellebrite’s forensic technical director, Yuval Ben-Moshe, for our joint webinar: Mobile Evidence in Modern E-Discovery. Ben discussed the need for policy that protects both employer and employee during collections, especially in BYOD organizations. Paul talked about the technical aspects of obtaining all necessary responsive data. And Yuval went over mobile forensics requirements, as well as the potential for alternative mobile forensics roles such as audits.

Questions and answers

Participants asked Ben, Paul and Yuval a number of good questions:

Q. Have the courts upheld the right of an employee to forcibly take hold of an employee’s personal device?

A. Ben noted that most precedent around mobile devices involves laptops. While no case stands out as the definitive precedent, he said it was likely that courts have upheld the employer’s right to seize any device deemed to hold evidence important to that employer.

Paul added that according to a December ZDNet article, an employee sued and won a sizable settlement after the employer wiped their personal device.

Q. If an employer/university is monitoring their own systems, can they get in trouble for seeing and/or collecting in logs Facebook or other personal site passwords that traverse their network?

A. Ben said that in situations where monitoring is an unavoidable part of security policy, it is wise for employers to be completely transparent about what they are doing, why they are doing it, and the risks it poses to their employees.

Q. Wouldn’t it be wise to do both a logical analysis–quick and easy to find data–and then pursue the physical data with a more intrusive analysis if necessary after the logical analysis?

A. Paul agreed with this assessment, saying that as often as he can, he starts with a basic logical extraction. This helps him define search terms and other examination goals so that his physical extractions are more efficient. In addition, logical extractions can validate existing data found during physical extractions, while using a tool such as a hex editor can validate logical extractions as well.

Q. MPE+ recently added support to port collections to Summation and the like. Is that coming down the pipeline for Cellebrite? If so, what is the anticipated launch date?

A. Yuval told listeners that UFED XML reports can already be ingested in tools such as Exterro Fusion, Nuix, Palantir and others. Moving forward, we plan to increase the number of systems with which we integrate.

Q. When will Cellebrite support BlackBerry 10?

A. Although Yuval could not provide a specific date, we will support logical extractions from BlackBerry 10 in an upcoming release.

Finally, we saw one question we didn’t get a chance to respond to: “Are you saying that because a tool is available to audit mobile devices, it should be done, regardless of the cost of implementing such systems/agents to the data?

No. Not all businesses have a need to audit their employees’ mobile devices. Rather, what we were saying is that mobile forensics tools like Cellebrite UFED make it easier to perform audits when they are called for. A basic logical or even limited file system extraction can be done in minimal time, can ensure compliance with any internal policy or industry regulation, and finally, provides existing data in the event of litigation.

Webinar poll questions

We asked three questions during the webinar:

  1. Does your employer/clients have a policy governing audits and collections?
  2. How often have you encountered mobile devices in your e-discovery in the past year?
  3. How do you manage forensics and/or collections?

In response to the first question, whether employer or clients had a policy governing audits and collections, 7% of our 54 respondents said their employer or client had a policy that covered both issued and BYO devices. Eight percent said BYOD was not permitted but that policy covered issued devices. Another 8% said their employer or client had no policy at all. Meanwhile, 15% said their employer or client both issue devices and permit BYOD, but do not have a policy for BYOD collections.


In response to the second question, how often they had encountered mobile devices in e-discovery in the past year, one-quarter of the 54 respondents said they had never encountered mobile evidence. Nine percent said they had encountered them between 1 and 5 times, while just 2% said they had seen mobile devices in their e-discovery more than six times in the past year.


Finally, asked how they manage mobile forensics and/or collections, 24% said they did so in-house. Only 3% each said they outsource directly, or belonged to a firm that performed forensics and/or collections for enterprise and law firm clients. One respondent each said they outsourced to a lawyer who employs a forensic examiner, or outsourced to a lawyer who in turn outsourced to a third party.


Additional resources

The webinar archive is available now from SANS. If you previously registered, you can view it at the webinar link. If you did not previously register, login with your SANS account to view and hear the archive.

We’re also making available a white paper. “Asking and Answering the Right Questions About Mobile Forensics Methods” is for attorneys employing or outsourcing to a digital forensic examiner, or consulting forensic examiners seeking to help attorneys better understand what you do. Download it here to learn more about effectively communicating with one another via proper documentation and other channels.