Cellebrite vs. all ...
 
Notifications
Clear all

Cellebrite vs. all others in mobile phone collection tools

13 Posts
11 Users
0 Likes
3,745 Views
(@coloradoforensics)
Posts: 15
Active Member
Topic starter
 

We are currently using Paraben Device Seizure, Oxygen Forensic Suite and AccessData MPE in our lab. When one doesn't work we generally find the other will get the job done.

We are considering getting Cellebrite and wanted opinions on the product and if it is worth the extra money given what we already use here in the lab. Is it really that good at mobile phone collections?? I have heard mixed reviews and want to get some solid answers from my forensic community.

 
Posted : 17/07/2014 12:07 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

I recommend considering Katana Forensics' Lantern software for iPhone and Android phones.

I am a Lantern Certified Examiner and use Lantern as my main collection tool.

It is economically priced and works very well.

 
Posted : 17/07/2014 2:44 am
(@amicus)
Posts: 31
Eminent Member
 

I have been using the CelleBrite UFED Ultimate Touch for several years now and cannot speak highly enough about it. I also have licensed copies of the other three you mentioned and overall, none of the others come near the UFED Touch.

I will normally do a comparison examination using one of the others and 9 times out of 10 the UFED come up trumps. There has been the odd occasion when it has not found something but most of the time it has.

I have also been testing IEF from Magnet Forensics. It to is very good, but not as good as the UFED Touch.

CelleBrite are always on top of the new drivers for the phones and are always updating the firmware. hardware or both. I have on a number of occasions been confronted with a phone that is/was not supported and they bend over backwards to help.

On one recent occasion, they even sent me the latest software version (they were still testing it) just so that I could examine the phone, but only on the basis that it was still being tested. Maybe that is why the win so many awards.

I am not saying that it is perfect and it does have some problems, but I have found it the best when compared with the others out there. (Just my opinion, for what its worth)

 
Posted : 17/07/2014 9:32 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

I'll second Amicus, been using Cellebrite for about 8 years, hands down winner for me.

 
Posted : 17/07/2014 11:44 am
(@wsimandl)
Posts: 10
Active Member
 

Cellebrite for me too, I do have MPE+ but I get so frustrated with driver issues, with Cellebrite it just works!

 
Posted : 17/07/2014 5:49 pm
(@coloradoforensics)
Posts: 15
Active Member
Topic starter
 

Thank you to all that replied, it is very helpful!

 
Posted : 18/07/2014 3:39 am
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

This is truly a case of getting what you pay for. I have other tools, but Cellebrite is always the first to be employed and usually retrieves more good information than all the other tools I have. If I only get one shot at a phone, I'll use Cellebrite.

 
Posted : 18/07/2014 6:28 pm
(@bravo1800)
Posts: 11
Active Member
 

Cellebrite is a very good product but most examiners should use dual tool verification so Microsystemation XRY is also a product worth considering.

 
Posted : 21/07/2014 12:34 pm
(@zergling)
Posts: 38
Eminent Member
 

Just another call on cellebrite (physical).
At least in comparison with xry and oxygen there is no real competition.

First there is the amount of devices that can be physically dumped (Even some DIY GPS tracker boards - with ChineX Adapter)

The second great advantage is the software that comes with it itself.
Its like a mixture between a File Browser and a HexViewer with additional Toolset.(e.g. grep search, 7bit search, manually running decoder plugins)

Where other software just presents you "what we did so far" Cellebrite not only allows you to further process the data but also to see where it is taken from (e.g. jump to hex-offset from a decoded sms message)

But…..as said before - Cellebrite, of course, does produce errors, false(minor) or missing data (even if the data is on the device) like all the other software we tested so far - No matter which youre using.

Hope that helps

 
Posted : 24/07/2014 9:03 pm
(@dd1234)
Posts: 6
Active Member
 

Just another call on cellebrite (physical).
At least in comparison with xry and oxygen there is no real competition.

Hope that helps

Horse for courses surely?

I recently did a comparison of UFED with XRY purely as imaging tools (not carving, interpretation, reporting etc). It was only on one iPad2 with IOS 7 captured from the wild (so only another 12K devices, God knows how many variants of o/s times the unique history of each device remaining to test), D

I popped the results of that imaging into Encase, ran hopefully appropriate searches & XRY won hands=down on that one - UFED missed some really important stuff including plists & SQLite databases.

This is unfair because I think UFED improved IOS7 support shortly thereafter. Haven't got the time/energy/patience to re-run the test & anyway I'm on leave at the moment.

Finally, totally agree that dual-tooling is a must if a case really matters.

 
Posted : 27/07/2014 3:20 am
Page 1 / 2
Share: