Cellebrite PA suppo...
 
Notifications
Clear all

Cellebrite PA supports Remote Desktop Access

33 Posts
14 Users
0 Likes
6,922 Views
(@erminm)
Posts: 13
Active Member
Topic starter
 

As long as one pays additional $500USD per year for the "advanced functionality".

The support will suggest to use "alternative ways to remote connect" to go around the additional cost but I will not modify environment for one program with arbitrary restrictions.

Which gets me to the question…

We have Axiom and Touch 2 with PA currently.

If we do not renew Cellebrite this time around, what is the best mobile forensic package to compliment Axiom?
We do not need to break into the phones and it is all recent Android and iOS devices.

Frankly, I find the $500USD for RDP insulting and I would rather support vendor that is not going to prevent me working from home and respects my time and the demands that my workflow presents.

Thanks for any suggestions!

Ermin

 
Posted : 26/11/2019 7:30 pm
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

How do you use Touch 2 via RDP from home anyway? How do you plug the phones and USBs in? Some extractions require you swap back and forth using different cables. You drive to work plug the phone in, return home, start extraction. Cellebrite tells you to swap the cable (or press buttons on the device or even just instruct the device to trust the computer its connected to) so you then drive back to work. etc etc

 
Posted : 26/11/2019 10:17 pm
(@erminm)
Posts: 13
Active Member
Topic starter
 

This is about the use of UFED Physical Analyzer, the Cellebrite software that is being used to process and analyze the data after the extraction.

Touch 2 I would not expect to use remotely and it certainly does not work with other remote access programs.
On a side note, iOS devices are not acquired on Touch 2 device but on PC running PA.

To clarify things. Imagine that you have one day a week when you work from home. Or deadline and you want to work in the evening or the weekend.

You connect to work and start Encase or X-ways or Axiom or Blacklight etc and your software works same as it does when you are in the office.

Now you remember that you need evidence from the mobile device and UFED PA refuses to load.
No Sir, you must go to office to get that data. Your child is sick and you have phone evidence to review, sorry can't work from home. Unless you load that evidence in AXIOM, the software that does not care that you are at home.

Or to look at it from another perspective, imagine if all other vendors asked for extra $500 to allow their software to be accessed by people working from home.

Cellebrite would advise you to install something, anything else except remote desktop and it would be fine.
They would rather let you introduce third party remote access software and face potential security issues than be like any other vendor we use.

And when they finally decide that RDP blocking is not necessary, they want extra $500 to remove the block they imposed in the first place.

I find that as injury after the insult and I think I will give my money elsewhere this time around.
I just need to know where as I have been Cellebrite customer for a long time.

Cheers!

Ermin

 
Posted : 27/11/2019 7:22 pm
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

Yeah, that does sound like BS but I'd be tempted to just install another remote desktop tool rather than pay Cellebrite. It does increase your attack surface slightly but you can reduce that a little by disabling RDP. You won't be using RDP afterwards anyway…

 
Posted : 28/11/2019 9:38 am
XRY_Mike
(@xry_mike)
Posts: 28
Eminent Member
 

If you have decided to seek a suitable alternative - I would propose XRY & XAMN from MSAB.

(Bias alert - I work for MSAB)

I can assure you that you would have no problem using RDP to access the extractions in XAMN remotely from home if you need to. We can set you up with a 30 day trial for free, so you can establish that for yourself if you want to test it out.

We play nicely with other tools like Axiom and there are plenty of interoperability export formats. We can also ingest your existing UFDR file formats into XAMN for analysis if you prefer.

Mike

 
Posted : 28/11/2019 10:25 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Of course no hacker is ever going to try and connect to it (very little fish in the very large swarm/shoal theory) until he/she does.

jaclaz

 
Posted : 28/11/2019 11:37 am
(@polar)
Posts: 48
Eminent Member
 

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Hear hear.

 
Posted : 28/11/2019 12:45 pm
(@erminm)
Posts: 13
Active Member
Topic starter
 

You might indeed be too old if you think that only way for someone to work remotely is to open RDP to internet on each computer that needs connecting to.

Nowdays there are things like VPN, MFA authentication, IP filtering, firewalls etc etc.

If world worked the they way you think it does nobody would ever work from home no matter what they do.

So no, it is not a RDP connection open to the internet waiting for anyone to connect but thanks for your concern.

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Of course no hacker is ever going to try and connect to it (very little fish in the very large swarm/shoal theory) until he/she does.

jaclaz

 
Posted : 28/11/2019 4:10 pm
(@erminm)
Posts: 13
Active Member
Topic starter
 

It is total BS.

We have RDP domain wide available through firewalls and VPNs and MFA and IP filtering etc.
It is well protected from outside and working for everything and anything else.

We would have to change our whole security posture to go around their restrictions.
And I was inconvenienced by it for a long time but when they decided it was OK after all and want 10% more money for what is not even a feature I really feel annoyed and I think I am done with them.

Yeah, that does sound like BS but I'd be tempted to just install another remote desktop tool rather than pay Cellebrite. It does increase your attack surface slightly but you can reduce that a little by disabling RDP. You won't be using RDP afterwards anyway…

 
Posted : 28/11/2019 4:17 pm
(@erminm)
Posts: 13
Active Member
Topic starter
 

Thanks Mike!

I will reach out for test once I have some time to do it properly.

Ermin

If you have decided to seek a suitable alternative - I would propose XRY & XAMN from MSAB.

(Bias alert - I work for MSAB)

I can assure you that you would have no problem using RDP to access the extractions in XAMN remotely from home if you need to. We can set you up with a 30 day trial for free, so you can establish that for yourself if you want to test it out.

We play nicely with other tools like Axiom and there are plenty of interoperability export formats. We can also ingest your existing UFDR file formats into XAMN for analysis if you prefer.

Mike

 
Posted : 28/11/2019 4:19 pm
Page 1 / 4
Share: