Oxygen Forensics , ...
 
Notifications
Clear all

Oxygen Forensics , XRY or Cellebrite - Which one is better?

12 Posts
10 Users
0 Likes
4,527 Views
Shourjo
(@shourjo)
Posts: 14
Active Member
Topic starter
 

Looking for mobile forensic hardware/software which has the capability to break passcode locked android devices running on Android 7.0 and perform physical acquisition.

Please suggest which of them will be worth purchasing .

 
Posted : 24/10/2017 11:55 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Cellebrite - top of class

 
Posted : 24/10/2017 12:28 pm
LeGioN
(@legion)
Posts: 51
Trusted Member
 

I agree. Cellebrite is at the moment the undisputed champion at our office.

 
Posted : 24/10/2017 2:02 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Android 7.0 and perform physical acquisition.

Usually, Devices with android 7.0 are encrypted. So it is impossible analyze physical dumps of the devices.

 
Posted : 24/10/2017 2:57 pm
Mreza
(@mreza)
Posts: 84
Trusted Member
 

Most of unlocked devices with Android 7x (with latest security patches) and 8x would have to be rooted to perform physical acquisition, regardless which software you are using.

Before purchasing you should think what are you getting for the price. Compare their capabilities, request a trial version.

 
Posted : 26/10/2017 11:08 am
BraindeadVirtually
(@braindeadvirtually)
Posts: 115
Estimable Member
 

If you have the budget, buy all three, and Mobiledit too.

If you have to choose one, Cellebrite UFED is the best for now.

+1 for this. If I had nothing else in my arsenal for phones, I would choose Cellebrite. I am fortunate to have access to nearly every other platform for comparative extractions though.

 
Posted : 27/10/2017 7:49 am
Shourjo
(@shourjo)
Posts: 14
Active Member
Topic starter
 

Can anyone confirm that cellibrite is able to perform logical and physical acquisitions for android 7.0 devices or higher? Also, if it can bypass passcode locks or has another methodology to acquire locked android 7.0 devices.

 
Posted : 27/10/2017 8:04 am
ThePM
(@thepm)
Posts: 253
Reputable Member
 

Resurrecting this post.

Calling out to you guys who answered that Cellebrite is better than the other solutions. What makes it better than the other solutions?

I'm a big fan of Cellebrite products. However, my judgement may be biased as UFED is the only solution I have access to in my current job's lab . I haven't played around with XRY in like 4 years and briefly used Oxygen only during SANS training.

Any insights from people who used multiple solutions would be appreciated.

Thx

 
Posted : 27/05/2019 4:14 pm
BraindeadVirtually
(@braindeadvirtually)
Posts: 115
Estimable Member
 

Cellebrite is easier to work with, seems to support more devices, and has better reporting capabilities. If I had to choose a single mobile forensic tool it would always be Cellebrite. That said, the other tools often get the job done, I have just found that Cellebrite does so more reliably.

 
Posted : 27/05/2019 8:56 pm
fissa
(@fissa)
Posts: 27
Eminent Member
 

I'd also suggest getting two at least. Best to 'attack' or 'approach' a device with two or more tools to get the best result. I'd say Cellebrite is indeed the best at the moment.

 
Posted : 30/05/2019 11:45 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

It depends what is your primary task. If you need to brake a user lock or do a decrypted acquisition, use chipset factory tools, Cellebrite UFED, Oxygen Forensics, Mobiledit Forensic Express Pro, or Belkasoft Evidence Center for social media mostly.

If you need to analyze data, go with Oxygen Forensics or Mobiledit Forensic Express Pro. Both are very good grown up tools for analysis. In many cases you can extract more data with these then with any competitors.

Combining the tools / vendors would be the best option to raise the amount of data you can gather.

 
Posted : 30/05/2019 9:39 pm
the_Grinch
(@the_grinch)
Posts: 136
Estimable Member
 

If you're trying to bypass passcodes on Android Cellebrite is your best bet hands down. I use XRY heavily and it does have some advantages, but if you don't have the passcode XRY won't be able to help you (for the most part…they do have some tricks).

I will say I like the use of XRY's Generic Android extraction and while the reporting could be better there is some logic in how they do it. Also, Photon is top notch to be sure! Being able to get WhatsApp as long as you can view it on the device makes a huge difference. I don't have access to Cellebrite enough to know if they offer something similar though.

 
Posted : 31/05/2019 2:08 pm
Share:
Share to...