Oxygen Forensics , XRY or Cellebrite - Which one is better?
Looking for mobile forensic hardware/software which has the capability to break passcode locked android devices running on Android 7.0 and perform physical acquisition.
Please suggest which of them will be worth purchasing .
Cellebrite - top of class
I agree. Cellebrite is at the moment the undisputed champion at our office.
Android 7.0 and perform physical acquisition.
Usually, Devices with android 7.0 are encrypted. So it is impossible analyze physical dumps of the devices.
Most of unlocked devices with Android 7x (with latest security patches) and 8x would have to be rooted to perform physical acquisition, regardless which software you are using.
Before purchasing you should think what are you getting for the price. Compare their capabilities, request a trial version.
If you have the budget, buy all three, and Mobiledit too.
If you have to choose one, Cellebrite UFED is the best for now.
+1 for this. If I had nothing else in my arsenal for phones, I would choose Cellebrite. I am fortunate to have access to nearly every other platform for comparative extractions though.
Can anyone confirm that cellibrite is able to perform logical and physical acquisitions for android 7.0 devices or higher? Also, if it can bypass passcode locks or has another methodology to acquire locked android 7.0 devices.
Resurrecting this post.
Calling out to you guys who answered that Cellebrite is better than the other solutions. What makes it better than the other solutions?
I'm a big fan of Cellebrite products. However, my judgement may be biased as UFED is the only solution I have access to in my current job's lab . I haven't played around with XRY in like 4 years and briefly used Oxygen only during SANS training.
Any insights from people who used multiple solutions would be appreciated.
Cellebrite is easier to work with, seems to support more devices, and has better reporting capabilities. If I had to choose a single mobile forensic tool it would always be Cellebrite. That said, the other tools often get the job done, I have just found that Cellebrite does so more reliably.
I'd also suggest getting two at least. Best to 'attack' or 'approach' a device with two or more tools to get the best result. I'd say Cellebrite is indeed the best at the moment.
It depends what is your primary task. If you need to brake a user lock or do a decrypted acquisition, use chipset factory tools, Cellebrite UFED, Oxygen Forensics, Mobiledit Forensic Express Pro, or Belkasoft Evidence Center for social media mostly.
If you need to analyze data, go with Oxygen Forensics or Mobiledit Forensic Express Pro. Both are very good grown up tools for analysis. In many cases you can extract more data with these then with any competitors.
Combining the tools / vendors would be the best option to raise the amount of data you can gather.
If you're trying to bypass passcodes on Android Cellebrite is your best bet hands down. I use XRY heavily and it does have some advantages, but if you don't have the passcode XRY won't be able to help you (for the most part…they do have some tricks).
I will say I like the use of XRY's Generic Android extraction and while the reporting could be better there is some logic in how they do it. Also, Photon is top notch to be sure! Being able to get WhatsApp as long as you can view it on the device makes a huge difference. I don't have access to Cellebrite enough to know if they offer something similar though.