Later this year my department will receive a UFED as part of an ICAC “start up” package. I contacted a vendor and asked about the cost of adding a Physical Pro to the package and was quoted approximately $4,500. Then the yearly licensing fee for both devices was quoted at just under $3,000. (I thought Jesse James rode a horse?) wink
Can anyone tell me if that licensing fee for both systems is in the ball park and is the cost worth the benefit? How would you rate the Physical Pro’s performance in general and with respect to smart phones?
I have not crunched numbers, but I am thinking that we could purchase Secure View II, Device Seizure and possibly MobileEdit for approximately the same money and pay less in licensing fees per year?
Any input would be greatly appreciated
Hi Ed,
Happy to respond!
Yes, I suppose you could purchase those 3 devices instead of the Cellebrite, but why would you want 3 separate devices to do (not quite all of the) job(s) of 1? If device A doesn't work, you'll have to try device B and then perhaps C, increasing the time it will take to do the job right. Not to mention the inconvenience of carrying 3 devices into the field.
The cost of the Physical Pro license (which for LE is $3999, not $4500) includes unlimited updates (which come out about every month, not every 3-6 months) unlimited tech support AND warranty repair/replacement, during the license period. It also includes any new cables that comes out during the period - shipped to you free of charge.
The UFED and Physical Pro currently covers over 4200 mobile and GPS devices (largest count in the industry). Cellebrite is the ONLY company to
work directly with phone manufacturers and cellular carriers to ensure compatibility - FIRST and FAST. We are consistently leading the way
in new phone support. In addition because of this relationship, we are easier to use – there are no driver or software issues. Plus it's the only device to currently support iDen devices.
But I don't want you to take my word for it
The Cellebrite UFED has won the Forensic 4Cast award for Best Phone Forensic Hardware two years running ('09/'10)
The UFED is chosen time and time again by leading LE agencies AND the US Military
http//
http//
http//
If you have any other questions, please do not hesitate to let me know.
More and more law enforcement agencies are looking for the cheap 'quick fix' for getting cell phone data off of phones. While the Cellebrite does offer some quick information while out in the field, there are also some drawbacks to that. When a defense attorney questions the LE officer as to the location of the data they recovered from a confiscated phone, more than likely he or she cannot tell you unless they have been trained correctly. Merely stating that the equipment dumped the data really does no credit to you being an expert witness. Then there are the locked iPhones, Blackberrys and pay as you go phones. Many times the Cellebrite cannot do anything with them. Don't forget about those Virgin, Boost, iDEN, Pantech, and a slew of other phones that all you get is the phonebook. There are methods that cost much less that may give the same desired results such as doing Physical Memory dumps in Hex and then parsing the information out by hand. Sure its time consuming but when you can tell the jury that in the phone's physical memory location 61 you located evidence pertaining to said crime, the jury has no reason to doubt your testimony. Its not about equipment, we use a Cellebrite, .XRY, SecureView and Paraben here. I also use twister and flasher boxes to do physical memory dumps because there are lots of phones that just don't want to give up their data. I process iPhones on a regular basis, doing physical and logical memory dumps via Mac and Linux machines. Just recently I gained access to a swipe pattern locked Android using free software. No other equipment, not even the Cellebrite could gain complete access to the phone and even after it was unlocked, I had to manually go and get the visual voice mail off the phone.
There is also the low tech approach…. A camcorder, tripod and Windows Movie Maker. One thing I stress to any LE agency that wants to get started in cellular forensics, get training first. Learn how it works, how the data is stored, what methods can be used to get to that data, how to extract the data and how to report the data. That way when you are on the witness stand, you'll be ready to present the recovered data without any issues.
I send people to Lee Reiber of Mobile Forensics Inc. Lee also works with Access Data doing classes through them. You want an in depth course, take the 101 and 202 courses back to back. He also has a new 303 course but I have not taken it yet.
Bottom line is that is a lot of money to put out on a yearly basis. Oh yeah, in order to get your cable updates, you have to contact Cellebrite for them, they don't just send them out.
kc5mhb
Are you recommending Lee's training and Access Data product as the alternative to Cellebrite or all products and training out there?
Also do you only see the basis of expert being data recovery? Where does the line get drawn when it comes to possible "interpretation" of data?
I have no hidden agenda in asking; I am curious though about the depth and breadth of the package you have recommended.
I gained access to a swipe pattern locked Android using free software.
Any chance you would share?
Hasn't been an issue for me yet, but I know it's going to be!
I'm involved person of course, but below is my personal opinion.
Some time ago I had a chance to try UFED Physical Pro with a couple of devices (mainly - smartphones).
I read a lot of good reviews about this device and its capabilities before, so maybe I was expecting some "magic" -) But to be honest I was absolutely disappointed. I found no features that can justify UFED's price, except it's mobility. No overcoming iOS 4 passwords, no physical dumps for any smart phones except Windows Mobile.
Reading of my iPhone (logical, using backup) took 45 minutes (while OFS does this job for 15 minutes). I understand that UFED has slow processor and not-so-fast Windows CE, but is there any reason to pay extra money for extra waiting?
And the completeness of data extracted… It's awful. On OFS trainings my students should solve several case studies. And I must say that 90% of them cannot be solved if the data was extracted by UFED. There is simply insufficient information for that.
I'm sorry once again, I respect my colleagues but this is my personal opinion.
So my advise is to try all the tools that you're going to use first. Maybe free or low-cost tools do the same job even better.
WBR, Oleg Fedorov.
I'm involved person of course, but below is my personal opinion.
Some time ago I had a chance to try UFED Physical Pro with a couple of devices (mainly - smartphones).I read a lot of good reviews about this device and its capabilities before, so maybe I was expecting some "magic" -) But to be honest I was absolutely disappointed. I found no features that can justify UFED's price, except it's mobility. No overcoming iOS 4 passwords, no physical dumps for any smart phones except Windows Mobile.
Reading of my iPhone (logical, using backup) took 45 minutes (while OFS does this job for 15 minutes). I understand that UFED has slow processor and not-so-fast Windows CE, but is there any reason to pay extra money for extra waiting?And the completeness of data extracted… It's awful. On OFS trainings my students should solve several case studies. And I must say that 90% of them cannot be solved if the data was extracted by UFED. There is simply insufficient information for that.
I'm sorry once again, I respect my colleagues but this is my personal opinion.
So my advise is to try all the tools that you're going to use first. Maybe free or low-cost tools do the same job even better.
WBR, Oleg Fedorov.
It's a shame your training isn't as competitively priced as your software - £600.00 a day. 😯
Fist fighting competition is not something that I am planning to do.
If one does not see the value of physical extraction (Cellebrite UFED Physical now supports more than 1100 devices with physical extraction) and the effort and experty that is invested to get such capabilities, then it speaks for itself.
iPhone Physical support (with password bypassing and data decoding) and WP7 Physical and Android Physical and … are comming soon.
UFED Physical is by far, the most advanced and the most invested tool out there in the field of mobile forensic.
Please watch for a new release in a day and see what value you get for this product.
RonS
kc5mhb
Are you recommending Lee's training and Access Data product as the alternative to Cellebrite or all products and training out there?Also do you only see the basis of expert being data recovery? Where does the line get drawn when it comes to possible "interpretation" of data?
I have no hidden agenda in asking; I am curious though about the depth and breadth of the package you have recommended.
What I'm advocating is gathering knowledge before equipment. Anyone can plug up a piece of equipment and push a few buttons. However, if you get a GSM phone in without a SIM card, chances are slim that someone is going to know what to do with it. I've been there but it was after Lee's training and I was able to generate a SIM based on simple information I was able to get out of the phone using Hyperterminal. I would not have known that without the training. And what about the CDMA phones that have subsity code locks? BitPim works on some, cdmaWorkshop works on others and again without the training I wouldn't know where to look for the code. So before you go out and spend lots of money on devices, I suggest getting training that will help you understand how the phones work, store data, etc. Understand I'm not bashing any of the commercial tools, its just they don't always get all of the data. In my line of work, we need comprehensive and thorough results and with limited budget, you learn to take the manual approach when you have to. I do recommend Lee's course only because I've been through it. Go to the AD website and view for yourself what is offered on the 101 and 202 courses.
Expert is not only data recovery, but explaining where the data came from, how its stored, the format it is stored in, how it is converted into human readable form and being able to convey that to a jury in terms they can understand.
I gained access to a swipe pattern locked Android using free software.
Any chance you would share?
Hasn't been an issue for me yet, but I know it's going to be!
Android Forensics sent me a file to run on the locked phone. From that I was able to determine the version of firmware running. It was an HTC Hero 200 with version 2.1 phone that was not rooted but left in USB Debugging mode. Since the phone belonged to a homicide victim, getting the passcode was impossible so after searching the web quite a bit, I ran upon SuperOneClick. It was able to grant me su access to the phone where I could chmod the settings.db and export it out. Then I edited it with SQLite Database Browser, changing the values for the lock to 0. The database was pushed back to the phone and the phone rebooted. The phone, now being unlocked, was processed with the Cellebrite. My .XRY would not work, nor did Secure View, or Paraben. The Cellebrite, however did not dump the visual voicemail. I had to use Android Commander to browse and find them and then export them out manually. I also had to edit the report to reflect the date and time stamps on the voicemails. A document was generated stating files changed in the phone, process and results in order to cover the bases when used in court. I also noted that MobilEdit(I tried to use it when the phone was locked)and Cellebrite wrote files to the phone thereby altering the evidence as well. Those items were documented in the final report.