I decided that I would buy one software used in forensic exploration of mobile devices. I was thinking the Cellebrite UFED 4PC and Oxygen Forensics. What is your experience? Which one would you recommend? Maybe some other?
Thanks
I use Cellebrite UFED 4PC and Oxygen Forensics.
My collegues use Cellebrite UFED 4PC, Oxygen Forensics, .XRY.
Agent47, you can reuqest a fully-featured demo license of Oxygen Forensic Detective for 1 month to try. You just need to send your job description and email to Oxygen helpdesk team.
Thank you for your answers. I will try trial version. Otherwise these tools is very expensive. Is there an open source alternative?
Mobile Device Forensics A Review to reveal the truth from the bytes
Almost every research concludes or implies that a forensic investigation is complete when every possible acquisition method is applied. Even though at least three different physical acquisition methods have been spotted, the most widespread is the use of (adapted) bootloaders, no matter the OS of the target device. This happens not only because it is considerably the safest method out of the others but because it is simultaneously cost effective and providing satisfying results. Although researchers found a less painful way of completing physical acquisition procedures, di use of data and documentation is still poor concerning the other kinds. When a real-time incident takes place, forensic analysts will be unable to have the amount of information needed in order to perform the other tasks of physical acquisition. Even if experiments in a big scale concerning JTAG and chip-off techniques may be less affordable, they still have to be conducted. The great majority of experiments is conducted on specific brands of mobile devices. Nokia (Symbian), HTC (Android) and Samsung (Android) were the devices that appeared the most frequently in case studies. It is generally accepted though, that even devices that run the same OS present different behaviour. As a result, brand diversity is another factor that needs to be taken into consideration. Many researches rely solely on commercial forensic tools, taking advantage of their ease-of-used compared to raw acquisition techniques. Even though this approach can be less time-consuming, results may present a significant loss of evidence.
http//
How good are these commercial products currently at conducting physical acquisitions of up-to-date IOS devices? Interested to hear from UFED physical or XRY owners as to the practical limitations of these tools in using the physical acquisition capabilities.
How good are these commercial products currently at conducting physical acquisitions of up-to-date IOS devices? Interested to hear from UFED physical or XRY owners as to the practical limitations of these tools in using the physical acquisition capabilities.
No tool/examiner is getting physical acquisitions of iPhone 4s or newer. It's encrypted and as far as I've seen, nobody has been able to get a full physical dump of the unencrypted data.
Jamie