Join Us!

Cellebrite PA suppo...
 
Notifications
Clear all

Cellebrite PA supports Remote Desktop Access  

Page 1 / 3
  RSS
ErminM
(@erminm)
New Member

As long as one pays additional $500USD per year for the "advanced functionality".

The support will suggest to use "alternative ways to remote connect" to go around the additional cost but I will not modify environment for one program with arbitrary restrictions.

Which gets me to the question…

We have Axiom and Touch 2 with PA currently.

If we do not renew Cellebrite this time around, what is the best mobile forensic package to compliment Axiom?
We do not need to break into the phones and it is all recent Android and iOS devices.

Frankly, I find the $500USD for RDP insulting and I would rather support vendor that is not going to prevent me working from home and respects my time and the demands that my workflow presents.

Thanks for any suggestions!

Ermin

Quote
Posted : 26/11/2019 7:30 pm
AmNe5iA
(@amne5ia)
Active Member

How do you use Touch 2 via RDP from home anyway? How do you plug the phones and USBs in? Some extractions require you swap back and forth using different cables. You drive to work plug the phone in, return home, start extraction. Cellebrite tells you to swap the cable (or press buttons on the device or even just instruct the device to trust the computer its connected to) so you then drive back to work. etc etc

ReplyQuote
Posted : 26/11/2019 10:17 pm
ErminM
(@erminm)
New Member

This is about the use of UFED Physical Analyzer, the Cellebrite software that is being used to process and analyze the data after the extraction.

Touch 2 I would not expect to use remotely and it certainly does not work with other remote access programs.
On a side note, iOS devices are not acquired on Touch 2 device but on PC running PA.

To clarify things. Imagine that you have one day a week when you work from home. Or deadline and you want to work in the evening or the weekend.

You connect to work and start Encase or X-ways or Axiom or Blacklight etc and your software works same as it does when you are in the office.

Now you remember that you need evidence from the mobile device and UFED PA refuses to load.
No Sir, you must go to office to get that data. Your child is sick and you have phone evidence to review, sorry can't work from home. Unless you load that evidence in AXIOM, the software that does not care that you are at home.

Or to look at it from another perspective, imagine if all other vendors asked for extra $500 to allow their software to be accessed by people working from home.

Cellebrite would advise you to install something, anything else except remote desktop and it would be fine.
They would rather let you introduce third party remote access software and face potential security issues than be like any other vendor we use.

And when they finally decide that RDP blocking is not necessary, they want extra $500 to remove the block they imposed in the first place.

I find that as injury after the insult and I think I will give my money elsewhere this time around.
I just need to know where as I have been Cellebrite customer for a long time.

Cheers!

Ermin

ReplyQuote
Posted : 27/11/2019 7:22 pm
AmNe5iA
(@amne5ia)
Active Member

Yeah, that does sound like BS but I'd be tempted to just install another remote desktop tool rather than pay Cellebrite. It does increase your attack surface slightly but you can reduce that a little by disabling RDP. You won't be using RDP afterwards anyway…

ReplyQuote
Posted : 28/11/2019 9:38 am
XRY_Mike
(@xry_mike)
Junior Member

If you have decided to seek a suitable alternative - I would propose XRY & XAMN from MSAB.

(Bias alert - I work for MSAB)

I can assure you that you would have no problem using RDP to access the extractions in XAMN remotely from home if you need to. We can set you up with a 30 day trial for free, so you can establish that for yourself if you want to test it out.

We play nicely with other tools like Axiom and there are plenty of interoperability export formats. We can also ingest your existing UFDR file formats into XAMN for analysis if you prefer.

Mike

ReplyQuote
Posted : 28/11/2019 10:25 am
jaclaz
(@jaclaz)
Community Legend

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Of course no hacker is ever going to try and connect to it (very little fish in the very large swarm/shoal theory) until he/she does.

jaclaz

ReplyQuote
Posted : 28/11/2019 11:37 am
polar
(@polar)
Junior Member

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Hear hear.

ReplyQuote
Posted : 28/11/2019 12:45 pm
ErminM
(@erminm)
New Member

You might indeed be too old if you think that only way for someone to work remotely is to open RDP to internet on each computer that needs connecting to.

Nowdays there are things like VPN, MFA authentication, IP filtering, firewalls etc etc.

If world worked the they way you think it does nobody would ever work from home no matter what they do.

So no, it is not a RDP connection open to the internet waiting for anyone to connect but thanks for your concern.

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Of course no hacker is ever going to try and connect to it (very little fish in the very large swarm/shoal theory) until he/she does.

jaclaz

ReplyQuote
Posted : 28/11/2019 4:10 pm
ErminM
(@erminm)
New Member

It is total BS.

We have RDP domain wide available through firewalls and VPNs and MFA and IP filtering etc.
It is well protected from outside and working for everything and anything else.

We would have to change our whole security posture to go around their restrictions.
And I was inconvenienced by it for a long time but when they decided it was OK after all and want 10% more money for what is not even a feature I really feel annoyed and I think I am done with them.

Yeah, that does sound like BS but I'd be tempted to just install another remote desktop tool rather than pay Cellebrite. It does increase your attack surface slightly but you can reduce that a little by disabling RDP. You won't be using RDP afterwards anyway…

ReplyQuote
Posted : 28/11/2019 4:17 pm
ErminM
(@erminm)
New Member

Thanks Mike!

I will reach out for test once I have some time to do it properly.

Ermin

If you have decided to seek a suitable alternative - I would propose XRY & XAMN from MSAB.

(Bias alert - I work for MSAB)

I can assure you that you would have no problem using RDP to access the extractions in XAMN remotely from home if you need to. We can set you up with a 30 day trial for free, so you can establish that for yourself if you want to test it out.

We play nicely with other tools like Axiom and there are plenty of interoperability export formats. We can also ingest your existing UFDR file formats into XAMN for analysis if you prefer.

Mike

ReplyQuote
Posted : 28/11/2019 4:19 pm
ErminM
(@erminm)
New Member

That is exactly what Cellebrite support is suggesting that I do.

Instead of RDP that is protected by 4 layers of security in our implementation they are suggesting Team Viewer or similar that exposes you to anyone with internet connection.

So hear hear that…

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Hear hear.

ReplyQuote
Posted : 28/11/2019 4:27 pm
sovietpecker
(@sovietpecker)
Junior Member

Hello Ermin,

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

Now to your point. If Cellebrite are planning to charge you 500USD extra it might be because they would need to work on a solution tailored just for you. Additionally, you don't even know if any other vendor would be able to supply an application that would suit your needs. I am also confused by why 500USD seems so much to you, especially if it is a one-off purchase. Present the idea to your management and have a discussion with them why you really need this remote access feature

ReplyQuote
Posted : 28/11/2019 5:20 pm
Rich2005
(@rich2005)
Active Member

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

It would make my life a lot easier to work from home….but sadly in reality there's probably no such thing as an unhackable system…..rathers ones that just haven't been hacked yet (or known to have been hacked yet).

Whilst the better the protection/detection systems in place, the more unlikely it would be, but would you be able to take the stand and say there's NO chance anyone could have got in and accessed/modified data? Or could you say for certain that no data has escaped outwards without your knowledge (undetected malware in operation perhaps)? I think the answer is no.

Another related aspect would be the unwitting loading of data (perhaps if the network is connected to the internet and content being viewed/parsed tries to retrieve it).

Being connected to a network (especially if it has access to the internet) presents a raft of potential issues/uncertainties.

ReplyQuote
Posted : 28/11/2019 5:45 pm
ErminM
(@erminm)
New Member

Thanks for your comments!

-I understand the remote concerns and that is part of the issue because clients are being lead to less secure options.

-It is certainly ideal not to be connected to anything but we have deadlines to keep and take great care of security. I would like to be completely offline but we accomplish much much more this way. Whatever the answer here, it is not up to Cellebrite to enforce nor they are trying to.

-Cellebrite is not tailoring anything for me. This is available for anyone and it was available when I asked about it. the additional work they did was to implement this block in the first place. They are not adding features but removing arbitrary restrictions that no other software I use has.

-I am asking for feedback, there are many alternatives and I use one already. I just did not use all of them. I already have offer to demo one of the alternatives so that is great. I do know that alternatives do not care if we use RDP or not.

-500$ is per year. I find it is unacceptable because it is not a feature. Even if it was feature I believe it should be included in $5,012.20 USD that we paid for the year of updates for that licence.
We paid $3400 USD in 2018, $5,012.20 USD in 2019 (Tax included) so the next Quote will be $5500 at minimum (with RDP) if they do not raise prices again. I think it is bit rich to ask $500 for something that everyone else did not bother to block.

I am management and I decide were we spend money. It is just getting very hard to keep sending it to Cellebrite.

Cheers!

Ermin

Hello Ermin,

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

Now to your point. If Cellebrite are planning to charge you 500USD extra it might be because they would need to work on a solution tailored just for you. Additionally, you don't even know if any other vendor would be able to supply an application that would suit your needs. I am also confused by why 500USD seems so much to you, especially if it is a one-off purchase. Present the idea to your management and have a discussion with them why you really need this remote access feature

ReplyQuote
Posted : 28/11/2019 5:58 pm
ErminM
(@erminm)
New Member

With all due respect, this is not about remote access security and Cellebrite is not a champion of promoting the security.

We have our workflow and you have yours, I am happy that you can do it whatever way you do but that is not relevant here.

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

It would make my life a lot easier to work from home….but sadly in reality there's probably no such thing as an unhackable system…..rathers ones that just haven't been hacked yet (or known to have been hacked yet).

Whilst the better the protection/detection systems in place, the more unlikely it would be, but would you be able to take the stand and say there's NO chance anyone could have got in and accessed/modified data? Or could you say for certain that no data has escaped outwards without your knowledge (undetected malware in operation perhaps)? I think the answer is no.

Another related aspect would be the unwitting loading of data (perhaps if the network is connected to the internet and content being viewed/parsed tries to retrieve it).

Being connected to a network (especially if it has access to the internet) presents a raft of potential issues/uncertainties.

ReplyQuote
Posted : 28/11/2019 6:03 pm
Page 1 / 3
Share: