Cellebrite Optimizes Forensic Triage Via Rapid and Controlled Extraction

Cellebrite introduces an enhanced version of UFED InField solution. The new platform agnostic software solution delivers simplified, secure forensics data access and control while streamlining investigative workflows as part of a multi-tier forensic architecture. An intuitive user interface and new selective extraction capabilities make accessing specific live device data quick and easy. These new capabilities accelerate investigations by allowing agencies to increase access by extending the reach of extraction capabilities to investigators, unify investigative teams by connecting lab and field personnel around the evidence collection process, and secure digital evidence that they can defend in court.“Today, mobile forensics is touching every single type of crime we investigate, from petty theft, to high-profile, complex homicide investigations,” said Sgt. Frank Pace, Phoenix Police Department Digital Forensics Investigative Unit. “As a profession, we are at a point that we need to integrate digital forensics, related training and policies into our culture and processes. Every officer, investigator and prosecutor is going to need that to be effective in their job.”

Field tested and proven, the InField solution allows officers and investigators at every level and in any location to securely access and perform forensically sound logical and physical extractions of mobile device or SIM card data by timeframe, data types or relevant persons with minimal training. Whether accessed via in-car workstations, laptops, tablets or self-service kiosks located at a station, this single-purpose, frontline solution supports the widest variety of device types with intuitive workflows that prevent errors or contamination of evidence. The InField software runs across hardware platforms, including the UFED Infield Kiosk and UFED TK. The new enhanced version now enables:

Real-time Access to Qualified Digital Evidence
Field users can select and extract only the relevant data needed based on time range or specific subject information. The Quick Copy feature encourages digital consent by allowing officers and investigators the ability to copy only specific evidence from witnesses and/or victim’s phones, leaving personal data private.

Centralized Management & Control
UFED InField simplifies the end-to-end visibility to and management of software updates, configuration modifications, user permissions and usage statistics by crime types and devices processed to ensure evidence is properly managed and protected.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Evidence Integrity
Built on the proven UFED platform, InField enables the real-time, forensically sound extraction of mobile device data and produces defensible evidence investigative stakeholders can stand behind.

“Designed to work on our form factors or an agency’s existing laptops, UFED Infield delivers new and improved digital forensics workflows and the actionable intelligence necessary to quickly and effectively focus investigative efforts, reduce case backlogs and significantly shorten case cycle times,” said Ron Serber, Cellebrite Global Co-CEO

To see firsthand how InField’s new capabilities can benefit your field organization, visit us online at www.cellebrite.com/law_enforcement.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...