Nuix and Cellebrite announce technology partnership

Nuix, a worldwide provider of information management technologies, and Cellebrite, a global provider of mobile data extraction, decoding and analysis solutions, announced they have formed a technology partnership to leverage their complementary strengths in mobile forensics, investigation and eDiscovery. The alliance will enable forensic investigators, law enforcement, military and intelligence analysts and eDiscovery practitioners to efficiently incorporate forensically sound mobile device data into investigations and legal discovery procedures.

“As mobile devices become increasingly relevant sources of evidence for law enforcement, investigations and eDiscovery, our customers will benefit from Cellebrite’s industry-leading capabilities to forensically extract data from cellphones, tablets, GPS and other portable devices,” said Dr. James Kent, Nuix’s Head of Investigations and CEO, EMEA.The two companies are working on deeper and more seamless integration between their products. Nuix Investigator and eDiscovery software can already acquire and analyze data from Cellebrite forensic images, while future releases will include the ability to extract and map geographical data from mobile device logs. “Ingesting multiple Cellebrite images into Nuix enables investigators to conduct complex analytics and cross-reference data from many devices through a single interface,” said Jeff Hayes, VP Business Development at Cellebrite. “Mobile devices are becoming discoverable in a growing number of legal contexts, so partnering with Nuix gives our customers access to best-in-class early case assessment and eDiscovery data processing capabilities.”

Experienced users of both technologies are excited about the potential for deeper integration between the two companies’ products.

“Mobile device data is becoming a standard part of any investigation or eDiscovery workflow and this partnership integrates two best-of-breed investigative tools,” said John Carney, Chief Technology Officer of Carney Forensics. “Combining the capabilities of these tools will broaden the range, scope and efficiency of investigations we can undertake.”

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

About Cellebrite

Founded in 1999 by a team of highly experienced telecom and mobile telephony professionals, Cellebrite (www.cellebrite.com) is a global company known for its technological breakthroughs in the cellular industry. In the forensics division, Cellebrite’s Universal Forensic Extraction Device (UFED) extracts, decodes and analyses actionable data from legacy and smartphones, tablets and portable GPS devices for use in law enforcement. There are more than 20,000 UFED units deployed to law enforcement, police and security agencies in 60 countries.

About Nuix

Nuix (www.nuix.com) is a worldwide provider of information management technologies, including eDiscovery, electronic investigation and information governance software. Nuix customers include the world’s leading advisory firms, litigation support providers, enterprises, government departments, law enforcement agencies, and all of the world’s major corporate regulatory bodies.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...