Unifying investigative teams from field to lab

Nearly two-thirds of respondents to Cellebrite’s 2015 mobile forensics trends survey rated “important” the ability to extend mobile evidence collection capabilities into the field. The reasons are many: the costs of overtime, outsourcing, and even human errors are mounting, while lab service delivery times diminish.

Improving investigators’ ability to make decisions about their cases, including whether they need to escalate mobile evidence to a forensic lab at all, is the focus for many organizations in both law enforcement and the private sector. This focus reflects a need for in-field mobile device forensic solutions that span field locations: both stationary kiosks at satellite offices or stations, and mobile data extraction devices.To this end, they seek solutions that provide basic data analytical capabilities: the ability to identify the who, what, where, and when of any given incident using mobile device data in conjunction with field interviews, witness statements, and other investigative activities undertaken in the first hours or days following an incident.

When evidence escalation is required, the solution must be able to route data immediately over a private network to a digital forensics lab at a headquarters, in another jurisdiction, or even in a different country. In other words, the solution must ensure that investigative teams have the technological ability to transfer data back and forth across a truly unified, secure system that promotes full accountability for their actions.

Without these abilities, the workflow falls apart under two circumstances:

1. When data recipients have to translate the data into a different format so that it will work with a different system, or when senders have to take extra steps—such as transporting data storage media to the recipients—that adds, rather than saves, time.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

2. When it is difficult for managers to track statistics and integrate reports that give them visibility into how their personnel are using the tool, and therefore, make it more efficient for them to help personnel manage caseloads or adjust expectations.

Cellebrite’s UFED Field Series aims to reduce these problems by using an agency’s encrypted network to enable personnel to share extraction statistics, reports and raw data with other personnel or send to a predefined location.

The right infrastructure: local area network (LAN) and/or virtual private network (VPN)

Whether users are in substations, using UFED Field Series solutions installed on the UFED Kiosk, or are mobile, using UFED IX or ILX on laptops or tablets, the ability to send extraction data to a central location for storage or analysis with a single click is an important distinction.

At a minimum, kiosks in substations or satellite offices can be connected to a LAN using a standard RJ-45 cable and their own IP address. With a VPN, a similar capability can be extended to UFED Field IX deployments in vehicles. That way, a laptop or tablet connected to wifi, or to the cellular network via air card, behaves like other endpoint networked devices with its own IP address.

Organizations that do not have reliable infrastructure, such as those in rural locations without 4G or LTE wireless service, may experience bandwidth challenges because even logical extractions, on many smartphones, could be a couple of gigabytes.

In these cases, workarounds such as storing extractions and performing a daily scheduled batch file upload at end of shift may help. Users could also opt to store extraction data on encrypted portable devices such as USB or hard disk media, although this can add time to the overall process.

Streamlining communication via analytics

It is one thing to extract data to provide to other team members, but another to offer them visual analytics that can help them support particularly time-sensitive scenarios. Two scenarios enable this capability.

Deployed in the field on mobile units, UFED Link Analysis allows investigators to create a project merging data from multiple devices, and then to share that project over the network with other investigators at a central or another mobile location.

Deployed at a satellite location such as a police substation on the UFED Kiosk, UFED Link Analysis appears as a “shell” viewer. This data can be stored on a network drive, DVD, or USB for later transfer to other investigators.

While UFED InField is designed to help first responders improve their investigative efficiency by putting mobile evidence collection solidly in their hands, its optimization for a network-enabled environment allows for a seamless transfer of data to lab practitioners when required.

To learn more, download our solution brief: http://go.cellebrite.com/ufed_umb_2015_inbound

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles