Acquisition And Extraction With Cellebrite’s New Endpoint Mobile Now And Mobile Ultra

Si: So friends and members, welcome to the Forensic Focus podcast. Today, you’ve got just me, and I am here with Monica Harris from Cellebrite, and we’re going to have a chat about all of the new products that they’ve got coming up. We had scheduled this a month ago, and for various assorted reasons, we weren’t able to get together at that point in time. So some of the products that are new aren’t as new as they were when we were going to talk about them a month ago, but we have new products that weren’t new when we were going to talk because they hadn’t come out yet. So we’re getting a lot of new stuff, which is really cool.

So first of all, you’ve been keeping well. That’s a good thing.

Monica: Oh, cool. Thank you. I’d say the same to you. Fortunately, this is not my first go round at this rodeo, so it’s great to see you again.

Si: Yes. No, it’s nice to have people come back again. It’s always nice to see familiar faces and to know that they’re still doing well and haven’t given up and quit the industry, because it’s terrible place to be. It is quite reassuring. So yeah, no, it’s good. So what’s happening in the world of Cellebrite? What’s going on?

Monica: There’s a lot of things happening in Cellebrite. It’s a good time. We have really been focusing on staying connected to our community. So for the Enterprise Solution portion of Cellebrite, Cellebrite overall is a very large company and we are split into our public sector, is where we have the long, rich history that’s going on for 24 years where we’ve made technology for law enforcement, state, local, federal, and then we have the public sector, which is Enterprise Solutions, which is where I sit. And that is taking all of that great technology that’s been harnessed over the decades and bringing it to corporations and service providers with a focus on E-discovery, those who work in civil litigation, and then also service providers who have a pure forensics focus as well, but who aren’t necessarily sitting over in the public sector.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

So for the private sector, we’ve been very engaged with talking to the community at large, trying to understand what the pain points are, and then coming back and understanding what to develop or what to engineer or what to come out with as a result of what we hear from the industry. So as a result of that, I would say it’s November. It’s almost a reminder, it’s November.

Si: Yeah. This year has flown by so fast. It’s like, is it not still February? Yeah, no, I get it.

Monica: No, it feels like in a blink of an eye around breakfast time it might’ve been February. In the past couple of months, we have come out with a series of products, which isn’t normally something that we would do at the end of the year, but I think we just had so much feedback and so much input and felt so confident about our understanding of what the needs of our audience were, it made it very seamless to introduce a few products to the industry. And so in that way, we’ve had a couple of product launches and we’re pretty excited about them.

Si: This is product launches. This isn’t like we’ve added a couple of features to something we already had. These are new products that you’ve got coming out.

Monica: They’re entirely new products. We have existing products where, of course, we’ve added features, but I think what we’re hearing from folks, it depends on what the use case is. In some cases, we need to be very specific and give you something that satisfies a need that is quite large, but in other ways we’ve had to look at things a little bit more holistically. And so in some ways, we’ve said, “Okay, we’ve got something very specific that satisfies this need. Because this need is large and it’s taking up a portion of your time, we need to make sure that we focus on that.”

And other ways, we need to introduce an entire ecosystem and then just ensure that our audience is looking at it like an ecosystem. I can’t tell you how many times I have an opportunity to talk to our customers, to talk to our prospects, and we’re talking about something they have, but I’m just talking to them about their day to day so I can understand use cases, because I’m a product manager. So at the end of the day, when you tell me what you need, I have to go pitch an entire engineering team. The engineering teams live in their bubble, so you show up and you say, “I want this.” And they go, “Well, that’s silly. Why would anybody want that?” And I have to take what you told me and tell it to this engineering team.

But oftentimes when I’m talking to folks, they’re saying, “Well, we have a need for this and we have a need for that.” And it’s like, “Well, we’ve got that. We’ve got that already.” And so it’s about then talking to folks about the ecosystem. So in some ways, we’ve added features, but we’ve really started looking at it as let’s build products that satisfy this entire use case, and in some ways let’s talk about an ecosystem because there is more than what happens at the core. There are things that happen upstream, downstream, and we’ve got something for all of that. So it just depends on what you’re saying to us. But making sure that we have something in our toolbox, a little something for everyone, for every use case, for everything that we’re hearing, that’s really our focus right now.

Si: No, that’s fantastic. And yeah, the idea that certainly large corporations obviously have a huge range of requirements, but also the backend that’s required to pull everything together so that they’ve got this holistic view of what’s going on is critically important. So of the products that you’ve got, the one I’m aware of, and you… Sorry. We do talk before we go onto these things, so I’m a little ahead of the game here. But we were aware of Endpoint Mobile Now as a new release, and then there was something else that you’ve brought out subsequent to that. But let’s talk about Endpoint Mobile Now now, and then we’ll talk about the next thing next.

Monica: Exactly. I think the operative word at Endpoint Mobile Now is now. That’s literally the operative word. I think across the product launches or even the solution launches that we’ve had, there is a recurring theme of SaaS. SaaS could seem like a trend, but for us it’s very specific. One of the things I like about mobile forensics, it could be what some people gravitate to, it could be what scare other people away, but it is the consistently changing nature of the technology. The fact that phones, mobile devices, are consistently updating. It’s the fall time, so Apple has come out with all of their latest and greatest they did about two months ago.

'One of the things I like about mobile forensics … is the consistently changing nature of the technology.' Click To Tweet

Si: Yeah, I know. I’m vaguely kicking myself for having bought a new laptop a couple of months ago and thinking if I just held on, I would have a M3 now instead of an M2. Anyway.

Monica: Yeah, exactly. Or maybe you got an iOS or maybe you got an iPhone 15, for example. Or maybe you upgrade, maybe you didn’t get the iPhone at all because maybe you got a 14 last year and you upgraded to iOS 17, which is probably 10 versions down the road two months later now. But that constantly consistent update and really just talking to our customers and understanding that it was a burden for them to really have to stay on top of all of the consistent pushes. Now it’s 16, it’s 17, it’s 17.1, it’s whatever it is, the updates, having to stay on top of that.

So our response to that was SaaS. When you connect to us through SaaS, it is always up-to-date, and so now we can get around that burden of more than likely within your company, your organization, whatever your organization may do, having the people or the time to do these updates, that’s not something we do. So if we can keep you up-to-date, then that is one less thing that you have to worry about and you can stay focused on your prime directive. So overall, the theme of SaaS, with Endpoint Mobile Now, it’s SaaS now. The idea here is we’ve heard from folks for a variety of reasons, primarily preservation of data, that you need to get to the data now. When individuals find out that their phone is about to be collected for whatever reason… But seriously, things happen to the phone. Whoops, I dropped my phone. Whoops, I forgot my phone. Something happened to the phone. So the faster you can get to that data, the better overall it is.

Then we had to understand what was happening in the day-to-day. The idea that folks are going out to the custodians, to the employees, wherever they might be located, going to get the data. Maybe they’re not going out, maybe they’re calling you, but you’re shipping data back to them. Again, what could happen in transit to all of this data? So Endpoint Mobile Now is our patent-pending technology that’s remote collection. It’s remote collection. So the idea, well, let’s just say we find out today, I’m a forensic investigator, you’re an organization, I’m hired, I got to collect your phone. You just found out right now.

So if that happens, rather than wait until after the holiday when any number of things could happen, you could have dropped that phone into the cranberry sauce that was next to the turkey. Maybe not. You’re in the UK, but let’s work with this scenario. So I can send you a request right now that will allow you to connect your phone to a computer, do a lightweight install, and send the data back to me so that by the time we were done this interview, I could have access to your data, your text message data. We are working with Advanced Logical for iOS and Logical for Android so that we can immediately get to that data, preserve it, because with mobile data, it’s collector preserve, and then we can start the investigation from there.

So hopefully, that cuts down on the travel time. Maybe the funds that would normally be used to send examiners around the globe can be used for training them, maybe can even be used to brought more on, but yet you still have that data when you need it and you can take on more cases or just do other things with the resources that you’d normally be using to try and track down the data. So with Endpoint Mobile Now, it’s about the now. Now is the most important part of that.

Si: So let me get this completely straight. You want to image my phone before I throw it into the cranberry source. You send what to me? You send a text message to that phone or you send an email to me, or how does the actual process work on this?

Monica: I send you an email. I send you an email and it says, “Hello, you’ve been selected for collection. Please do this install.” So you’ll do an install. It’s a lightweight. It’s a utility. When you do the install, there’s also a code in there, a Goid, that’s going to be in the email as well. So after you do the install, you double click on that. It’s going to open up and say, “Hi, can I have the Goid that was in that email?” You’re going to give it the Goid. The Goid has everything that I as an examiner said I wanted from your phone. I want your text messages, I want your call logs, I want your contacts. The Goid knows all of that.

So the Goid attaches itself to the utility, says, “I know what I need to do. Please plug in the phone.” You plug in the phone. If it’s an iPhone or an Android, it’s going to walk you through one to three steps. “Here’s the thing, we need you to turn off auto locking. We need you to put in your passcode,” things of that nature. You’re going to do that. And also as the examiner, before I sent you that email, I told the utility where I wanted the data to go. Maybe I wanted it sent to my Amazon S3 bucket. Maybe I wanted to send to my Azure blog, my SFTP, maybe a network location depending on whether or not we’re on VPN. So now, the utility with the information that’s applied from the Goid, it’s going to start collecting the data, the artifacts that we told it to collect, and it’s going to send it where we told it to send it. And when it’s done, that’s it. All good.

Si: Perfect. That leads in quite nicely to what my next question was going to be, which was, so the typical concern that anybody… I used to be a security architect before I started doing forensics. So my typical question would be, so where’s my data going and how are you protecting it? But what you’re saying effectively is that I will decide at the point that I send out the acquisition request where it’s going to go, and it can go into any storage of my own that I choose. So although the software as a service is with you, the storage is with me.

Monica: Exactly. So that’s the most important part. Not only can you designate where your data is going, which is going to be encrypted, of course, at trans and at rest, but we are not storing your data. At no point are we storing your data at all. We are simply the conduit. We are simply the collection mechanism or the extraction mechanism that you’re utilizing to get the data from the custodian or from the employee.

'Not only can you designate where your data is going … but we are not storing your data. At no point are we storing your data at all. We are simply the conduit.' Click To Tweet

Si: When you say encrypted at rest, is the product doing the encryption at rest or am I expected to encrypt my S3 bucket or my network share? The encryption at rest is part of the acquisition process. It encrypts the data package?

Monica: It encrypts the data package, yes.

Si: Okay.

Monica: So that’s going to happen automatically. You also have the ability, if you want to add an extra layer of security, let’s say you want a password protected or things of that nature, you can set that up at the time of extraction. So when you’re setting up the collection, you have the ability to do that as well.

Si: Okay. Cool. All right, that sounds very impressive, to be honest. How do you find the bandwidth requirements pan out? Is it quite a heavy requirement or is it… Because phones are getting larger and larger, so you’re talking about anything up to 128 gigs worth of, depending upon what they may have in their phone, if it’s an Android, it could be up to two terabyte micro SD card in there as well. So how well is it handling that? Or is it just that you have specified such a small, not a small, but a precise, let me say precise rather than small, precise subset of the possible data that it’s working out okay?

Monica: It’s usually the latter. So with Mobile Now, we usually see more targeted collection. It’s not that you want to bring back a full file system. You’re looking for very specific things. I need your text messages or whatever that might be. If you want, you could pull back the entire Advanced Logical, but normally we see more targeted collection and we allow for that through the web interface. So you have your choice if you want to bring back the entire Logical file or if you want to target specifically what comes back. Some of that work is happening locally on the machine of which we’re conducting the extraction. So the first thing we’re going to do is check. We’re going to make sure that we’ve got enough bandwidth to do that and do so in a way that’s seamless. And then from there, we’re going to do the collection. We’re going to send it back, and then we’re going to make sure we have a good slate.

Si: Now, in that ability to define my collection, am I able to say, “I want to find all the text messages between X and Y,” or is it just, “I want to find all the text messages?”

Monica: That is a great question. So particularly what we are seeing in the finance industry, for example, so in the finance industry, we’re seeing absolutely astronomical fines for, let’s say that you’re a broker for a financial institution. They’ve decided you’re all going to start talking on platform X. But I’m your customer and I haven’t talked to you in six months, so I don’t know that happened. So I text you directly and I say, “Hey, I’d like to talk.” And you say, “Oh, we can’t talk here. We need to talk over here.” But yet you and I just exchanged two messages and now that needs to be collected for compliance. What we’re hearing is that those particular individuals don’t want to give up all their text messages so that we can then take your data to a physical analyzer, narrow down to the two, and make sure that goes into the archiving system or wherever you’re storing the information that could be audited later.

One of the things, right now, to answer your question directly, we are working with all of the text messages, but we understand that there is a very specific need to target very specific data. And so that is part of what we’re doing overall. We’re continuing to have those conversations. That’s one use case, the one I gave you. And in that case, you know. Or maybe even if it was an HR investigation, maybe there’s some harassment going on, I could tell you, “It’s these three messages here. I want that.”

But that’s not always the case. That’s one use case, in which case now there’s questions. What information are you giving me to target the data? Are you giving me dates? Are you giving me participants? When it’s participants, did you say it was Monica Harris? Did you say it was (267) 258-5555? So those type of questions are coming up. We’re trying to work to understand that more. Shameless plug. If you guys have any information you’d like to share that would help us build this out, please share.

Si: Shameless plugs are totally allowed. That’s absolutely fine. At the end of the day, what we need to do is build tools that, in the industry as a whole, is we need to build tools that deliver upon what the requirements are. Otherwise, first of all, we waste a huge amount of time trying to do stuff that we don’t need to be doing. But second of all, there are certain other issues with regard to personal privacy and things like that because lots of, and I’m not saying that people should do this because, again, as a security analyst, please for god’s sakes, keep your personal and your business phone separate, but people don’t. So the idea of keeping personal messages separate from a company acquisition is a very reasonable thing to do.

So yeah, no, it’s a very important thing. And yes, if anybody wants to help out, please, Monica just gave out her phone number, so give her a ring. We may have to-

Monica: Don’t [inaudible 00:17:46] that number. I did not.

Si: We will bleep that in the edit. I will tell Zoe to bleep that in the edit.

Monica: [inaudible 00:17:54]. I’ll be like, “Why is everybody calling me with product requirements?”

Si: It makes me cry so much when I see IP addresses in films and they’re 325. And I’m like, “No, please.” But of course, you can’t give out real IP addresses. Yeah, that’s totally reasonable. There’s actually a range of numbers in the UK dedicated for film use.

Monica: And it used to be in the States that any number that ended with four or fives was, yes, a mute number. So I’m hoping that’s still the case, otherwise there really is some [inaudible 00:18:34].

Si: Brilliant. Okay, so anyway, that’s Endpoint Mobile Now, and you teased me with another new product that’s coming out, or has come out, more to the point.

Monica: That is first in the line of SaaS. So the idea still is we need to keep up to date consistently with all the changes that are happening. But that was also a very specific use case in terms of you need the data right now, more than likely it’s targeted and you’re not bringing back all of the data on the phone. But what if you want all of the data on the phone? What if you want more than all of the data on the phone?

I used to have conversations with folks at conferences about what the single source of truth for data is, and I would say, “Well, it’s on the phone. That’s where you get the deleted data.” Folks would say, “Well, what about what’s in the Cloud? There’s a host of data that could be in the Cloud that’s not on the phone.” And so we go back and forth and then I would say, “When you can’t beat them, join them.” So what if you need it all? What if you need the data that’s on the phone? What if you need the data that’s on the Cloud? And if we’re just talking about the data, is it enough if you just have the data? Don’t you need to do something with it from then?

We just talked about the calling that could happen in PA. So making sure that you have what’s on the phone, what’s in the Cloud, that’s always up-to-date, that you have the ability to see quick insights, what’s on the phone before you could be done with the full file system extraction. I don’t have to tell you, they could take hours. Sometimes I do them for demos or fun, and it’s something that’s always running in the background while I accomplish several other tasks. But do you have to wait that long to really understand what you’re about to collect? Wouldn’t it be nice if you had the power of full file system collection, but it’s still target what you were collecting?

So for example, we see a lot of cases are really looking at more complex data. Snapchat, anything that has a femoral aspect to it, anything that’s encrypted end to end. And for that we say, “Well, it’s a full file system collection.” But what if all you really want is the Snapchat data? It’s great to have that full image, but maybe you really just want that. And then after that, don’t you need something that has decoding capabilities, something that can stay up-to-date with the extraction capability? Throw in a little bit of Cloud so that you have context.

And then maybe you’re an enterprise, because we are talking about public sector, or private sector rather. Maybe you need to manage a very large arsenal of extraction and decoding tools. So for that, we have Mobile Ultra. For that, that is our future of extraction. We tried to take a look at not necessarily the use case where you need to get to the data library right now and you just need text message data or something that’s ancillary to that, like the context, but you need to see the full scope or you need data that’s so complex you’re starting with the full file system collection.

And then from there, making sure it’s always up-to-date, making sure you can pull from Cloud data so that you have the context, making sure we can pull the PA so you could do some of that cooling, and maybe even PA can assist with whatever’s going to happen with the data downstream as an option, depending on what’s going to happen to that data once you’re done analyzing it. And then being able to really manage an entire enterprise system. For that, we call it Ultra, and we’re pretty excited about that as well.

Si: It certainly has shades of marvel and other naming-

Monica: It’s the Ultra aspect, yes.

Si: Yeah. But yes, something of that scope reasonably deserves a superlative name, so that’s fine. I understand that.

So in terms of Cloud collection, I’m assuming you’ve got all of the major platforms, so you’re looking at O365, iCloud, and Google. What else is on the target list in there?

Monica: That’s a great question. I would say we’ve got about a thousand employees at Cellebrite and over half of us are R&D, because that’s really what it takes to stay on top of questions like that. Well, let’s see what they come up with. We’ve got all the bases covered, like you said. So there’s Enterprise, Cloud, everything that our IT departments are administering. There’s all the personal apps that we might have on our phones to talk to each other. And then we just have to see what, I call them nefarious actors. I’m looking for another word other than nefarious, but I think that really hits home. They are the folks who are really using the applications.

This is the end of 2023. So for example, in 2022, I wasn’t talking about discord. Fast-forward a year and now that’s what I’m talking about. So you’re asking me literally what am I going to talk about in 2024? Let’s see what we’re going to be talking about. If I wanted to, maybe just based on what I’ve heard both internally and Cellebrite and externally, we’re seeing a lot of nefarious activity happen in chat applications that have to do with gaming apps.

Si: Interesting.

Monica: So we could see a rise in applications there. Ephemeral is the way to go. It seems like folks are really just about, “Hey, if it’s something that could disappear in a short amount of time, that’s how I want to talk to you,” and how quickly we can get to that data. So I think we’re going to see more collection or more apps on the rise that have ephemeral nature to them, but also just places you didn’t think that people would be talking to each other, but where people talk to each other all the time. It could be something like a platform like this. Is there a chat portion of this? But in gaming, I think so many of us are gamers. I see you’ve got a really awesome headset on over there. Fully professional.

Si: No, so I’m going to say, I’ll drop my children in it. I am a bit of an audiophile. I’m not a great audiophile, but I’m a bit of an audiophile. I require a decent quality of sound. My children play music through their mobile phones and it drives me around the bend that they can even contemplate that tinny noise is actually music. So, no, these are not… The microphone, which is just out of shot here, I don’t know if you can see it, it’s not showing on the screen at the moment, and the headphones are for high quality audio and playback of music and voice calls, not for gaming. I enjoy gaming, but I suck at it so badly that I don’t ever do anything online because I would just get wiped out in seconds. Such is life.

But interesting. Yes, and I’ve come to use Discord a lot in the last year or so. In fact, there is a Forensic Focus Discord channel, an official one, I believe, and there is a Forensic Focus the podcast staff as well.

Monica: Yeah, we have one here at Cellebrite as well. Absolutely.

Si: So, yes, and it is a fantastic resource. And I’ll give Desi a plug while he’s not here, but his hardly adequate podcast also has its own Discord channel, which is a good place to go and talk to people of a instant response like mind and digital forensics side, if you want to go and join. I don’t believe there’s any restrictions on getting in. They let me in, so they must be letting anybody in. That’ll be fine. So like that.

Now interestingly, in the Cloud stuff, so are you able to extract the Cloud keys and things from a mobile phone and then just pass that straight through to go and do the Cloud acquisition? Or is it something that you need to enter manually, or?

Monica: It can happen either way. So we want to make sure that everyone has… It’s not one size fits all. But the most seamless way, if we’re providing advanced extraction capability or file system, full file system, is to take the tokens from that and then be able to pass that into Cloud so that you can pull from there. So both options are available, but the idea here is that you’re doing advanced collection, that you’re connected to SaaS so that you have the latest and greatest, that there’s a hardware piece that comes with it, because we need to translate what’s coming out of SaaS so that you can get tokens, that you can get the tokens past that into Cloud, and then break all of that, open physical analyzer. So yeah, the idea is that it’s token-based. Absolutely.

Si: Now, not comparing you with any other vendors because that’s not fair, but having spoken with another vendor recently, they were very, and rightly so, very proud of their capability certainly in the law enforcement environment to do screen grab, screen acquisition. Is that something that you support?

Monica: Absolutely. So when we’re talking about Mobile Ultra, it’s a product and it’s a solution. So as a product, you get the capabilities of SaaS, you get full file system extraction, you get the power of extraction. But then overall, you also have UFED, which is baked right into that, so that’s going to give you things like screen capture, for example. When you talk about the power of SaaS because you want to stay up-to-date, even with the large R&D team that we have here for all of the applications that we need to stay on top of, every single version not, or just applications generally, not being backwards compatible, that would defeat the purpose of what they’re advertising their use as. We still need to provide alternatives, and screen capture is one of them.

So within that same application, while you can do your full file system so that you’re grabbing tokens, you can also do screen share or screen capture as well, just so that you have whatever you need at the moment. Because, let’s face it, when you show up at that C-level executive’s office to do extraction with all of your things, there’s no, “Oh, you know what? There’s one thing I’ve forgotten. I’ll come back tomorrow.” You’ve got that moment to capture the data that you have, so we need to make sure that everything is in your toolkit.

Si: No, that’s fantastic. And I know that you have the UFED Ultra box sitting up on the, or bag or whatever-

Monica: I do.

Si: … on the window behind you. Nice suitable product placement, so that’s excellent.

Monica: Yeah, absolutely. We are actually in advance of release by about a week or two, so you get a first grab there. [inaudible 00:29:04].

Si: Oh, right. I’m going to get this processed and pushed out so that we get the scoop. It’s only fair. Excellent. Already I’m pulling products up before they go out to release, which is great. But what else is in the pipeline at the moment?

Monica: Oh, what else is in the pipeline? Well, that was a lot. That was a lot for one [inaudible 00:29:25]. That was several things that we’re working on, but we talked about SaaS generally. So we’ve got SaaS now that’s remote, that’s a little bit more limited, but you know exactly what you want and you can target it. We’ve got an entire ecosystem for just about everything that you could potentially run into, and that’s what we’re calling Ultra.

So now we’ve got an eye forward towards 2024. There are themes that we’re looking at across the product lines. I think end of 2023, we’re looking at SaaS because we wanted to stay always up-to-date and make sure that we could collect from just about anything that you were verifying into. So now that you’ve got the ecosystem, what do we do with that? Well, we’re looking at things like automation. Why would it be that you hop from one tool into another tool into another tool? If you have an ecosystem, why can’t they talk to each other? One of the things I love about being an iPhone user or an Apple user, although it may not necessarily be resource-efficient, they all talk to each other. I can start talking to my watch, which will talk to my phone, which will talk to…

And so introducing an ecosystem that has the ability to do the same, that data’s going to move downstream. So automating that. Also, understanding what our customers are doing the most frequently and making sure we have workflows in place for that. If it’s something that you do consistently day in, day out, every time you see a phone image, every time you see an application, you do X. Every time you see a use case or a type of investigation, you do X. Build that into the application for you. I think that general theme is technology is supposed to make your life easier. We look at generative AI. How easy is that? So I’m not saying that you’re going to be able to start talking to PA and it’s going to be, “Sure, I’ve got the answer for you,” but yet it should understand what you do the most frequently and be able to quickly cut down the amount of time it takes for you to do that by being able to automate some of that as well.

So I think just comprehensive communication across the ecosystem are things we’re looking at in 2024, and then also just accelerating the process or freeing up examiners so they can do other things by taking some of the things you do most commonly and automating them within the ecosystem itself. And then other things, it’s whatever the industry is talking to us about. The finance industry, their voice is pretty loud. We hear you. And we are looking to continue those conversations so we can build that. And who knows what 2024 is going to bring to us? But whatever it is, our ears are open. We’ve got two ears and one mouth for a reason, so we’re listening. So if you tell us, we will build it.

Si: So you’ve opened the door to this. Where does Cellebrite stand on AI machine learning and, well, generative AI?

Actually, I’m going to give him credit for this. I actually saw an incredible demo of a product for lawyers the other day, which is basically taken the… If anybody out there is familiar with LexisNexis, it’s a catalog of all of the case law of various countries, but the UK amongst them. And it has the same catalog, but it’s applied machine learning over it so that when you do a search, it actually returns. You can actually write a search query in English and get sensible results out of it, which is really cool. And I have to say, the demo was very impressive.

But anyway, I digress massively. Where does Cellebrite sit on the machine learning train at the moment?

Monica: That’s a great question. So it depends. That was an E-discovery answer for you.

Si: No, it’s a standard digital forensics question. It’s like, “What caused this?” Well, it depends.

Monica: It depends. When it comes to generative AI, so you brought up LexisNexis and you brought up the legal field, so we’re still trying to understand generative AI there. Understand is not the word. Trust. Trust but verify, yes, which is also an E-discovery answer. There are cases where generative of AI has hallucinated, has not done… It’s told you this, it’s cited case, it’s cited false case law but attributed it to real people, which is its own thing. So just following that and making sure that’s consistent. That’s one thing. We need the industry to say, “We’re okay with this. We trust this,” and then we need to be able to verify it as well. It’s trust, but verify. If you’re talking to attorneys, it’s forensically sound, if you’re talking to examiners, but just making sure we can stay within that defensible scope.

Generative AI is an evolving thing. And then it’s the nature of the data that you give it. Generally, when you have AI, I’m talking about text right now, not images or videos, when we are in the private sector, we see more of communication that can be really boiled down to text. So when you’re talking to AI, the more you give it, the better. The way you and I would talk, it might be different if we’re talking through exchange. And cases like that, you see things like copilot. So let’s see how that evolves in 2024.

But if we’re talking about any of those chat applications, even if we’re talking about Teams or if we’re talking about Slack, I’m talking to you in emojis, I’m talking to you in brief sentences, we’re skipping the salutations. How do you feed that to AI and have it give you back something comprehensive? That is an ongoing conversation. It’s an ongoing conversation and we’re still working to understand that. But we’re watching. We’re watching, we’re learning, but being able to have defensible data is foremost at the front of our minds there, and so just understanding how to move forward in that vein is what’s most important to us. We need AI to stop hallucinating. That would be helpful.

Si: Yeah. No, it’s interesting to hear an organization of your size saying that they’re watching it, versus the fairly significant number of people out there who are already claiming to be using it across a vast number of fields, not necessarily just in forensics. But yes, it concerns me that people consider it fit and ready for purpose in a truly defensible way. That is something that scares me still.

Monica: Yeah. It’s a trust but verify aspect. And we invite the conversation for that too, for anyone who has any ideas. What we have is the brain trust. We have the R&D and we have the engineers. So if you have an idea, we are open to collaboration, we’re open to the conversation. But right now, I think the defensibility of the data that people use, when you are using Cellebrite to collect, something else occurred and usually it started somewhere in the legal system, and it’s got to be defensible. So that’s foreground in our minds, for sure.

Si: Absolutely. That’s brilliant. Is there anything else you’d like to comment on, or?

Monica: Is there anything? Well, we’ve talked about our SaaS, our launch of our SaaS products. We’ve talked about the immediate nature of meeting the data. We’ve talked about a more holistic approach to data. And then we’ve talked about some themes that we are looking forward to 2024. So if there’s anything that I want to leave the audience with, it is that the lines of communication are open. We are not developing this technology in a bubble and we want to develop technology for you. I think that’s how we started when we started the conversation. I can end there as well. I’m very accessible. I can be reached on LinkedIn. I can be reached at email, monica.harris@cellebrite.com. That is actually my email address. That will come directly to me. And if you’ve got a need, if you’ve got a pain point, if you want a platform to speak, we have all of that. So please, please reach out. We’re here.

Si: Fantastic. And ladies and gentlemen, you did hear it here first, that UFED Ultra is coming out later this year and that Cellebrite very much wants to work with us all to create the next and greatest things in the world to make our own lives easier, which will be wonderful.

So Monica, thank you very much for coming and joining me today. It’s been an absolute pleasure talking to you again, and I hope we’ll have an opportunity to do it again in the future. I just will let the listeners know that they can… Every time, Simon, you must write down the things that you can pick up the podcast on. Spotify, Apple, whatever the podcasty thingy is. Any other good podcast stuff, it’s on the website. You’re forensic analysts, you can figure it out. I think I’ve said that before. And if you’re listening to it, you’ve already listened to it, so I’m not really sure that telling you where it is all that helpful.

But anyway, Monica, thank you very much again for your time today. Happy Thanksgiving. I hope you enjoy your celebrations towards the end of this week. There you go. That’s also ruined the sausage factory, as the time this comes out will be past Thanksgiving. But there we go. Not by much hopefully, but it will be. Thank you again. Much appreciated. And goodbye, everyone. Thank you for coming along and joining us this evening.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles