UFED Cloud Analyzer – Unlock actionable intelligence from private user information in cloud data sources

Presenter: Shahaf Rozanski, Senior Forensics Product Manager, Cellebrite

Join the forum discussion here.
View the webinar on YouTube here.
Read a full transcript of the webinar here.


Hello everyone, and welcome to Cellebrite webinar, UFED Cloud Analyzer – Unlocked Actionable Intelligence from Private User Information in Cloud Data Sources. Before we get started, I’d like to update you on the technology we’ll be using today. You will notice on the right hand of your screen that we now provide two audio mode options for our webinar – telephone and [indecipherable] speakers. If you prefer to use your telephone, please set ‘Telephone’ as your audio mode, and call in using the number, access code, and PIN that is displayed in the confirmation email that you previously received.

If you prefer to listen to this webinar through your computer speakers, please choose the [indecipherable] speaker audio mode option on your panel. You may minimize the panel by clicking the orange arrow located on the far left-hand-side. If you have any questions throughout the webinar, they should be submitted online. You can submit your question to our speaker by typing them in the questions box. Questions will be answered at the end of the presentation.

Our speaker today is Mr Shahaf Rozanski, senior forensics product manager. In his role, Mr Rozanski is responsible for defining and launching Cellebrite’s future solutions to the law enforcement industry, including the UFED Cloud Analyzer. Mr Rozanski brings more than 16 years of experience in merging customer advocacy and technology, which he successfully applied in various global industries.

Shahaf, it’s over to you!

Shahaf Rozanski: Thank you, [indecipherable]. Hi everyone. Excited to be with you this morning or afternoon. Today we’re going to have a very, very exciting adventure together as we will investigate together how you can neutralize the cloud in your investigations. What we do in the course of the next hour – you will find out that you are not alone in your quest to look into the cloud, and we will see some of the market trends that you and other customers of ours shared with us when going into the cloud. We will also identify what kind of challenges you are facing today when handling the cloud, and then we will switch over to the different solutions that we have for you to investigate information from the cloud; the main solution that we are going to talk about today is UFED Cloud Analyzer, a new solution that we announced and released just a few months ago. And we will demo the solution and discuss the different use cases.

So let’s start with the market trend, and before we do that, let’s just clarify between ourselves what we mean by the meaning of ‘cloud’. When we say ‘cloud’ throughout the course of this presentation, we will refer to data that is hosted by cloud remote service provider, such as social media life Facebook and Twitter, such as webmail like Gmail and Yahoo!, storage like Google Drive, instant messaging services or even e-commerce services like Amazon and eBay. All those are what we are referring to as cloud, and those kinds of data sources basically contain lots of information that people are using, you can utilize within your investigation.

So, if we will look into the way our world population is using the cloud, you can see that about 25%, 26%, depending on the region in the world, is accessing social media and cloud-based services. One of the most important points to notice in the right corner of the slide is the fact that most of the people that are using the cloud are accessing the cloud via mobile. Now, if you have capability to gain access to the mobile and utilize that in order to go the cloud, then you can leverage your capability [in] investigating the cloud.

So if most of the world population is using the cloud, obviously, criminals are also using the cloud, and therefore, law enforcement agencies are very, very interested in the cloud. And this is a survey that was conducted by International Association of Chief of Police – they are conducting a survey every year – and you can see that while in 2010 only 50% of the investigations involved social media or cloud information in order to resolve the issue, in the last couple of years it’s almost 80% of those investigations, meaning four out of five investigations are using cloud in order to gain access into intelligence data or even to provide evidence that will be used in court.

Now, when law enforcement are looking into the cloud, basically, there are two kinds of information they are looking into. The first one is what we call the public cloud, which is basically all the data that the user decided to expose with the rest of the world. So if you will go to Google, for example, and type ‘Shahaf Rozanski’, you will probably find a lot of information about me, which I decided to publicly expose with everyone. The more interesting part of the cloud is the private data – that kind of data which is not accessible to anyone, and you cannot go and google ‘Shahaf’ and find private data about me. It is only accessible to those that I have selected.

Now, for you, as law enforcement, to gain access into private data, basically, you have two options. The first one is to get a person from the user… ask for his username and password, and then manually type username and password into the different web interfaces – for example, the web interface of Facebook. And then navigate to the different pages and try to find out the relevant evidence, obviously trying to make sure that you are forensically preserving the data, which is quite a challenge when you are doing that manually. The other option is to go to the cloud provider – to go to Google, or to go to Facebook or to go to Twitter, and ask them for permission to look into the information. For that, obviously, you would need legal authority to do so, and basically you would need to serve the search warrant to the different companies, and you can see the statistics over here.

The challenge, with going to the cloud provider, that you are facing – and you have shared with us quite frequently – is the fact that the time for fulfillment can take weeks to months. And especially for you guys that are outside of the US, for example, people in Poland or in Vietnam or in the UK, for you to go to Google and Facebook and get information from them, you need to go to [indecipherable] or you first need to have a local search warrant; then you need to go over to your local department of justice, send it to the US Department of Justice; they will convert it into a local search warrant, which then will be served to the relevant state – of California, which is where most of those companies are [set] – and then it will be [translated] and sent into Google or Facebook and Twitter.

This takes time, a lot of time, and then obviously you can add to that the time that it takes to process the information. This can take, for people that are outside of the US, something between eight months to a year, which is amazing – and just think about how much time you need to wait just to gain information and intelligence from the cloud. And basically, this is the main challenge that you are facing and expressed with us – the time that it takes to get a response from the cloud provider, which, if it is a year, sometimes can be meaningless to your investigation.

But it’s not only the time that it takes, it’s also the fact that the rate of record production is sometimes insufficient. In the previous slide, we’ve seen the different statistics – in the UK it was about 70%. I can assure you that in different countries it’s less than that. But even with the 70% or the 80% that’s in the US, still, one out of five or one out of four cases is not provided with the relevant information to solve the case. And I don’t think that anyone is willing to jeopardize a murder case solving just because the cloud provider is not going to provide with that.

Now, the reason that they are not providing the information is not because that they don’t like you. It’s because of the fact that, you know, they are a big company; their business is to provide social media or Categories Webinars

Leave a Comment