Mobile forensics – unlocking the secrets of data with Cellebrite

Explore how mobile forensics solutions like Cellebrite recover and analyze hidden data from smartphones to support criminal investigations and legal cases.

As smartphones and tablets have become integral parts of our daily lives, mobile device forensics has emerged as a critical branch of digital forensics. Mobile device forensics, or simply mobile forensics, is dedicated to the recovery, analysis and preservation of data or evidence from mobile devices using forensic solutions. It deals mostly with mobile phones, but also with tablets, GPS devices or PDAs. Provided that the data is extracted legally and under forensically sound conditions, it can be evidence admissible in court, civil litigation, and corporate inquiries. But how do they do it? Find out in this article!

Criminals, just like the average citizen, all use mobile devices. Our devices hold vast amounts of personal information about our lives, and so, an offender’s device is bound to store information crucial for an investigation into them.

Ordinary texts or notes are not the only data the authorities look for when scouring a phone. Other information such as call history, location data, web search history are all relevant to an investigation and often crucial for a trial.

A criminal might think that locking their phone with a PIN code or a biometric lock ensures their data cannot be accessed by anyone. They would be mistaken. With appropriate government clearance and sufficiently powerful forensic solutions, any device is like an open book to the authorities. Such cases happen every other day, as you’ll find out while reading about famous examples below!

Every device holds important data

Glimpse into mobile forensics, where specialists use advanced tools like Cellebrite to extract and analyze data crucial for solving criminal cases.

Nearly every offender possesses a mobile phone. In the digital era, much of the incriminating evidence can be found and accessed on such a device. Even in the most high-profile cases this seemingly insignificant data could be invaluable.

On July 13th, 2024, Donald Trump, former President of the United States of America and running candidate in the upcoming election, was shot at during one of his rallies in Pennsylvania. The bullet fired by 20-year old Thomas Matthew Crooks pierced Trump’s right ear, very nearly ending his life.

Following the shooting, the FBI seized Crooks and, among other things, his phone. On July 14th, they revealed they couldn’t hack into the device, which was reported as a newer Samsung model. On July 15th, however, they told reporters that they had “successfully gained access to” the shooter’s phone and they “continue to analyse his electronic devices.”

How was the Bureau able to crack the phone in mere 48 hours following the shooting, even having claimed they were unable to? It would be reported that the FBI contacted with Cellebrite, an Isreali company offering advanced technologies for analysing and recovering data from mobile devices. Find out more about them below!

Mobile device forensic process

Mobile devices store a wide array of data, including:

  • Text messages and call logs
  • Photos and videos
  • Emails and app data
  • GPS locations
  • Web browsing history
  • Contacts and calendars
  • Social media communications
  • Data from connected apps like health or finance apps

The widespread use of these devices means that mobile forensics can provide investigators with crucial insights into a user’s activities, location, and communications, making it invaluable in modern investigations.

The mobile forensics process involves a series of methodical steps designed to ensure the accurate extraction and analysis of data. These steps include:

  1. Seizure and Isolation: When a mobile device is seized as part of an investigation, it is critical to isolate the device to prevent any remote tampering or data deletion. This often involves placing the device in a Faraday bag to block signals that could erase or alter data via remote commands.
  2. Data Acquisition: Data acquisition refers to the process of extracting data from the mobile device. There are four main types of data extraction methods:
    • Manual Extraction: Involves physically interacting with the device and taking screenshots or manually noting relevant data.
    • Logical Extraction: Extracts data through software, including files, contacts, call logs, and messages from the device’s active file system.
    • Physical Extraction: A deeper level of data extraction where the entire contents of the device’s memory are captured, including deleted files that may not be visible in a logical extraction.
    • Brute force Extraction: Tools that send large numbers of potential passcodes to the device are used. This approach is time-consuming, but often effective.
  3. Data Analysis: After acquisition, forensic experts analyze the data to find evidence relevant to the investigation. This includes recovering deleted messages, accessing app data, reconstructing call logs, and analyzing GPS data to track movements. In some cases, forensic tools can also decrypt encrypted files or bypass certain security measures.
  4. Preservation: To ensure the evidence is admissible in court, investigators must preserve the integrity of the original data. This is typically done by creating a forensic image or clone of the device’s memory, which can be analyzed without altering the original data.
  5. Documentation and Reporting: Every step of the mobile forensics process must be carefully documented to establish a clear chain of custody. This ensures that the evidence is credible and can be used in court. After analysis, forensic experts compile their findings into a report, which may be presented in legal proceedings or to corporate entities for internal investigations.

High-profile cases involving mobile forensics

Mobile forensics are widely used in the current day and age. In the past, they have contributed greatly towards solving difficult cases. When government agencies fell short trying to recover the digital data, they sought help from outside sources.

  • San Bernardino, California, USA shooting – In 2016, Apple rejected an FBI request to allow investigators access to the phone of one of the shooters believed thought to have killed 16 people. The FBI then sought assistance from an external company, which ultimately helped them unlock the locked iPhone 5c.

  • Rio de Janeiro, Brazil, murder – In 2021, the Rio de Janeiro police were investigating the death of a 4-year old boy. The case took some shocking turns – including regarding the boy’s mother and stepfather, who was a city councilman. Police chief Antenor Lopes was able to retrieve crucial evidence from their iPhones, using the Cellebrite Premium tool.

  • San Francisco, California, USA “Silk Road Case” – In 2013, Ross Ulbricht, the creator of the online drug marketplace Silk Road, was arrested and charged with running a massive illegal operation. Mobile forensic analysis of Ulbricht’s devices played a crucial role in connecting him to the online alias “Dread Pirate Roberts,” the leader of Silk Road. Investigators extracted chat logs, and documents from his devices that detailed illegal activity on the dark web marketplace.

As shown by the above examples, mobile forensics are indispensable these days. In many of these cases, solutions offered by the company Cellebrite played an instrumental role. But what are some of the most popular solutions they offer? Find out below.

Cellebrite software – a reliable toolset for extracting data from your mobile device – offer by Detective store

Cellebrite solutions are among the best ways to retrieve and analyse data from mobile devices. They are an experienced company with a long tradition, known and respected on the digital forensics market. Their products are used by law enforcement, detectives, courts and militaries worldwide.

Cellebrite UFED Inseyets

The Cellebrite Inseyets is a state-of-the-art forensics software leading the innovation on the digital forensics front. This solution is capable of granting comprehensive access to the widest range of devices, enabling thorough data extraction. It also allows for automation and simplification of the entire examination process. With this software you’ll be able to decode and analyze large volumes of data, thanks to its increased accessibility for team members of all levels.

People have bought in the last 48h!

  • Access to the widest range of devices
  • Comprehensive access and extraction data

Cellebrite Inseyets with Getac S410 G4

This Inseyets variant comes with the Getac S410 G4, which is a durable, high-performance laptop that integrates effortlessly with the Inseyets, providing dependable and efficient processing power for mobile forensic tasks. Paired with the software, this is a very efficient setup for any difficult extraction.

People have bought in the last 48h!

Cellebrite software – FAQ

Curious about phone data extraction? Read these answers to the most frequently asked questions about Cellebrite software to broaden your knowledge!

Cellebrite software – what is it?

Cellebrite software is a system for instant and complete data extraction from mobile devices. It is most commonly used to extract files and information from phones.

Cellebrite – what can it do?

Cellebrite’s software can instantly and completely extract all data on mobile devices. These are useful in investigations and during court hearings. Operation of the system is intuitive and simple.

Who uses Cellebrite?

Solutions such as Cellebrite Inseyets are used by the police, special services, military, private investigators or digital forensics and computer forensics specialists, among others.

Cellebrite – how does it work?

Cellebrite works by plugging an Android- and iOs-enabled mobile device into the device under test. Using an intuitive interface and an easy-to-read screen, the user performs comprehensive data extraction from the phone.

Find out more!

If you’re interested in finding out more about mobile forensics or the broader digital forensics, check out our products and our other articles. We’re sure you’ll find something that will suit your interests and needs!

Dominik Owczarek
Author of several unpublished literary works, creator of imaginary worlds. Cinephile and foodie. Can't eat a meal without an interesting video playing. Trying to switch back to books.
error: Content is protected !!