Menu
Documents uncovered by ZDNet have revealed the true scope of technology from Israeli developer Cellebrite Mobile Synchronization, which specializes in smartphone data extraction, transfer and analysis.
The leaked documents show just how much private data its smartphone forensic tool UFED, used by law enforcement, is capable of extracting from iPhones.
Databases can be exported from mainstream forensic tools, such as XRY, UFED Cellebite, Oxygen Forensic, and imported into Andriller for individual decoding. The output from Andriller offers cleaner output data. What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes. UFED Physical Analyzer automatically performs this decoding process, presenting decoded data both in human-readable format, and as raw data as stored in the device’s memory. The BlackBerry device must be turned and unlocked for the UFED boot loader injection process to occur. • Was it radio isolated, or did it briefly initiate a wireless connection? UFED can pull similar data from other phones, too, including Wi-Fi hotspots and cellular towers the device’s was connected to. The image top of post shows the tool’s extraction report for an iPhone 5 running iOS 8. UFED 4PC is Cellebrite’s software-based mobile forensic solution. It provides users a cost effective, flexible and convenient tool on their existing PC or laptop. UFED 4PC Ultimate is based on the same trusted UFED technology, enabling users to perform extraction, decoding, analysis.
In a single data-extraction session, investigators were able to collect a huge array of personal data from an iPhone 5 like messages, phone calls, voicemails, images and more, including some deleted content. UFED can pull similar data from other phones, too, including Wi-Fi hotspots and cellular towers the device’s was connected to.
The image top of post shows the tool’s extraction report for an iPhone 5 running iOS 8.
![E-reader for mac E-reader for mac](https://zdnet4.cbsistatic.com/hub/i/r/2016/12/22/4537da87-ac87-47f7-b777-a5e85c167194/resize/770xauto/efb602e2f5b8fedb13300942c7ae713e/c-1-timeline-1.png)
After plugging the device to a machine running the tool, the officer was able to perform a logical extraction, which downloads what’s in the phone’s memory at the time.
Here’s some of the extracted data:
- Mobile phone number
- Registered Apple ID
- iPhone’s IMEI number
- Joined Wi-Fi networks
- Database files
- Call logs
- Voicemails
- User accounts in apps
- Text messages
- Music files
- Notes
- Calendars and contacts
- Geolocation from photos
- Installed apps
- .plist configuration files
- Settings and cached data
- Web bookmarks and cookies
The software can also cross-reference data from the device to build up profiles across contacts, SMS and other communications. As mentioned earlier, UFED even extracted some content that had been deleted from the device, like deleted messages and photos.
Cellebrite’s tool captures the geolocation of every photo that’s been taken.
It’s important to note that the phone’s owner didn’t set up a passcode, which has left the device entirely unencrypted and more vulnerable to Cellebrite’s hacking tool.
With that in mind, had the iPhone 5 in question been protected with a passcode, the data on the phone would have been fully encrypted and iOS would have deleted everything on the device after ten failed attempts to guess the passcode.
The FBI reportedly paid Cellebrite $1.3 million for UFED and apparently used it to bypass iOS’s passcode delay and automatic wipe features on the San Bernardino shooter’s iPhone 5c. Apple, naturally, wanted to learn about the exploits Cellebrite’s tool uses, but the FBI wasn’t interested in sharing that information.
Cellebrite alluded in April it might be able to bypass the passcode protection on the iPhone 6 series, but wouldn’t comment beyond that vague statement. The FBI later said Cellebrite’s forensic tools do not work on iPhone 5s and newer and Cellebrite itself has said that it’s indeed unable to crack the passcodes on iPhone 4s and later.
Investigators can see Messages content sorted chronologically.
![Ufed Ufed](/uploads/1/2/6/5/126552587/214704235.jpg)
One possible reason for that: Apple-designed processors that power iPhone 5s and newer phones feature an embedded Secure Enclave crypto-engine with its own encrypted memory and other hardware-based features aimed at strengthening security.
The Economic Times reported last month that India’s premier forensic institute, called The Forensic Science Laboratory, was buying Cellebrite’s technology to help its law enforcement agencies bypass locked iPhones.
Ufed Reader Mac
A subsidiary of Japan’s Sun Corporation, Cellebrite was founded in 1996.
Pdf Reader For Mac
Source: ZDNet