Cellebrite’s UFED, a Must for Forensic Investigators!

The digitalization has transformed the criminal enterprise to a high tech, stealthy, global organization. Identity theft, money laundering, fraud, theft of intellectual property, etc., are a few to add in a long list of crimes happening in web 2.0. Imagine if your friend is charged with money laundering which he/she is not committed. What if you could show electronic evidence that proves his/her innocence! Sounds interesting? Cellebrite’s UFED, a mobile forensic devise, gives investigators all the tools necessary to do job efficiently, with a full complement of accessories, cables, card readers and much more, plus powerful analyzing, extraction & reporting software that can be run from any PC.

With a rapid change in technology and advanced mobile devices, BlackBerrys, Androids, iPhones are some of the smart phone we use on daily basis to take photographs,send texts and emails, update Facebook, consult maps, search the web, and the list goes on. As we do this, however, our mobile devices often are quietly making records and generating evidence of all these activities. For better or for worse, this makes mobile devices perhaps the richest source of evidence about the people that use them.

However, one of the major issues is that, because the mobile device industry is still at nascent stage, a multitude of different operating systems, communications protocols, and data storage methods are in use, and more are being developed every day such as Apple’s iOS, Google’s Android, BlackBerry OS, Microsoft’s Windows Mobile, HP’s webOS, Nokia’s Symbian OS, and many others. What is the best solution then? Cellebrite’s UFED!

 

Why Cellebrite’s UFED?

A few exceptional and analyzing capabilities of the Cellebrite UFED standalone mobile forensic device:

  • Portable, fast and easy to operate, facilitates a truly untethered operation even in the most remote locations.
  • Performs physical, logical, user password and file system extractions.
  • IOS physical extraction, decoding & real-time decryption.
  • Gives access to internal application data.
  • Data extraction of hidden, existing and deleted data.
  • Android & GPS devices extraction and decoding.
  • Blackberry decoding.
  • Phone internal data including IMSI history, past SIM cards used, past user lock code history

In short, Cellebrite’s UFED is designed specifically for forensic investigators. Its best used for retrieving data ( deleted and non-deleted) from mobile phones, as the UFED forensic system empowers law enforcement, computer crime and investigations to capture critical forensic data and much more. The best part is it covers all major mobile OS: IOS, Android, BlackBerry, Symbian, Windows Mobile and Palm.

Virtualization – A Threat To Hard Drive Data Recovery

Hard drive data recovery is the process of retrieving lost data from hard drive. This retrieval is done due to the inaccessibility of data through normal recovery processes. Notwithstanding the fact that your hard drive has crashed or locked up for some reason, you can recover the data using a variety of hard drive data recovering techniques.

Virtualization makes it complex to manage disparate virtual, physical and cloud resources simultaneously. There are three areas of IT where virtualization is making news – network virtualization, storage virtualization and server virtualization. Virtualization enables IT enterprises focus on their core competencies while their day-to-day troubles are taken care of by third party data centers and disaster recovery facilities. These centers offer end-to-end managed IT services on virtual systems to enable enterprises save on setting up IT infrastructure.

While virtualization is a great option, it is a path to leaving data unprotected. While IT companies are adopting virtualization to reduce costs, this process is adding to the complexity to their IT environments. This leaves the critical data unprotected. Only ten percent of the critical applications data that is stored on virtual system is protected. It is time IT companies resorting to virtualization assess the necessity of having a protection for virtual data. Almost half of the data stored on virtual systems is not even backed up.

One of the greatest drawbacks of virtualization is that there is a single point of failure. When the machine, on which all the virtualized solutions run fails, or when the virtualization solution itself fails, this crashes everything.

Less hardware is required in virtualizaton but it requires powerful machines. If the machines are outdated or archaic, the work might get disrupted. But given the cost of hardware, it is still cheaper to upgrade the machine and virtualize than install new hardware.

Performance issues arise in virtualization even though powerful virtualization of operating systems and applications are integrated in a machine. Frequently, an application running without any problem while not virtualized, brings to surface many problems when it is deployed in virtualized environment. There is no guarantee if an application will behave properly in virtualized environment. Performance degradation is one of the many issues when applications are deployed in virtual environment.

Although there are some disadvantages in virtualization, it is still a viable solution provided ample care is taken to overcome the possible snags. IT enterprises should treat mission critical data and applications with utmost care whether they are virtual or physical. Enterprises should adopt integrated tools for managing physical and virtual environments to save time, training costs and better automate processes.

Phone Log Reconciliation

Knowingly or unknowingly we transmit a lot of information over phones. While we may not realize or even see the need to keep such information, it becomes useful to retrieve phone log information for legal issues. In complex litigation, all information passing between the client and vendor is considered part of intellectual property or trade secrets.

In legal cases phone log information records can be subpoenaed to determine if there was a trade secret violation or any other breach, or intellectual property information that is confidential has been compromised. In such scenarios, a search should be conducted through multiple phone numbers’ log records to produce a comprehensive report of violation or non violation.

Data Triage Technologies (DTT) has pioneered in Phone Log Reconciliation Service that is designed to manage completely a process that can be very time consuming if not automated appropriately. Now, it is possible for you to retrieve information that you may need to call as proof in a case. This service is extremely beneficial for lawyers and legal firms.

Phone logs come in several patterns that include digitally archived as images and spreadsheets as well as in paper format. Each phone company and cell phone provider has its own proprietary format for storing and presenting records. These formats require standardization to generate a comprehensive analysis. DTT executes a process of Optical Character Resolution (OCR) as well as Quality Assurance to ensure the information is correctly entered into a database able to execute the various formats.

Once evidence call records are introduced into a database, DTT performs an exhaustive search for the phone numbers under investigation. DTT then complies a report containing Calling Number, Called Number, Date and Time information, Statement Date and Statement Page.

Why E-Discovery Protocol?

Too many Electronically Saved Information cases are left pending, without ever discovering the light of a solution in sight. The E-Discovery protocol is expected to facilitate the just, speedy, and inexpensive conduct of discovery involving Electronically Stored Information (ESI) in civil cases, and to promote, whenever possible, the resolution of disputes regarding the discovery of ESI without the intervention.

Lawyers engaged in civil litigation on smaller matters are not sure regarding the extent to which ESI must be preserved. They are worried about the costs associated with identifying, preserving, collecting, reviewing, and producing this information. This uncertainty, and a lack of understanding of the technical issues involved, forces many lawyers to choose one of the two extremes: over preservation to prevent sanctions or delegate preservation responsibilities to vendors or the clients themselves.

Without the benefit of large E-Discovery budgets, attorneys handling smaller matters may find themselves trapped. Engaging an outside expert to assess the client’s technology infrastructure and implement an appropriate E-Discovery protocol is prohibitively expensive. Clients may not be comfortable with the internal information being assessed by outside experts when their own technology personnel can handle the chunk of information. They may question the need to hire outside experts. These are, of course, reasonable arguments

Usually the time consuming collection of ESI may even go waste. Then there is the attorney review time which again takes a long time to process including the chunks of useless data that must have been collected. An E-Discovery protocol is intended to provide the parties with a comprehensive framework to address and resolve a wide range of ESI issues but it is not intended to be an inflexible checklist.

The Court expects parties to consider the nature of the claim, the amount in controversy, agreements of the parties, the relative ability of the parties to conduct discovery of ESI, and such other factors as may be relevant under the circumstances. Therefore not all aspects of this Protocol may be applicable or practical for a particular matter, and indeed, if the parties do not intend to seek discovery of ESI it may be entirely inapplicable to a particular case. The Court encourages the parties to use this Protocol in cases in which there will be discovery of ESI, and to resolve ESI issues informally and without supervision whenever possible.

Scope of E-Discovery Protocol

E-Discovery has raised many important issues for litigators and their clients, including evidence integrity, preservation of meta data and its forensic value, recovery of electronic documents from backup tapes, the sheer volume of electronically stored information (ESI) and its impact on the scope of discovery and burden on the parties, and the suitable exchange of electronic
documents.

In December 2006, the US through the Federal Rules of Civil Procedure, introduced wide ranging measures to tackle these issues. Ever since the US courts have adopted these measures. The Federal Rules of Civil Procedure altered the federal litigation expanse by imposing certain strict rules on litigants. The litigants now have to discuss early in the case a range of matters relating to the discovery of their ESI. It also provides for an early discussion of the assertion of privilege claims. The scope of E-Discovery protocol has now changed from how it was earlier dealt with and not dealt with.

Before the new federal rules came into existence, litigants had to deal with issues related to ESI without a specified framework of rules specifying their disclosure and production obligations. Often, due to a lack of refinement of E-Discovery, the requesting parties’ counsel makes responding parties either to ignore their E-Discovery obligations or to run out the clock without providing any significant E-Discovery responses, information or ESI. The prohibitive cost involved in E-Discovery makes parties concerned failing to press the E-Discovery button.

The Federal Rules’ empowerment of federal courts to take charge of E-Discovery protocol matters, puts an end to the old status quo in ESI production. More federal courts (and state courts who rely on federal case law as instructive) are cautioning litigants to negotiate and reach early agreement on what ESI will be produced, when, and how.

The federal litigants who do not detail in advance about the what and how E-Discovery is going to be done and who will pay for it, face the prospect of having an unsympathetic court make those choices for them. This eventually leads to expensive consequences that could have been avoided. With many state courts now citing federal precedent, and with many states now adopting E-Discovery protocol rules similar to the new Federal Rules, this promises to be a real possibility in state court as well.