Cellebrite’s UFED, a Must for Forensic Investigators!

Thursday, April 19th, 2012

The digitalization has transformed the criminal enterprise to a high tech, stealthy, global organization. Identity theft, money laundering, fraud, theft of intellectual property, etc., are a few to add in a long list of crimes happening in web 2.0. Imagine if your friend is charged with money laundering which he/she is not committed. What if you could show electronic evidence that proves his/her innocence! Sounds interesting? Cellebrite’s UFED, a mobile forensic devise, gives investigators all the tools necessary to do job efficiently, with a full complement of accessories, cables, card readers and much more, plus powerful analyzing, extraction & reporting software that can be run from any PC.

With a rapid change in technology and advanced mobile devices, BlackBerrys, Androids, iPhones are some of the smart phone we use on daily basis to take photographs,send texts and emails, update Facebook, consult maps, search the web, and the list goes on. As we do this, however, our mobile devices often are quietly making records and generating evidence of all these activities. For better or for worse, this makes mobile devices perhaps the richest source of evidence about the people that use them.

However, one of the major issues is that, because the mobile device industry is still at nascent stage, a multitude of different operating systems, communications protocols, and data storage methods are in use, and more are being developed every day such as Apple’s iOS, Google’s Android, BlackBerry OS, Microsoft’s Windows Mobile, HP’s webOS, Nokia’s Symbian OS, and many others. What is the best solution then? Cellebrite’s UFED!

 

Why Cellebrite’s UFED?

A few exceptional and analyzing capabilities of the Cellebrite UFED standalone mobile forensic device:

  • Portable, fast and easy to operate, facilitates a truly untethered operation even in the most remote locations.
  • Performs physical, logical, user password and file system extractions.
  • IOS physical extraction, decoding & real-time decryption.
  • Gives access to internal application data.
  • Data extraction of hidden, existing and deleted data.
  • Android & GPS devices extraction and decoding.
  • Blackberry decoding.
  • Phone internal data including IMSI history, past SIM cards used, past user lock code history

In short, Cellebrite’s UFED is designed specifically for forensic investigators. Its best used for retrieving data ( deleted and non-deleted) from mobile phones, as the UFED forensic system empowers law enforcement, computer crime and investigations to capture critical forensic data and much more. The best part is it covers all major mobile OS: IOS, Android, BlackBerry, Symbian, Windows Mobile and Palm.

Network Forensic Analysis Tools to Assess Network Vulnerabilities

Friday, October 24th, 2008

Every organization today has some type of a network security policy to protect or secure its systems, but when there is a violation of organization policies with vulnerable attacks then forensic analysis plays a crucial role. The evidence in computer forensics may take many forms with the help of network forensic tools.

Many network analysis tools are available nowadays to create a report containing details of potential problems like monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack etc. Some of the forensic tools are specially designed for networks.

For example: DNA (Distributed Network Attack) a new approach in computer forensic analysis is one of the most efficient forensic tools in recovery of password protected files. The new tool made major advancements in recovery of distributed network system, which were earlier limited to the processing of single machine.

With installation of the DNA tool on the server it will have access to the network and power to processes on different machines to decrypt the passwords. There by the DNA manager is responsible for coordinating the attack, assigning small portions of key search to machines distributed throughout the network. With the use of this forensic tool the liability of client to commit mistakes can be avoided.

There are other forensic tools, some designed for analysis of network activity and some are intended for log aggregation or analysis. Through these forensic tools you can see the services operating over the network like file openings and closing.

Network security audit helps reduce the possibility of network downtime by discovering the security incidents and the attacks through its LAN, WAN or intranet. In terms of network security concerns you can even go for external and internal security audits to identify and eliminate any security vulnerabilities in your systems.

An External network access will test your network devices and servers for vulnerability to a wide range of exploits, viruses, worms and other common internet attacks. Where as internal security audit starts with threat discoveries which include frequent virus outbreaks, unauthorized access to sensitive e-mail or documents etc.

The domain hijacking, machine break-ins, cracking user passwords, retrieval of sensitive documents, and physical access to sensitive hardware or software can also be analyzed with these audits.

Once the analysis or audit is completed you can easily eliminate the network security problems. These are also applied to the storage area networks and network attached storage. With the help of network forensic tool you can identify and respond to computer crimes and policy violations, not just investigating historical incidents.

www.Datatriage.com, a leading expert in Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.

Electronic Data Discovery: Approach and Process

Thursday, May 15th, 2008

From the initial collection of electronic data to the final making of relevant and responsive documents, one of the biggest challenges faced by lawsuit attorneys is managing the large volume of digital documents produced during the discovery process. Electronic data discovery is a main stream in general discovery of evidence in legal proceedings. Today 90% of the business communication takes place in an electronic environment, so it is critical to carefully manage this electronic data for legal purposes by companies.

Electronic data discovery approach involves the following steps:

Step1: Collection
Formulate plans to identify the data across the networks for legal and IT department. Handling evidence to court requires a documented chain of custody. In this data collection strategy, it is necessary to include any data that is necessary for authenticating a relevant piece of electronic evidence. The collection includes deleted files, Web E-mails, Internet history etc like collecting Meta-data, information about the E-mails, address, date, and time are gathered as an inventory of discovery. This documented chain of custody is helpful in minimizing the mishandling, misconduct or tampering of critical data.

Step2: Preservation
Maintaining the proper integrity of data is the key to preservation. After identification of data; it is protected avoiding spoliation for the validity of the data in order to preserve legacy data. The original data should be stored in a proper location, because the relevant meta-data may exist at the time an electronic document is located, but may be altered. In order to avoid this, affordable techniques exist to make forensic copies or mirror images that are specifically designed to preserve the integrity of the meta-data to capture the relevant meta-data from the original source before they are copied.

Step3: Processing
Make the collected data readable and usable for legal review by eliminating duplicate files. The processing includes deduplication of data by hash value, near duplication, concept clustering, format conversions, native file review, file recovery, meta data extraction, export for any review system.

Step4: Review
Review of electronic documents is essential to separate relevant material from the irrelevant material. Filter the data to achieve a relevant, manageable collection of information. Once the files are collected in readable form, they are converted to digital form in large volumes, particularly with respect to many common forms of electronic documents such as E-mail.

Step5: Production
The final stage is to prepare the data set and make the information available in TIFF, PDF or HTML format as part of a database accessible from a Web-based repository. Delivering electronically stored information (ESI) to various law firms or corporates for further use, production needs vary, therefore the output is flexible.

The law firms and companies that do electronic data discovery have well established clear processes to standardize the way discovery works for all matters. This yields faster results, better control over sensitive data and tremendous cost savings and increased litigation risks, whilst the cost and risks of electronic data discovery is reduced through the hard work of analysis work process. For more information about electronic data discovery visit www.datatriage.com; a leading electronic data discovery firm to process vast amounts of data quickly and accurately.

Cell Phone Forensics Today is Better Than Ever No Other Tool

Tuesday, April 15th, 2008

The recent developments in cell phone technology helped in development of Cell phone forensics as a great resource for forensic examiners and hi-tech crime investigators.

Forensics has the potential to provide a wealth of information by retrieving information with relevant format which includes deleted text messages, address book entries that you have deleted, Photographs that you have taken and deleted, dialed and received calls etc.

Today Cell phones became more advanced and sophisticated in being used for inappropriate usage. Investigators realized that there was a need to develop specific tools and process to search for evidence without affecting the information and introduced to get the file system and memory data helping the individuals, while Cell phones are becoming more like desktop computers functionally. Cell phones rely on flash memory for persistent storage designed to perform a predefined tasks using embedded software. The National Institute of Standards and Technology (NIST) is the one, which developed the guidelines in cell phone forensics.

Cell phone forensics has two methods in order to collect the data; one is logical method, which acquires files and directories from the file system of the flash memory. Secondly, we can get all data from bit-by-bit copy of entire physical memory using a low level access method. Cell phone forensics can be largely divided by memory forensics and SIM forensics. Mobile phone based on GSM/WCDMA telecommunication technology stores data such as phone book, SMS message and IMSI in SIM/USIM. So SIM forensics is required to extract data from the cell phone with memory forensics. In this process of SIM forensics, a user PIN will be demanded according to access condition of elementary file in which data is stored.

The types of tools available for Cell phone examination include commercial forensic tools, device management tools, open source tool; self developed tools, diagnostic tools and hacker tools. Forensic tools are typically designed to acquire data from internal memory of handsets and removable identity modules such as SIMS found in GSM. These forensic tools support full range of acquisition and reporting functions to acquire device contents.

This secure forensics is the best solution which provides law enforcement, corporate security with logical data extraction of the content stored in the Cell phone. Investigators can now gain access to vital information in seconds without the need to wait for crime reports. For more information on forensics, visit www.Datatriage.com one of the best leading experts in the cell phone forensics field.

Qualcomm Repute Had Been Violated By Legal Losses

Thursday, March 27th, 2008

Qualcomm was drowned by the issue of e-discovery misbehavior which had an impact on client, though it is a base line to E-discovery. The U.S district court of California issued a warning to the entire corporate litigant’s regarding the electronically stored documents and E-mails in the recent issues of Qualcomm faulty.

In attorney’s misconduct of Qualcomm, the court envisioned in four scenario’s. First is Qualcomm intentionally hid the documents from its retained lawyers, Second is the retained lawyers failed to discover the intentionally hidden documents, third is Qualcomm shared the damaging documents with its retained lawyers to hide the documents and all evidence of Qualcomm early involvement in JTV(Joint video team) or Qualcomm did not tell the retained lawyers about the damaging documents and evidence or the lawyers suspected whether there are other additional evidence regarding the adequacy of the document search and witness investigation.

In monetary sanctions against Qualcomm the court judge avowed to pay all of Broadcom litigation cost around $ 8.5 million along with decisive documents but the Qualcomm refused to produce the documents in this patent violation case and supposed that they did not participate in the standards making. The court directed Qualcomm to have a case review and enforcement of discovery obligations in order to identity the lapse occurred and to prevent e-discovery violation in future with the intention of secreting this key fact, so that they would have the chance of winning and named it as “Intentional discovery infringement.”

This Case review and enforcement of discovery obligation includes in identifying the factors that contributed to the discovery violation, Creating and evaluating the Proposals, procedures that will correct the deficiency, developing and finalizing a comprehensive protocol, evaluating data track systems, software’s and records to identity the potential sources of discoverable documents and any other information that will help prevent discovery violation.

In Qualcomm vs Broadcom, the court sanctioned the Qualcomm and its attorneys for failure to produce key electronic documents which made them remarkably bad and assured the sanctions imposed. The issue between the Qualcomm and Broadcom over the patents gives the clear picture to the corporate parties and the lawyers regarding the obligation to produce and locate the relevant electronic documents.

In the pitfalls of e-discovery, the judge from southern district of California sanctioned Qualcomm and several of its attorneys for failing to produce thousands of responsive documents during its patent suit against Broadcom. Qualcomm lost a decree in a separate patent clash with Broadcom, temporarily averted a ban on imports though it is second largest maker, downgrading its royalist model in this legal battle ignoring their electronic discovery responsibilities.