Forensics on cell phones

Inside and outside government,
professionals increasingly carry
data on their cell phones, including
e-mail messages, documents,
videos and instant messages.
And there are those '
such as law enforcement officers,
some employers and, yes,
hackers ' who want to get at
that data without the owner's
permission.

Until recently, however, the
tools to do that
weren't available.
A handful
of PC-based
programs have
been able to extract
data from selected cell
phone models, but special
challenges face those who deliver
powerful forensic tools.

The biggest one is that there
are hundreds of models of cell
phones, with manufacturers
adding dozens of new ones
each year. And all those models
employ a wide array of
BIOS versions, operating systems
and software.

The other nut to crack is
portability. Cell phones are, of
course, extremely portable.
But if you need to plug one
into a computer equipped
with forensic software, extracting
data in the field or
without the owner's knowledge
can be problematic.

Cellebrite Mobile Synchronization
has introduced a solution
in the form of its Universal
Forensic Extraction
Device (UFED).

Cellebrite has been in the
business of cell phone data
transfer for the past 10 years.
When you buy a new phone
and the store transfers your
data from your old phone, it's
almost certain they're using
Cellebrite's equipment.

Now the company has packed
its tools into a handheld
device for data extraction in the
field. The $4,000 kit includes
the UFED, cables for connecting
the device to more than
1,200 supported phone models
and software for generating reports
of the extracted data.

The UFED can extract a variety
of information from most
cell phones, including contact
lists, photos, videos, text messages,
call logs, electronic serial
numbers and International
Mobile Equipment Identity
data. What makes the UFED
unique ' apart from its
portability ' is its support for
such a broad array of cell
phones, said Jason Rogers,
vice president of sales at
Cellebrite USA.

'We are getting the handsets
usually three to four months
prior to retail launch,' Rogers
said. 'When a new phone
comes out, we have to develop
the software and/or the cable
to have it supported.'

The data extraction takes
about 10 seconds, and the
UFED can export the data to
a Secure Digital (SD) card, an
attached flash drive or a PC.
The UFED, like its counterparts,
has some limitations.

For starters, although it can
extract some deleted text data
from SD cards, it cannot extract
deleted information from
cell phone data storage. Rogers
said that capability should be
available in two to three years.
And there is nothing except
the price tag to prevent amateur
detectives and hackers
from using the UFED for their
own purposes. Rogers said it
is company policy to sell the
device only to government
customers and corporations,
but they have to take the customer's
word for that.

'You have to hope they're
going to be honest with you,'
Rogers said.

About the Author

Patrick Marshall is a freelance technology writer for GCN.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above