Cellebrite

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Cellebrite Mobile Synchronization Ltd.
Type Private
Industry  • High tech
 • Telecommunication (Cellular Phones)
 • Data extraction
Founded Petah Tikva, Israel (1999 (1999))
Founder(s) Ron Serber
Yossi Carmil
Headquarters Petah Tikva, Israel
Number of locations 3 Main Offices (2012)
Area served Worldwide
Key people  • Ron Serber (Co-CEO)
 • Yossi Carmil (Co-CEO)
 • James Grady (CEO, Cellebrite USA)
 • Bernhard Pawlak (CEO, Cellebrite GmbH)
Products  • Universal Memory Exchanger based and manufactured on a windows computer (UME)
 • Universal Forensic Extraction Device (UFED)
Services  • Phone-to-phone content transfer and backup
 • Mobile device forensics
Employees +200 (2012)[1]
Parent Sun Corporation
Divisions  • Cellebrite Commercial & Retailers
 • Cellebrite Mobile Forensics
Website www.cellebrite.com

Cellebrite is a privately held company, established in 1999. It manufactures various data extraction, transfer and analysis devices for cellular phones and mobile devices. Its products include specialized hardware and software aimed at acquiring both physical and logical data stored on mobile devices, with the ability to transfer the extracted data to other devices, parse acquired data and analyze content. Cellebrite is headquartered in Petah Tikva, Israel. Its two subsidiary companies, Cellebrite USA Corp. and Cellebrite GmbH are respectively based in Parsippany, New Jersey, US, and Paderborn, Germany. Cellebrite is a fully owned subsidiary of Sun Corporation, a publicly traded company listed on JASDAQ (6736/JQ) based in Nagoya, Japan.

Cellebrite has two separate business divisions: Cellebrite Wireless Carriers & Retailers and Cellebrite Mobile Forensics. The first division, Cellebrite Wireless Carriers & Retailers, produces hardware and software for phone-to-phone data transfer, backup, mobile applications electronic software distribution, and data analysis tools. Cellebrite Wireless Carriers & Retailers products are used by 150 of the world's largest mobile operators, including AT&T, Verizon, Sprint Nextel, T-Mobile, Orange, Telstra, and others; it also claims deployments in more than 100,000 wireless retail points of sale globally, including RadioShack and The Phone House. Cellebrite is the only company that works directly with the handset manufacturers to ensure compatibility before the latest devices are released to the public.[2]

Cellebrite's second division, Cellebrite Mobile Forensics, was established in 2007 and produces software and hardware for mobile forensics purposes used by federal, state, and local law enforcement; intelligence agencies; military branches; corporate security and investigations; law firms; and private digital forensic examiners in more than 60 countries.[2] These include West Yorkshire Police,[3] the Indian Army,[4] French National Gendarmerie,[5] Japan National and Regional Police,[6] and more.

History[edit]

Cellebrite was established in Israel in 1999 by Yossi Carmil and Ron Serber, together with a team of experienced telecom and mobile telephony professionals. Cellebrite's first manufactured hardware and software offered one of the first compressive phone-to-phone data transfer devices and offered contact synchronization and content transfer tools for mobile phones, intended for use by wireless carrier sales and support staff in retail stores.

At first Cellebrite's commercial products were used mostly due to the accelerated migration from IS-95 (CDMA) enabled mobile phones, to the more robust and stable GSM standard. Later, Cellebrite Wireless Carriers & Retailers' core product family – the Universal Memory Exchanger (UME) – was enhanced with additional data extraction and transfer capabilities, as well as additional mobile phone diagnostics, backup, and application management and delivery.

Building on its expertise in data extraction and mobile synchronization technologies, in 2007 Cellebrite established an independent and separated division targeted at the mobile forensics industry. Cellebrite's Mobile Forensics division introduced its first line of mobile forensics products in 2007 under the family brand name 'Universal Forensic Extraction Device' (UFED), which had the ability to extract both physical and logical data from mobile devices such as cellular phones and other hand-held mobile devices, including the ability to recover deleted data and decipher encrypted and password protected information.

Also in 2007, Cellebrite was acquired by FutureDial Incorporated and one of its major shareholders, Sun Corporation in Japan.[7] Today it is a fully owned subsidiary of the Sun Corporation, a publicly traded company on JASDAQ based in Nagoya, Japan.

Products[edit]

Cellebrite wireless carriers and retailers[edit]

For the mobile retail industry, Cellebrite provides a set of gadgets for phone-to-phone content management and transfer, used primarily as a stand-alone device at the Point of Sale (POS), and electronic software distribution, content backup and management used primarily through over-the-air programming (OTA).

The Cellebrite Universal Memory Exchanger (UME) is a standalone phone-to-phone memory transfer and backup machine. It transfers all forms of content, including pictures, videos, ringtones, SMS, and phone book contact data. The Cellebrite UME Touch and its predecessor, the UME-36, can intermediate information between a wide range of mobile phones, smartphones and PDAs, and support all mobile operating systems, including Symbian, Windows Mobile, Palm, BlackBerry, iOS and Android.[8]

At its core, Cellebrite's UME standalone device acts as a universal data channel between two mobile devices. It extracts, reads and parses data from a source mobile device and transfers it on-the-fly to a target device without storing any data on the UME device itself. The UME can automatically determine the types of phones which are connected to it, and can re-structure the data on the fly according to the source and target phone's storage formats and data fields.

In addition to its Apploader and Device Analytics tools, in May 2012 Cellebrite introduced several new retail products and services, including a POS diagnostics tool, a cell phone buy-back program integration with its UME Touch, and a self-service point.[9]

Mobile forensics products[edit]

In 2007 Cellebrite announced a new line of products aimed at the digital forensics and investigation industry. These products were introduced under the series brand name of 'Universal Forensic Extraction Device' (UFED). The UFED system is a handheld device with optional desktop software, data cables, adapters and other peripherals; it does not require any PC software in-order to perform its tasks, although it is packaged with report management and analysis software. The UFED additionally has an integrated SIM reader, along with wireless connection options such as IrDA and Bluetooth. In its ruggedized form, with a reinforced case and rigid Electronic packaging, it can be used for in-field data extraction and analysis under adverse conditions.

Unlike its commercial counterpart, the UME, the UFED system is sold only to approved government and corporate organizations.[10] Also unlike the UME, the UFED extracts mobile device data directly onto an SD card or USB flash drives (although it does not store data within its own memory). Another major difference from the UME is found in the UFED's ability to break codes, decipher encrypted information, and acquire hidden and deleted data. This last ability earned the UFED appearances in two episodes of the TV series CSI: NY.[11][12] Additionally, the UFED has been named "Phone Forensic Hardware Tool of the Year" for four years running in the industry-renowned Forensic 4cast Awards.[13]

The UFED reportedly has the widest coverage available in the mobile forensics market, with the ability to extract data from nearly 8200+ devices as of June 2012.[14] These include smartphones, PDA devices, cell phones, GPS devices and tablet computers. The UFED can extract, decrypt, parse and analyze phonebook contacts, all types of multimedia content, SMS and MMS messages, call logs, electronic serial numbers (ESN), International Mobile Equipment Identity (IMEI) and SIM location information from both non-volatile memory and volatile storage alike, in multiple international languages including Middle Eastern and European languages.[15] The UFED supports all cellular protocols including CDMA, GSM, IDEN, and TDMA, and can also interface with different operating systems' file systems such as iOS, Android OS, BlackBerry, Symbian, Windows Mobile and Palm as well as legacy and feature cell phones' operating systems.

The UFED enables its user to retrieve subject data via logical ("what you see is what you get"), file system (e.g., directories and files), or physical extractions (i.e.: hex dump, a bit-for-bit copy of a mobile device's entire storage). Physical extraction enables it to recover deleted information, decipher encrypted data, acquire information from password protected mobile applications such as Facebook, Skype, WhatsApp and browser-saved passwords. The UFED's physical extraction functionality can also overcome devices' password locks, as well as SIM pin numbers.

The UFED series comes in three distinct flavors:

  • UFED Ultimate (previously known as UFED Physical Pro) incorporates the abilities of all the other UFED versions, allowing for physical, logical, user password and file system extractions, data extraction of existing, hidden and deleted data, decipher lock codes and access and decode internal application data including: International Mobile Subscriber Identity (IMSI) history, past SIM cards used, user lock-code history and more.[16] An add-on device, UFED CHINEX, offers physical extraction and decoding for Chinese mobile phones.[17]
  • UFED Physical Analyzer is a software package that comes with the UFED Ultimate. It is meant to decode and parse physical mobile device images. It also allows for direct physical data extraction from various iOS devices, such as: iPhone, iPad 1 and iPod.[18] In 2012, UFED Physical Analyzer was awarded "Phone Forensic Software of the Year" in the Forensic 4cast Awards.[19]
  • UFED Logical allows for logical data acquisition from smartphones, feature and legacy phones.[20]

In June 2012 Cellebrite introduced a new touch-screen package for its UFED Ultimate and UFED Logical systems: UFED Touch.[21]

While there are several different products that can acquire data from cell phones, Cellebrite UFED units are often preferred by law enforcement agencies, as the units are self-contained and fairly simple to operate. The National Institute for Standards and Technology tested Cellebrite UFED twice as part of its ongoing Computer Forensics Tool Testing Project. The first test, of UFED 1.1.05, took place in September 2009;[22] the second test, of UFED 1.1.3.3 and UFED Report Manager 1.6.5, took place in October 2010.[23] Both tests concluded that the UFED versions under review performed, with few exceptions, within NIST's standards for smartphone forensic devices.

Smartphone forensics[edit]

Cellebrite is among the mobile forensics vendors best known for their support of physical and file system extractions for major smartphone platforms including Apple iOS,[24] BlackBerry, Android, Symbian, and Nokia BB5.

Cellebrite claims to have been the first in the mobile forensics industry to have achieved a number of smartphone forensic breakthroughs. These include physical extraction and decoding of BlackBerry flash memory (going beyond mass storage or IPD backups), Android user/pattern lock bypass for physical extraction and decoding, physical extraction from phones with Chinese chipsets (including MediaTek and Spreadtrum), TomTom GPS trip-log decryption and decoding, and other research and development.

Forensic data integrity[edit]

Cellebrite purports to maintain the integrity of digital evidence via proprietary technology:

  • All cable connectors from subject (source) side act as a write blocker, being read-only via the onboard hardware chip set.
  • Although a Faraday shielded bag, included in all ruggedized UFED kits, blocks external electromagnetic fields and wireless radio signals, the UFED has a SIM card cloning capability which also isolates the phone from the wireless network.
  • Read-only boot loaders, developed in-house rather than being based on flasher box technology, keep data from being altered or deleted during a physical extraction.

Controversy[edit]

In April 2011, the Michigan chapter of the American Civil Liberties Union questioned whether Michigan State Police (MSP) troopers were using Cellebrite UFEDs to conduct unlawful searches of citizens' cell phones.[25] Following its refusal to grant the MCLU's 2008 Freedom of Information Act request unless the organization paid $544,000 to retrieve the reports, MSP issued a statement claiming that it honored the Fourth Amendment in searching mobile devices.[26]

References[edit]

  1. ^ "Cellebrite UFED Extends Forensic Capabilities to Android Mobile Devices". PR Newswire. Retrieved October 24, 2011. 
  2. ^ a b "Cellebrite Customers". Cellebrite. Retrieved June 8, 2012. 
  3. ^ "The mobile phone kit which trapped a killer". The Beat. Retrieved July 19, 2012. 
  4. ^ "Indian Army Boosts Mobile Intelligence Capabilities with Cellebrite's Mobile Forensics Platform". Cellebrite. Retrieved July 19, 2012. 
  5. ^ "The French Gendarmerie Nationale Chooses Cellebrite's Mobile Forensic Devices for its N-TECH Investigators". Cellebrite. Retrieved July 19, 2012. 
  6. ^ "Japan's National and Regional Police Chose Cellebrite's UFED for Mobile Forensic Operations". Cellebrite. Retrieved July 20, 2012. 
  7. ^ "FutureDial and Sun Corporation Acquire Cellebrite". ThomasNet. Retrieved July 19, 2012. 
  8. ^ "Data Transfer, Backup and Restore". Cellebrite. Retrieved July 19, 2012. 
  9. ^ "Cellebrite Empowers Retailers With New Point-of-Sale Tools at CTIA 2012". MarketWatch. Retrieved June 15, 2012. 
  10. ^ Osborne, Charlie. "For investigators, a better way to extract data from mobile devices". SmartPlanet.com. Retrieved July 19, 2012. 
  11. ^ "Cellebrite UFED on CSI:NY". Retrieved July 19, 2012. 
  12. ^ "cellebrite UFED on CSI: NY (again!)". Retrieved July 19, 2012. 
  13. ^ Whitfield, Lee. "Forensic 4cast Awards 2012 – Results". Retrieved July 19, 2012. 
  14. ^ "UFED 1.2.0.0 Release Notes". Cellebrite. Retrieved July 19, 2012. 
  15. ^ Hoog, Andrew. "Chapter 3. Cellebrite UFED". viaForensics. Retrieved June 8, 2012. 
  16. ^ "UFED Touch Ultimate". Cellebrite. Retrieved July 19, 2012. 
  17. ^ "Cellebrite Launches UFED CHINEX". PR Newswire. Retrieved July 19, 2012. 
  18. ^ "UFED Physical Analyzer". Cellebrite. Retrieved July 19, 2012. 
  19. ^ Forensic 4cast Awards 2012 – Results at Forensic 4:cast
  20. ^ "UFED Touch Logical". Cellebrite. Retrieved July 19, 2012. 
  21. ^ "Cellebrite Launches UFED Touch: a Faster, More Field-Ready Mobile Forensics Solution". MarketWatch. Retrieved June 12, 2012. 
  22. ^ "Test Results for Mobile Device Acquisition Tool: Cellebrite UFED 1.1.05". NIST. Retrieved June 8, 2012. 
  23. ^ "Test Results for Mobile Device Acquisition Tool: Cellebrite UFED 1.1.3.3 – Report Manager 1.6.5". NIST. Retrieved June 8, 2012. 
  24. ^ Cellebrite UFED at ViaForensics
  25. ^ Sullivan, Bob. "Gadget gives cops quick access to cell phone data". MSNBC. Retrieved April 21, 2011. 
  26. ^ Heussner, Ki Mae. "Michigan Police Use Device to Download Cellphone Data; ACLU Objects". ABC News. Retrieved June 8, 2012. 

External links[edit]