The next software platform we are going to explore as part of our S.O.S. series is Cellebrite. Cellebrite exists to take your investigations to the next level with the digital intelligence (DI) suite that streamlines your entire investigative workflow. Cellebrite is most know for its use in mobile data extraction.
According to an October 2019 article published by Privacy International, entitled "A Technical Look at Phone Extraction", Cellebrite is a global leading digital forensics company popular with government agencies and is one of the most well-known commercial companies selling their products to law enforcement. It goes on to explain that Cellebrite’s physical extraction capability accesses the additional data layers, in both allocated and unallocated space, that construct the phone’s physical memory. These layers include three different groups of content pertinent to investigators and forensic examiners:
“Logical” content unavailable through API (e.g. call logs on smartphones and feature phones)
Deleted content
Content that the phone collects without any user action (and sometimes without user knowledge). For example: wi-fi networks, GPS locations, web history, email headers and EXIF data on images and system data.
Using Cellebrite, data can be extracted along with other sources of critical information, such as online activity from email and social media accounts. These sources can then be filtered, compared and analyzed using artificial intelligence and machine learning to generate actionable insights, such as locations. Extracted data can be combined with data from public sources, such as websites or social media accounts, to find crucial information and make comparisons. Digital Forensic Examiners can then use the combined data to build profiles of attackers, their contacts, and members of wider terror cells. The data can also create timelines of events, helping investigators determine exactly what has happened and compile the right evidence for a prosecution or defense.
As technology continues to advance, Cellebrite continues in their innovation. Some of their latest releases and updates include:
December 2020 - Chat Capture, a new collection method that enables users to grab screenshots from any Android device. Using a fully automated flow, users can collect specified chat conversations, from both WhatsApp and Signal applications, as well as information about the chat participants such as name, phone number, and more. Data from other applications can be captured using the chat capture “Generic” mode. Read more...
November 2020 - Cellebrite Physical Analyzer 7.40, presenting a new Media Classification capability. When investigating massive amounts of data, users can detect and categorize images and video frames related to key categories with just a push of a button. The Media Classification capability uses machine learning to automatically identify media files related to key categories such as child exploitation, weapons, money, drugs, nudity, and more. Users can quickly identify persons of interest with advanced person recognition and categorization capabilities.
October 2020 - Cellebrite Physical Analyzer 7.39, which dramatically reduces the amount of time needed to review images with the new Image Classification engine in Cellebrite Physical Analyzer 7.39. The new Image Classification capability can flag suspicious images and find photos of a person or an object of interest with just a push of a button. Using machine learning, the Image Classification capability, automatically detects and categorizes images in multiple categories: Cars, Credit cards, Documents, Drugs, Face, Photo ID, Flags, Handwriting, Maps, Money, Nudity, Tattoos, Weapons, and Suspected CSA (Child Sexual Abuse). Read more...
Recently, Cellebrite also announced their newest product, the Digital Collector, slated to come out early this year. This is a powerful and complete triage and data collection tool for Windows and Apple computers. Formerly branded as BlackBag’s popular MacQuisition product, the upcoming release includes all the popular features their customers have grown to depend on, now available for Windows as well, plus additional capabilities making Digital Collector the most comprehensive computer forensics tool in the industry. The new solution is designed for investigators/forensic examiners who need to complete a quick triage, live data acquisitions and forensic imaging, without the need for multiple solutions. Digital Collector will be crucial for examiners working on cases ranging from corporate IP theft, financial crimes, child exploitation and trafficking, planned terrorist attacks and more.
The upcoming release of Digital Collector will deliver the first in several new computer access and analysis capabilities scheduled to be introduced by Cellebrite throughout the first half of 2021. Future updates will focus on ease of use, remote collection capabilities and API integration with existing Cellebrite Digital Intelligence solutions.
To view the entire line of Cellebrite products in their Digital Intelligence Solution Suite or watch a quick video, click here. Here at Key Forensics, we are a proud partner of Cellebrite, who enables us to capture insights in today’s complex, digital world. Their digital intelligence platform provides a complete and objective picture of evidence, empowering us to help you solve and close cases faster than ever.