Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Nowadays more than 80 % of devices in digital forensics labs are tablets, smartphones and phones. This is the reason why mobile forensic hardware prices are a very actual problem. An average price for top mobile forensic hardware (for example, Cellebrite UFED or Micro Systemation XRY) is in the area of 9 000 $ (some kits can cost up to 20 000 $). License renewal for such hardware costs in the area of 3 000 $. And what do users get for this huge amount of money? Let’s try to find out.
Figure 1. Cellebrite UFED Touch
All mobile devices coming to digital forensics labs can be divided in three groups: the first two groups are iOS and Android devices, and the third – some older phones.
Usually, these are old phones. The main problem is – these devices are not actual ones for mobile forensic hardware developers. For example, Cellebrite can extract data from some devices on the physical level, but this dump can’t be parsed, and, what is more, due to the fact that these devices are old we’ll barely get the updates for software to be able to parse them.
In such situation MOBILedit! Forensic (Compelson Labs) can be very useful. It supports lots of old mobile phones, which are not supported by other vendors. What is more, the price for this piece of software is quite affordable.
Figure 2. MOBILedit! Forensic
Also, we should mention Chinese phones here. These are phones based on MediaTek, Spreadtrum, Infineon chips. Usually top mobile forensic hardware developers offer support for Chinese phones as an additional option. But for the price of such option you can buy a standalone solution, for example, Tarantula (EDEC). Also some cheaper solutions for Chinese phones can be found, for example, at Ebay.
Figure 3. Tarantula
Top mobile forensic hardware supports devices running 3rd and 4th versions of Android OS very well. But data extraction from such devices is not a problem for a mobile forensic examiner, even if he or she doesn’t have this expensive equipment. You can perform physical extraction from such devices even with dd [1].
Due to security issues, it’s very difficult to extract data from devices running 5th and 6th versions of Android OS, especially perform a physical extraction.
There was a case in our lab, during which we needed to recover deleted data from HTC One smartphone. The device had a locked bootloader, so it couldn’t be rooted. If we tried to unlock the bootloader, the user data would have been destroyed. Top mobile forensic hardware was not able to solve the problem. To perform physical imaging we used a flasher which cost us just 99 $.
For parsing of the dump you can use both free (FTK Imager [2], SQLite Viewer, NowSecure Forensics CE [3]) and commercial tools (Belkasoft [4], Oxygen Forensic [5]), which cost less.
Figure 4. Oxygen Forensic
Top mobile forensic tools usually offer solutions for locked devices, but for limited models only. Flashers support wider range of mobile devices and allow a mobile forensic examiner to overcome all types of locks.
Of course, developers try to hide this fact, but data from iOS devices is extracted via iTunes backup procedure. There are no other methods of data extraction from modern iOS devices. And, of course, top mobile forensic software and hardware vendors could offer you some «advanced logical» method, but only if the examined device is jailbroken – and you barely get such device for examination. For example, our lab got no such devices in recent 5 years. That’s why the best tool for iOS forensic should be judged not for its extraction capabilities, but for its ability to parse iTunes backups. And there are some very good pieces of software (Belkasoft [4], Oxygen Forensic [5]) which cost less. The thing is – iTunes backup can be performed by iTunes or some open source tools, for example, libmobiledevice.
Top mobile forensic tools can help to unlock some devices (there are also advanced solutions available in Cellebrite lab) running iOS 7 or 8, but you can use IP Box for it, for example, and it costs just 100 $ at Ebay.
Ten years ago, when we had to use an individual approach for examination of almost every phone model, having all-in-one expensive forensic tool was reasonable, but not now. Today you can pay 300-400 $ for hardware (a flasher and a few JTAG adapters) and 1000-2000 $ for software and your forensic lab gets more powerful equipment than top mobile forensic hardware. Data from most mobile devices running Android or Windows Mobile can be extracted via JTAG technique, for others you can use chip-off. Of course, adapters for chips are expensive, but its range isn’t very wide – there are around 6 main chip carrier types.
1. Physical acquisition of a locked Android device
2. AccessData Current Releases
3. NowSecure Forensics community edition
4. Belkasoft evidence center
5. Oxygen Forensic
Igor Mikhaylov
Interests: Computer, Cell Phone & Chip-Off Forensics
Oleg Skulkin
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
And though sexual acts are still for the discretion of the involved individuals nowadays, public displays of nudity are vieewed absolutely unacceptable--even wearing shorts and a tank top is questionable in some areas and establishments. Everyone could have their very own threshold, nevertheless forr us greater few times per hour is way too much. They simply do not have the resources in order to meet the customer's needs and their reputations are sufferingg as a result.
And though sexual acts are still for the discretion of the involved individuals nowadays, public displays off nudity are viewed absolutely unacceptable--even wearing shorts and a tank top is questionable in somne areas and establishments. Everyone could have their very own threshold, nevertheless for us greater few times per hour is way too much. They simply ddo not have the reources in orde to meet the customer's needs and their reputations are suffering aas a result.
And thlugh sexual acts are still for the discretion of the involved individuals nowadays, public displays of nudity are vieewed absolutely unacceptable–even wearing shorts and a tank top is questionable in some areas and establishments. Everyone could have their very own threshold, nevertheless for us greafer few times per hor is way too much. They simply do not have the resources in order to meet thhe customer’sneeds and their reputations aare suffering as a result.
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now