Cell Forensics Extraction Tools
Written by daniel.solid Friday, 25 December 2009 12:40
In a previous article, we laid out a brief case for why cell forensics are valuable for law enforcement – even on the local PD level. We essentially pointed out that if you are not collecting cell forensics from your suspects, then you are missing a serious opportunity to close cases. But more than just collection, we said that it is important to do something with the data in the form of analysis in the context of the rest of the case data.
What was once a very challenging forensic task has become easier with the development of push-button cell forensic extraction devices. We will recommend several of these cell forensic extraction devices – some that cost, but also many that are free.
Manual Data Extraction
The manual extraction of cell forensic data is a tedious, time consuming process. There is very little training available. In addition, the amount of customized hardware and tools required present challenges for even the most seasoned professional technicians.
Over in the UK, analysts are disassembling the phones and pulling data directly off of the data boards themselves; so, we know the manual approach can work. But I would submit that in light of rapidly advancing extraction toolset available, manual analysis is no longer yields the best time to results ratio.
Automated Extraction Tools (free)
There are sites on the web that offer free tools for an investigator to use to perform cell forensics. Many times, these tools are limited and focused a small set of phones – but can be useful nonetheless. One tool is Bitpim. BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers.
Another free tool focused on Blackberry devices can be found BlackBerry.com. The user can download the Blackberry Device Manager and back-up any Blackberry device. The back-up file is in a proprietary format (IPD) and extracts some very useful forensic data including call records, SMS, emails (including all content) and calendar events. An IPD file can be converted to a useable format by using another tool – ABC Amber Blackberry Converter. It is not free, but only costs $19.95 for the tool.
Automated Extraction Tools (cost)
- The Cellebrite UFED (Universal Forensic Extraction Device) automatically extracts and parses data from over 2,000 different cell phones, including CDMA phones (like the ones that run on Verizon and Sprint) and GSM phones (AT&T & most international carriers). That is 95% of all phones in existence. Their new UFED Physical Pro model also allows investigators to access deleted content.
- Another significant tool widely used is the Micro Systemation’s XRY/XACT. Touting support for almost 1000 phones including the new Android, this cell forensic tool is becoming a must for investigators.
- Susteen / Data Pilot’s Secure View is a unique hand-held computer that allows the user to both extract forensic data and do basic analysis
But in the next article on analysis, we will move beyond extraction. We will look at some cutting-edge investigation software that imports and analyzes the call records, phone books, text messages, emails, and more with the push of a button.
New post: Cell Forensics Extraction Tools (http://cli.gs/8Qv5E)
Cell Forensics Extraction Tools | Solid Forensics http://bit.ly/4BUkq4
Post Edited: Cell Forensics Extraction Tools (http://cli.gs/8Qv5E) http://cli.gs/8Qv5E