Expedient Field Extraction for Mobile Devices is on the Rise

Cloud Forensics and the Challenges It Brings in Litigation
January 12, 2015
In the Spotlight: Digital Forensics and Cellebrite
March 3, 2015
Show all

Expedient Field Extraction for Mobile Devices is on the Rise

mobile device Most people today have some type of mobile device that they carry with them on a regular basis. It’s typically some type of smartphone, but it could be a tablet or other computing device as well. With so many people using mobile devices, it has been difficult for some in law enforcement to obtain evidence from these devices effectively and in a timely manner. Another issue is that the proliferation of these devices is making it difficult for many of the computer forensics labs out there to keep up with the demand. The state and federal agencies only have so many labs and resources they can provide.

Fortunately, it’s possible to investigate and extract information in the field today thanks to some of the new tools on the market. Many investigators are able to conduct expedient field extraction of data as part of the execution of a search warrant, search incident to arrest, or when provided consent to search. The goal is, and always will be twofold. The investigators want to collect data that they can use as evidence in court. They also want the ability to conduct fast investigations that let them examine items “on the frontline.”  It makes it faster and easier for investigators to see which avenues deserve a deeper investigation. It can also help to focus an investigation in the right direction so the authorities do not waste time.

Great New Software Available

How are so many departments able to conduct investigations in the field without needing to rely on a robust forensics lab? New technology is helping to make things much easier for everyone except the criminals. Cellebrite recently released a software update for their UFED, Universal Forensic Extraction Device. The latest update gives the user more administrative support at a much finer level and allows for better quality extraction of data from mobile devices.

The administrators are able to create profiles and then assign permissions for data extraction, making it possible for supervisors to manage field personnel who are extracting data while on the job. This ensures that they will only be able to access data that is within their legal authority, ensuring they do not do anything that could damage the investigation or case inadvertently.

By using the permission management system, it allows forensics departments to allow investigators to expand their capabilities. They can ensure that users who do not have a reason to bypass user locks or access some types of data will not have access, but that they can still complete minor investigations when necessary. This can potentially cut down on the amount of devices that ultimately have to go to a forensics lab. It ensures the collection of evidence is entirely lawful, and that it does not go beyond the scope of the courts.

It is possible for the administrators to create such granular changes in the system to allow permissions based on the role the investigator fulfills. For example, they could have a permission set for general evidence collection, specialists, and certain types of cases and incidents. Users could, perhaps, have access to current data on a device, but not to deleted data, or they may only be able to examine certain types of data, such as text messages, but not videos or images. The possibilities when it comes to the permissions allowable in this new update are nearly limitless.

Approximately 44% of investigators are now retrieving evidence from mobile devices while in the field. This software, and other new technologies on the horizon, are making it easier and helping to reduce the strain on state & federal forensic labs.