±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 34485
New Yesterday: 1 Visitors: 130

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

How to validate a cellebrite extraction

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 7:42 am

Seeking advice on how to validate a Cellebrite extraction using Physical Analyzer.  

CCSO
Member
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 9:56 am

You can see if you can get the same results with a different tool.
www.forensicmag.com/ar...c-examiner

or you can reach out to Cellebrite to see if they have any documentation.
www.cellebrite.com/en/...-services/
I'd be interested in that!

John  

jahearne
Member
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 10:03 am

Thanks John. Thats what I do now by using a different tool to compare. I was hoping someone here would be able to provide a link that shows cellebrite way.
I can't find any webinar or instructional video!  

CCSO
Member
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 10:07 am

I'll see what I can find...  

jahearne
Member
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 1:39 pm

If you go to NIST website, they actually validation tools that you can use. You can find the tools and other helpful guidelines (US) here:

www.nist.gov/itl/ssd/s...ogram-cftt

The Scientific Working Group on Digital Evidence (SWDGE) also has guidelines for how to best perform validation. In addition to NIST, they also suggest validation tools from and Defense Cyber Crime Institute (DC3) tools located here:

www.dc3.mil/technical-...alidations

Hope this was helpful  

bostoncelltech
Newbie
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Tue May 15, 2018 1:46 pm

Also for additional verification/validation, Cellebrite lists the hash values for each new release of the software with the release notes that they send to your email when advising you of the new release. You should also be able to find that stuff on mycellebrite.com and access your account-support.

NIST also has the following reference material on validation/verification that you can review:

Mobile Device Test Tool Assertion and Test Plan

And in 2016 Homeland Security produced their own report regarding validation test results (benchmarking I guess) for UFED4PC v4.2.6.5. Obviously it is a couple of years old but nonetheless should bolster any assertions you may make regarding the tool itself.  

bostoncelltech
Newbie
 
 
  

Re: How to validate a cellebrite extraction

Post Posted: Wed May 16, 2018 8:45 pm

I took the cellebrite training course and during the training they let you know that cellebrite collections are not forensically sound.

Depending on the type of the extraction method it could be storing the md5 hash just in the XML and the files are all loose and can be meddled with on the destination media.

My instructor recommended putting the extraction into a forensic image format (ad1 or l01) , use a different tool and compare, hand scroll method .

Let me know if you have any further questions I can look in the books they provided for their documentation on a subject.  

cs1337
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next