Monday, January 20, 2020

Cellebright has acquired BlackBag Technologies

I am excited to share with you that Cellebright has acquired BlackBag Technologies, the industry leader in Computer Forensics for access and analysis solutions.

The acquisition further extends Cellebrite’s leadership position, as the premier provider of integrated Digital Intelligence Solutions and expands a commitment to be your "one-stop-shop", capable of meeting the most challenging digital investigation needs. This merger allows Cellebrite to accelerate the delivery of new Digital Intelligence Solutions and services maximizing the efficiency and accuracy of digital investigations for you.

Cellebright's portfolio of Digital Intelligence Solutions, with the addition of BlackBag Technologies, will offer innovative forensic acquisition and analysis tools for Windows, macOS, iOS and Android-based devices, which empowers K&R Digital Media to access, manage, and leverage digital data to the fullest potential.

I invite you to learn more about how K&R Digital Media can assist you to address your digital investigation needs.

Thursday, January 9, 2020

Cellebrite iOS Breakthrough

Cellebrite iOS Breakthrough
December 4, 2019 | By: Roey Arato | UFED Product Manager at Cellebrite
Every now and then, there is an iOS forensic breakthrough that is truly impactful. Using the new “checkm8” access point, forensic examiners will now be able to gain lawful access to iOS devices to extract more digital evidence.
This powerful access point applies to all iPhone models, from iPhone 4S through the iPhone X, and it occurs in some 85 percent of all active iPhones today. Even though it does not apply to the more recent iPhone XR/XS/11/Pro, it can be used for iPads and Apple TVs running A5-A11 SoCs.
This can be leveraged to develop a “jailbreak,” which is a solution used for removing restrictions imposed by the operating system in order to allow 3rd-party software to run with arbitrary permissions.
A few weeks ago, a group of researchers released the first version of a new jailbreak based on the checkm8 exploit, named “checkra1n.” Although the project is still in the beta stage, many users have reported success with it.
Full file system extraction can provide much more data than a logical extraction. This includes critical data such as full e-mails, 3rd party app data, as well as passwords, keys, and tokens stored in the “KeyChain.” Furthermore, a limited BFU (Before First Unlock) data set can be extracted from locked devices. This data can provide vital information to investigators.
The Cellebrite UFED team is working quickly to provide users with support for the above-mentioned scenario. This will be included with the launch of our iOS extraction agent in an upcoming release. The team is committed to providing a comprehensive, forensically-sound solution that adheres to Cellebrite’s high standards, is fully tested, and is admissible in court. This solution will not require any external computer and will directly apply checkm8, without needing a jailbreak or file system modifications.