Cellebrite Advanced Services Solves the Toughest Encryption Problems for Apple and Android Devices

By: Joanna Shemesh

Cellebrite Advanced Services (CAS) labs provide worldwide support for unlocking and extracting data from all Apple iOS devices up to iOS 12.4.2, and high-running Android devices including Samsung S10, S10e, and S10+.

Physical extraction has been the ideal method for extracting data from mobile devices for quite some time. Not only does this approach provide access to digital data, but it can also quickly reveal unallocated space or blocks that contain deleted data, which can deliver significant insights to investigations.

Today, smartphone vendors continue to develop smarter and more protective features that ensure a user’s ‘data privacy’ will remain highly secure. More and more popular Android and iOS powered devices are being developed with built-in encryption mechanisms. When these features were first introduced, they posed a challenge for forensic examiners. In 2015, Android began its transition to default Full Disk Encryption (FDE) as part of the standard ‘out-of-the-box’ experience.

As sophisticated security methods and mobile device encryption progress, forensic examiners are facing even greater data-access challenges.

So, what do you do when you come across an encrypted device that cannot be bypassed? Do you post a question in an online forum and hope for the best when the community responds?

“That’s exactly what many practitioners do,” says Shahar Tal, Vice President of Cellebrite’s Security Research Labs. “If you review the forum posts on any given day, you will likely see several questions dealing with encryption problems. Common queries go something like this, ‘I’m examining Model X. I tried Cellebrite tools, but the Security Patch Level was too recent.’ Others might ask, ‘This device has Secure Startup enabled. Any known solutions?’ Many times, those commenting on the post will say, ‘Cellebrite Advanced Services [CAS] is the only known solution.’”

Unleashing the Power of Cellebrite Advanced Services

As a pioneer in digital forensics, Cellebrite’s deep understanding of digital devices and their operating systems has spurred innovations that now deliver multiple, forensically sound methods to access even the most secure devices.

“No other vendor comes close to the level of support we provide for bypassing locked devices for the most challenging cases,” Tal said. “Take, for example, Secure Startup, which is an encryption mode. Two years ago, we were the first in the world to offer support for that feature. To this day, no other vendor has managed to support it.”

In an assault case in the UK, examiners were confounded by a locked device that could not be accessed via conventional methods. The device was sent to Cellebrite’s Advanced Services lab in the UK where forensic experts gained access to the phone by disabling its pattern-lock function. Once they tapped into the device, investigators were able to find incriminating evidence that put a suspect behind bars.

Successful methods for accessing data can vary widely depending on the vendor, device model, or even between hardware combinations of similar models.  For this reason, certain capabilities have been kept private. Watch the webinar – Leading Investigators Obtained Evidence From Encrypted Mobile Devices – to hear Cellebrite experts and industry partners discuss encryption-related, digital-forensics challenges and solutions.

“With CAS, we have consistently offered industry-leading capabilities that our research labs develop,” Tal confirmed. “Most of the breakthroughs are still exclusively offered by Cellebrite to this day.”

Solving Your Most Demanding Digital Forensics Challenges

With Cellebrite Advanced Services, our sole focus is to provide “best-in-class” services to overcome the extraction complexities amongst market-leading iOS and Android devices including:

  • All iOS devices up to iOS 12.4.2
  • Samsung S10, S10e, S10+, S9, S9+, Note 9, S8, S8+, Note 8, S7, S7+, Note 7, J2, J3, J6, J7, A5, A7, A8
  • Huawei: P8 Litem P10 Lite, P20 Lite, Honor Note 10, Mate 9, Mate 10, Y7, Nova 2, Nova 3, Honor Magic 2, Enjoy 8 Plus
  • LG: G5, Nexus 5x, V20, V33 Qua, M327, G6

Using cutting-edge and forensically-sound methods developed at our core Cellebrite Security Research Labs, we partner with agencies around the world to help advance investigations and overcome the growing backlog and toughest challenges to mobile device data extraction.

Located in 10 forensic labs worldwide, our team of digital forensic experts bypass the toughest locks on the latest Android and iOS devices, providing insights and guidance for major investigations that assist in solving operational, technical, and procedural forensic challenges. Find out more about how CAS can help solve your toughest challenges.

Digital Forensic Community