Difference between pages "Residual Data on Used Equipment" and "Cellebrite UFED"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Newsworthy Used Hard Drive Stories)
 
 
Line 1: Line 1:
Used hard drives are frequently a good source of images for testing forensic tools. That's because many individuals, companies and organizations neglect to properly sanitize their hard drives before they are sold on the secondary market.
+
The Cellebrite 'Universal Forensic Extraction Device' , or UFED, is a unique and very cost effective mobile phone forensic device that is completely stand alone.
 +
  
You can find used hard drives on eBay, at swap meets, yard sales, and even on the street.  
+
As of September 2008, the UFED is compatible with 1,625 mobile phones (including GSM, TDMS, CDMA), with the standard package containing 66 different phone cables. Wireless connection options are also integrated into the UFED, such as IR and Bluetooth.
  
  
=Newsworthy Used Hard Drive Stories=
+
Using the MD5 Hash Algorithm, retrieved data includes:
  
There have been several incidents in which individual have purchased a large number of hard drives and written about what they have found. This web page is an attempt to catalog all of those stories in chronological order.
+
 +
– Phonebook
 +
 +
– SMS and MMS messages
  
* '''2003-01''': [[Simson Garfinkel]] and Abhi Shelat at MIT publish a study in ''IEEE Security and Privacy Magazine''  which documents large amount of personal and business-sensitive information found on 250 drives purchased on the secondary market.
+
- SIM data
  
* '''2006-06''': A man buys a family's hard drive at a fleamarket in Chicago after the family's hard drive is upgraded by Best Buy. Apparently somebody at Best Buy violated company policy and instead of destroying the hard drive, they sold it. [http://www.youtube.com/watch?v=pcyemfJ5H3o&NR Target 5 Investigation]
+
- SIM cloning
  
* '''2006-08-10''': The University of Glamorgan in Wales purchased 317 used hard drives from the UK, Australia, Germany, and the US. 25% of the 200 drives purchased from the UK market had been completely wiped. 40% of the purchased drives didn't work.  40% came from businesses, of which 23% contained enough information to identify the company. 5% had business sensitive information. 25% came from individuals, of which many had pornography, and 2 had to be referred to the police for suspected child pornography.
+
- Multimedia (images, videos, audio, ect.)
  
* '''2006-08-14''': [http://news.bbc.co.uk/2/hi/business/4790293.stm BBC News] reports on bank account information recovered from used PC hard drives and being sold in Nigeria for £20 each. The PCs had apparently come from recycling points run by UK town councils that are then "recycled" by being sent to Africa.
+
- Date and Time stamps
  
* '''2006-08-15''': Simson Garfinkel presents results of a study of 1000 hard drives (750 working) at the 2006 Workshop on Digital Forensics. Results of the study show that information can be correlated across hard drives using Garfinkel's [[Cross Drive Analysis]] approach.
+
- Deleted data
  
* '''2007-02-06''': [http://www.fulcruminquiry.com Fulcrum Inquiry], a Los Angeles litigation support firm, purchased 70 used hard drives from 14 firms and discovered confidential information on 2/3rds of the drives.
+
- HEX Dump
 +
 
 +
- and much more.  
 +
 
 +
 
 +
The UFED is flexible enough to be used in many environments, such as:
 +
 
 +
 
 +
- Fixed to a desk in a crime lab connect to a PC
 +
 
 +
- Fixed to a desk in a crime lab (stand alone with no PC)
 +
 
 +
- Mobile in a car or at a VCP (connected to car 12V power)
 +
 
 +
- Mobile in the field (using battery kit)
 +
 
 +
 
 +
While the UFED is completely stand alone, additional software is included to create specialised reports on the retrieved raw data. Customised reports give the additional option of containing your own logo, case file number, address, etc.

Revision as of 20:04, 16 September 2008

The Cellebrite 'Universal Forensic Extraction Device' , or UFED, is a unique and very cost effective mobile phone forensic device that is completely stand alone.


As of September 2008, the UFED is compatible with 1,625 mobile phones (including GSM, TDMS, CDMA), with the standard package containing 66 different phone cables. Wireless connection options are also integrated into the UFED, such as IR and Bluetooth.


Using the MD5 Hash Algorithm, retrieved data includes:


– Phonebook

– SMS and MMS messages

- SIM data

- SIM cloning

- Multimedia (images, videos, audio, ect.)

- Date and Time stamps

- Deleted data

- HEX Dump

- and much more.


The UFED is flexible enough to be used in many environments, such as:


- Fixed to a desk in a crime lab connect to a PC

- Fixed to a desk in a crime lab (stand alone with no PC)

- Mobile in a car or at a VCP (connected to car 12V power)

- Mobile in the field (using battery kit)


While the UFED is completely stand alone, additional software is included to create specialised reports on the retrieved raw data. Customised reports give the additional option of containing your own logo, case file number, address, etc.