Cellebrite released an update to its Universal Forensic Extraction Device (UFED) software that enables forensic lab administrators to enforce policies around the manner and circumstances under which UFED Touch and UFED 4PC users extract mobile device data.
Released as part of the UFED 3.0 version, UFED Permission Management offers comprehensive granular administrative support at any extraction level: logical, file system or physical. It enables administrators to create user profiles and assign data extraction permissions according to predefined standard operating procedures (SOPs) or other internal policies. Administrators can therefore use the solution to manage forensic lab personnel, or to extend mobile data extraction capabilities to a broader field of users on a “right to know, need to know” basis—reducing the risk of their accessing private data beyond the scope of their legal authority.
“UFED Permission Management was developed in response to demand for more evenly distributed mobile forensics capabilities across government and corporate organizations,” said Ron Serber, Cellebrite Corporate Co-CEO. “However, not every user has the right or the need to bypass a user lock, access certain types of data, or perform a deep extraction and analysis. By extending basic mobile evidence collection and reporting capabilities to those responsible for proving minor offenses or corporate policy violations, but also limiting those capabilities, forensic lab administrators can accelerate investigations while preserving privacy and due process protections.”
Dan Morrissey, a supervisor with the Sacramento County (California) Sheriff’s Department, stated: “The difficulty for any law enforcement supervisor, responsible for overseeing the collection of digital evidence, is developing methodologies that both allow for the lawful collection of information while ensuring that the scope of the search does not exceed the court’s direction. With Cellebrite’s new UFED permission management capabilities, law enforcement can manage policies and procedures at an individual case level while ensuring searches are handled with the same right to know and need to know mindset. This feature clearly acknowledges law enforcement’s position with respect to the current digital media privacy debate."
UFED Permission Management enables administrators to enforce their organization’s SOPs or policies, which may require end users to have achieved a certain level of competency, training and/or certification in mobile data collection. End user permissions may also be based upon a role they fulfill, such as general evidence collection specialist, or types of incidents they respond to.
As a result, users who have access to UFED mobile data extraction platforms may have their permission limited to perform only certain types of extractions—for instance, to acquire only existing, but not deleted, data from a mobile device—and within that data set, only certain data, such as call logs and text messages but not images or videos. The permission management function therefore helps users better manage the vast array of data that is possible to extract with UFED technology.
UFED Permission Management is part of a set of features developed within UFED 3.0 that make mobile evidence identification and collection more efficient for both lab and field personnel. The other features include a more streamlined evidence collection workflow interface, which can automatically detect the device to be extracted, and a new mobile app, UFED Phone Detective, available for iOS and Android devices.