Criminal investigations today increasingly have one thing in common – mobile data evidence. As

a result, mobile forensics capabilities have been thrust into the spotlight, along with the ongoing,

dynamic challenges the industry now faces. Rapidly evolving mobile device technology, stronger device

and application encryption methods, and warehouses of data both collected and generated daily,

represents significant implications for not only forensics examiners in the lab, but increasingly, first

responders and investigators in the field. When a crime occurs, time is the enemy. The faster mobile

device data can be extracted, analyzed and acted upon, the faster criminals can be taken off the street,

cases successfully prosecuted and public confidence restored.

Mobile FoRensiCs: A look AheAdCellebrite Customers Predict Mobile device backlogs, new data sources and legal issues will Top 2015 Challenges

Cellebrite Predictions survey 2015

CritiCal EvidEnCE now MobilE

in 2013, MessAging And soCiAl APP use triplEd

AMeRiCAns used sMARTPhone And TAbleT APPs MoRe ThAn PCs To ACCess The inTeRneT lAsT MonTh

the first time that has ever happened.

sources 1 CNN Money, 2 Flurry Analytics

2

1

2

We recognize that mobile device evidence has

reached a tipping point; growing rapidly in both

importance and volume. our customers are at the

forefront of this shifting landscape. so we asked

them how they will address the challenges that

mobile data evidence now presents, along with

the tools, processes and training that will allow

them to successfully navigate it in the future. in

Q4 of 2014, 728 law enforcement and corporate

customers provided insights on the challenges

and trends they believe will influence mobile data

forensics in the year ahead. hands down, nearly

all respondents (95%) report that mobile devices

are the most significant data source in their

investigations today – a trend that shows no sign

of slowing.

thE nEw digital goldMinE in invEstigations

thE data sourCEs that MattEr Most

95%

59%

45%

32%

mobile device itself

third-party apps

Wireless/cellular providers

cloud providers

of respondents consider mobile devices their most significant

data source

95 %

3

Backlogs also bring a host of hidden costs and related issues with them, including overtime for examiners or the need for outsourcing – both introducing potential errors in evidence processing and interpretation. But they also pose more troublesome risks such as cases going unsolved and suspects receiving lesser sentences than they actually deserve. Nearly 29 percent of respondents indicated they have plans to purchase additional forensic tools and expand their labs to deal with device backlogs. Additionally, almost 60 percent identified a need for first-responder or field personnel to preview or triage mobile device evidence before it’s transferred to the lab.

Device backlogs of any size or length mean valuable data evidence lays in wait. The sooner examiners and investigators can extract and analyze it, the faster crimes can be prevented or solved. Respondents indicated they were open to new mobile forensic solutions that support multi-tier workflows and tools that extend simple data triage capability to field personnel as needed.

With the growing importance of mobile device data to investigations, backlogs of any duration – even days or weeks – can jeopardize the length and outcome of criminal cases. Nearly 80 percent of respondents reported experiencing some level of device backlog in the last year, with 44 percent experiencing backlogs of 1 to 12+ months. This issue appears to be the most

backlogs Challenging Timely device Processing

problematic for federal and national law enforcement respondents (54 percent) and state/provincial/county/local law enforcement agencies (45 percent). For those experiencing device backlogs, 68 percent rated it from somewhat to a very significant challenge. In the private sector, one-third of respondents reported little to no backlogs.

thE hiddEn Costs of baCklogs

of respondents report some level of device backlog in the last year;

of those lasting 1 to 12+ months

dEviCE baCklogs building

nearly

80 % 44 %

examiner overtime

outsourcing device examinations

risks associated With errors in evidence processing, interpretation

cases going unsolved or suspects receiving lesser sentences

4

A deluge of new data sources Require new Tools, Analytics

It’s not surprising that mobile devices remain the most valuable data source in investigations when you consider the amount of user-data generated by social networks and messaging applications. For forensic examiners, accessing that data comes with a host of growing challenges. Both device and application encryption is a big one, cited by 85 percent of our customers. Another one? The amount of data that is now stored off the device and in the cloud. This was projected as one of the industry’s most significant issues in the coming year by nearly 60 percent of respondents. Accessing data from third-party applications (60 percent) and wireless or cellular carriers (45 percent) also remain ongoing challenges. Corporate respondents also place great value on mobile device, third-party and cloud data in roughly the same proportions as law enforcement.

What do all these new data sources have in common? They add critical time to what has already become a complicated and lengthy investigative workflow. Serving legal process on both cloud and wireless/cellular providers carries with it additional complexity due to resistance in the name of privacy, the requirement to notify customers, lengthy legal processes, etc. And with increasing number of crimes extending across borders, the international mutual legal assistance treaty (MLAT) for providers in countries other than the investigator’s own can add months on top of that. It’s not surprising then, that more than 72 percent of respondents found this aspect of investigations to be either somewhat (43 percent) or a significant challenge (29 percent).

top thrEE MobilE data forEnsiCs ChallEngEs

85% 60% 41%device and application

encryptionamount of data stored

off the device and in the cloud

aggregating and analyzing big data

5

All the data in the world is only as valuable as the analytics used to make it actionable. Having the ability to quickly visualize key connections – the bigger picture – helps investigators speed investigations, something that approximately 83 percent of respondents deem somewhat to very important. In our survey, respondents also rated text/content, image and geolocation analytics highly for the cases they work (92 percent, 82 percent and 70 percent respectively). Time delays – due to backlogs or process red tape – are the enemy of digital forensic investigations. The findings above underscore the importance of having access to key data mobile data quickly, along with the analytics and workflows to make it actionable in the lab and in the field.

analytiCs MakE data aCtionablE

stratEgiCally soCial

laW enforcement professionals actively use social media as a tool in their investigations3

use it on a daily basis

8 ouT oF eveRy 10

We live in an age of social media, where networks like Facebook and LinkedIn map our connections, track our locations and use that knowledge to shape our preferences and behavior. According to the International Association of Chiefs of Police (IACP), 86.1 percent of agencies surveyed in 2013 leverage social media for criminal investigations.

92%

83%

82%

70%

25%

TexT/ConTenT

ConneCTions

iMAge/video

geoloCATion

92% rate text/content analytics as important

83% find the ability to visualize key connections quickly somewhat to very important

82% cite image analytics as important

70% rate geolocation analytics as important

source 3 lexisnexis 2014

6

You don’t need to look further than the latest news to see the impact of mobile data on data forensics investigations and criminal proceedings, as well as the associated challenges of legal access and privacy. Our survey findings suggest that law enforcement agencies and enterprises are not entirely clear on if, or how, their standard operating procedures will be impacted by ongoing legal precedent. They are, how-ever, monitoring the landscape closely.

The majority of survey respondents has received training on both legal and technical topics related to mobile forensics. All respondents recognize the need for ongoing training to both perform mobile forensic

examinations and testify about them in court. With the proper processes, tools and training, all organiza-tions can help guarantee that the search, seizure and extraction of mobile evidence is done in accordance with the law.

For forensic examiners, training is not a nice to have, but a necessity that ensures job competency. The cost of training should always be weighed against the po-tential cost of not training; the limited ability to access and analyze mobile device data, the impact on inves-tigations of not having evidence readily available and the potential outcomes of putting untrained forensic examiners on the stand in court.

Training Prepares examiners for What Comes next

training not just a nice to have, but a critical necessity ensuring job competency

oF ResPondenTs hAve ReCeived TRAining

75%

7

The implications of mobile device data on the digital forensics industry are difficult to ignore. It remains our customers’ most important data source in the fight against crime. To harness its power, global public safety agencies and enterprises need effective, legally sound ways to manage the growing complexity and volume this data now represents. Call logs, social media posts and texts can help establish the critical connections officers, investigators and prosecutors need to act quickly; determine innocence or guilt. They require proven, forensic-sound data solutions that create new and improved workflows to reduce mobile device backlogs and speed investigations. Our industry-leading solutions arm forensic examiners and investigators in the lab and field with the capa-bility to extract, analyze and act on mobile data with the speed and accuracy any situation demands – and deliver evidence they can stand behind.

For more information, visit www.cellebrite.com.

A Critical Tipping Point

survey background and Methodology

A gRoWing need:extending mobile data forensics capabilities

to the field

Cellebrite customers were provided a SurveyMonkey link via its closed LinkedIn group and via email in Q4 of 2014.

• Survey questions addressed a range of mobile data forensics topics, including forensic lab backlogs and how to reduce them, new challenges such as exploding data sources, big data analytics and training requirements in a changing legal landscape.

• Survey respondents were also asked to rank what they felt to be the biggest challenges they face in the coming year.

• A total of 797 customers responded to the survey, with 728 completing all questions.

• More than two-thirds of respondents were from North America and 21 percent from Europe.

• Approximately 86 percent of respondents work in law enforcement: 63 percent in state/local/provincial and 23 percent in federal/national agencies. Half (and among corporate respondents, nearly three-quarters) described their roles best as digital forensic examiners. Thirty-nine percent identified as detectives, inspectors, investigators or special agents.

of respondents rated as

important

61%

© 2015 Cellebrite Mobile Synchronization LTD. All rights reserved.

www.cellebrite.com

About CellebriteCellebrite is the world leader in delivering cutting-edge mobile forensic solutions. Cellebrite provides flexible, field-proven and innovative cross-platform solutions for lab and field via its UFED Pro and UFED Field Series.

The company’s comprehensive Universal Forensic Extraction Device (UFED) is designed to meet the challenges of unveiling the massive amount of data stored in the modern mobile device. The UFED Series is able to extract, decode, analyze and report data from thousands of mobile devices, including, smartphones, legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets. With more than 30,000 units deployed across 100 countries, UFED Series is the primary choice for forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery.

Founded in 1999, Cellebrite is a subsidiary of the Sun Corporation, a publicly traded Japanese company (6736/JQ).