The URL can be used to link to this page

Home My WebLink AboutFS 2016-09-20 Item 2A - Purchase - Cellebrite Data Extraction Hardware/Software for Police DepartmentTO: City of Tukwila Allan Ekberg, Mayor INFORMATIONAL MEMORANDUM Finance and Safety Committee FROM: Detective Dan Lindstrom for Acting Commander Bill Devlin CC: Mayor Ekberg DATE: September 12, 2016 SUBJECT: Cellebrite Software Purchase ISSUE Criminal investigations in the current era of technology require police departments have equipment to keep up with criminal methodologies. The vast majority of crimes involve the use of electronic devices such as cell phones, which can be used alone and /or to access Facebook, Instagram, Snapchat and others. Lawful gathering of evidence from those devices is a necessity in this era of investigations. BACKGROUND AND DISCUSSION Over the last 10 or so years, cell phones and electronic devices have become a part of our everyday lives. Those devices have also been part of criminal activity. Murders are planned and discussed via cell phones, child pornography is made and sent via cell phones and burglars take pictures of their "take" for posting on anonymous sites designed to sell and traffic stolen property. Social media apps that use cell technology are used all the time in the criminal world. Tukwila Investigative Services Division has had to rely on neighboring agencies, state labs and other resources in order to obtain cell data for our most serious crimes like armed robberies and murders. We have been unable to fulfill requests of the prosecutor's office to obtain cell data in other crimes thereby hindering, delaying or all -out damaging otherwise good cases. As an example, the Investigative Services Division currently has 10+ phones at various labs awaiting forensic examination. The State Patrol Crime Lab has an estimated backlog of 10 months. We have over 50 phones awaiting forensic work that do not qualify for outside lab help. A typical use of Cellebrite would include suspects in felony crimes where a phone was used or present (murder, robbery, kidnapping, rape, pornography, burglary, human trafficking, drug sales and distribution, etc). Agencies also commonly utilize Cellebrite to conduct digital evidence exams on victims of domestic violence. Things on the phone, whether deleted or not, are recoverable with either consent or a Superior Court search warrant. 1 INFORMATIONAL MEMO Page 2 FINANCIAL IMPACT The Cellebrite UFED 4PC is a PC -based software that works on our existing computers, and costs $9,000. The Cloud Solutions Set allows the Cellebrite user to obtain cloud -based data. In other words, if The Cloud was used by the phone, such is the case with most apps, that data is recoverable from the phone. Absent that add -on, data that was sent to or from The Cloud is not recoverable. Current Cellebrite users in our area have said the Cloud Solutions Set is as important as the Cellebrite itself. The renewal for Cellebrite, which would cover 1 year of upgrades, is $3,299 annually (with likely minor increases yearly). The renewal for the Cloud Solutions Set is $2,625. The renewals would take us through October of 2017. The training is necessary for certification and court testimony. Cellebrite UFED4 PC $9,000 Cloud Solutions Set $7,999 Cellebrite Renewal through 10/17 $3,299 Cloud Analyzer Renewal through 10/17 $2,625 Shipping $85 5 -day training for 2 Operators $7,700 Lodging and Expenses $1,196 Total $31,904 Funding for this equipment will be from the asset forfeiture account and sufficient funds exist for the purchase. RECOMMENDATION The Finance and Safety Committee is being asked to support and approve the purchase of this much - needed equipment and associated training. Per policy, anything over $5,000 that is not previously budgeted needs to go to Finance and Safety for approval. Per the previous section, seizure account funds will be used for this purchase and the minimal annual maintenance. ATTACHMENTS UFED Touch 4 page summary UFED Cloud Analyzer 3 page summary Cellebrite 3 page Fact Sheet 2 W:12016 Info Memos \Cellbrite.docx cellebrite deeiivering mobile expertise UFED TOUCH All-Inclusive Mobile Forensic Solution UFED series; UFED TOUCH ULTIMATE Ali - inclusive Mobile Forensic Solution Celtic =brite's UFED Touch] Ultimate is an innovative. high perforrnrng mobil: forensic solution. With its Intuitive GUI and easy -to -use touch screen, the UFED Touch Ultimate enables the physical, No system, and logical extractions of all data, passwords. included deleted data, from the widest range of mobile phones, memory cards, portable GPS devices and tablets. The UFED Touch Ultimate includes: UFED Physical Analyzer: Powerful application for decoding. analysis and reporting UFED Phone Detective: Instant mobile; identification application UFED Reader: Free application for sharing analysis reports with any authorrzed personnel. No ticenr-e or installation requieed. The UFED Touch Ultimate Is as mission- ready solution for Investigatlens in the field or lab and available in both standard and ruggedized versions. The UFED Touch Ultimate Advantage Setting the industry standard for mobile data forensic solutions, the UFED Touch Ultimate provides investigators with maximum capabilities: O Unmatched support for the widest range of mobile devices O Physical extraction from BlackBerry• devices running OS 4 -7. Exclusive decoding: BBM data, apps, emaiis, Bluetooth, calendar entries etc. O Widest support for Apple devices running 1053+ D Physical extraction and decoding while bypassing pattern lock / password / PIN from Android devices including Samsung Galaxy S family , HTC, LG, Motorola and more O Password extraction and removal on selected devices O Physical extraction from Nokia BB5 devices — password extraction is enabled from selected devices O File system extraction from any device running Windows phone 7.5 and 8 including Nokia, HTC, Samsung, Huawei and ZTE O Data extraction from portable GPS devices and decoding of the TomTom• trip -log O Proprietary technology and bootloaders ensure forensically sound extractions O Complete field -ready operational kit — compact tip connectors with 4 master cables for extraction and charging during usage O The most powerful solution for phones with Chinese chipsels O Frequent software updates to ensure compatibility with new phones as they enter the market Mission -Ready The all- inclusive standard and ruggedized mobile forensic kit contains a full range of peripherals and accessories for successful investigations in the field or lab. Complete with lightweight data cables, phone connector tips, an embedded work shelf in the ruggedized case, integrated long -life battery and external hard drive make mobile investigations quicker, easier and more efficient. RUGGEDIZED KIT STANDARD KIT UFED Physical Analyzer UFED Physical Analyzer is the most powerful and technologically advanced mobile forensic application there is available to date. It exposes every segment of a device's memory data and provides in -depth decoding, analysis and reporting methods. Features include: O Data Carving from Unallocated Space — Recover a greater amount of deleted data from unallocated space in the device's flash memory O Rich Set of Data — Decode existing and deleted data: call logs, contacts SMS, MMS, chats, applications geotags, location information, media files, email and more O Ma!ware Detection — On- demand searches for viruses, spyware, Trojans and other malicious payloads in files O Translations — Translate foreign - language content from your extractions using the offline translation solution O Project Analytics —View statistics for preferred communication channels, and identify relationship strengths O Advanced Search — Based either on open text or specific parameters O Timeline — Monitor events in a single chronological view O Watch List — Ability to highlight information based on predefined Ilst of values O Map View — Exhibits multiple locations of a suspect on a single map O Image Carving — Recover deleted image files and fragments when only remnants are available O Conversation View — See communications between people in a conversation view e.g: e- malls, chats, SMS and MMS O Report generator — Create reports in different formats, e.g.: PDF, HTML, XML, Excel and Word O SQLite Databases Viewer — Viewing, searching and exporting tables and content (including deleted data) from SQLite database files 4 Hex Viewer — Hexadecimal view of the extracted data containing highlights of decoded data enabling advanced search based on multiple parameters, regular expressions and more O Python Scripting — Python shell enhances the capabilities for content decoding O Plugin and Chain Management — Able to run Python scripts via plugins, and edit and create new decoding chains Applications: UFED Physical Analyzer- UFED Reader - UFED Phone Detective Hardware: UFED Touch device - UFED solid protective case - Tip & cable set - Tip & cable organizer - UFED power supply - Standard carrying case - Ruggedized carrying case' - Case embedded work surface- - UFED Touch screen cover - Faraday bag* - UFED external hard drive' - UFED memory card reader - Multi SIM adapter - SIM ID cloning cards - Micro SIM ID cloning cards - Nano SIM ID cloning cards - Car power adapter- UFED to PC cable - Phone power•up cable - USB }lash drive - Current 5V lo 6V DC adapter- Cleaning brush for phone connectors UFED Phone Detective UFED Phone Detective software, available with the UFED Touch kit, helps investigators identify a mobile phone at the start of an investigation. This eliminates the need to open the phone, risking phone lock. To Identify a phone, users answer questions about the phone's attributes. UFED Phone Detective provides details on extraction capabilities, connectivity, device characteristics and more. Now available as an app for Android and IOS devices. UFED Reader UFED Reader allows authorized personnel to share examination results with others, regardless of whether they own UFED software. Simply forward the application and the extraction report to users for viewing and searching the extracted data. Free of charge, and no installation is required. UFED Camera UFED Camera is an evidence collection tool, enabling investigators to manually collect evidence by capturing images of the data or screenshots directly from the device, thereby enhancing the extraction process. O Add Image categories and descriptions in the UFED to generate reports O Capture images/videos of the device as evidence, even when data is not extractable co Collect captured data as complementary evidence and accelerate the investigation The UFED Camera kit is available with the Ultimate solution offering. • Available in ruggedized version only 5 About Cellebrite Cellebrite is the world leader in delivering cutting -edge mobile forensic solutions. Providing field- proven and innovative solutions, Cellebrlte is the first and only mobile forensics vendor to provide flexible cross - platform options for lab and field personnel via UFED Touch, UFED 4PC and UFED TK. The company's comprehensive Universal Forensic Extraction Device (UFED) is designed to meet the challenges of unveiling the massive amount of data stored in the modern mobile device. The UFED Series is able to extract, decode, analyze and report data from thousands of mobile devices, including, smartphones, legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets. With more than 30,000 units deployed across 100 countries, the UFED Series is the primary choice for forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery. Founded in 1999, Cellebrite is a subsidiary of the Sun Corporation, a publicly traded Japanese company (6736/JQ) www.ufedseries.com sales@cellebrite.com cellebrii-e delivering mobile expertise CORPORATE USA GERMANY APAC LATAM .•11 1 '. _ . II!. .1 ! o i 1.. 1. 1 ... .. C1i,111, it 11 !I I. • h 111 f-ri H IItu1511a: r =t St. 7 Campus Dr1v1:. Suite 210 Ani FIupdenhtif 32a 150 lie,1C5 F;nad Pala 01.11, 387 3 ;tnrim Pet,rh Tlk:.a 4'1130 Ru ;,pp,my, rJJ 07051 3310; Patfur hum 1.11 -05 (iaUi.nv 0Jest clic: 31 01569 4111 Isr;nl LISA Gel warty Sut!Iapore 189720 f3rn )4,1r, 310 Palo Tel: +972 3 920 (1900 fel t 1 :101 843 3552 Tel +49 52 51 54 01 90 Td A +o s 54331;240 (3Gt :11 Fix + 172 31124 7101 Fax: +1 201 8 -18 9582 Ft+ +49 52 51 54' 6 -; 11 .19 FlV +0.`5 (x138 (1250 15 1 +33 11 5505 -3803 a NI L +ali.ava. = 1i.ai. i i,. q,.0 L' G JI ieJt4 lip t.r„s.I cellebrite delivering mobllE_ expE_rlisc UFED CLOUD ANALYZER DELIVERING CLOUD DATA ACCESS AND INSIGHTS TO ACCELERATE INVESTIGATIONS Cloud data sources represent a virtual goldmine of potential evidence for forensic investigators. Together with mobile device data, they often capture the details and critical connections investigators need to solve cr'mes. However, access remains a challenge. Roadblocks and red tape by cloud service providers add time and significant cost to investigations. UFED Cloud Analyzer provides forensic practitioners with timely extraction, preservation and analysis of private social media accounts - Facebook, Twitter, Kik, Instagram - file storage and other cloud -based account content that can help speed investigations. Part of the UFED PRO Series, this unique and powerful investigative tool automatcally collects both existing cloud data and metadata, and packages it in a forensically sound manner. Examiners can efficiently search, filter and sort data to quickly identify "Who? When? Where ?" details to advance their investigations. UFED CLOUD ANALYZER KEY FEATURES Mobile -based extraaion Access private -suer cloud data utilizing login information extracted from the mobile device Usemame -based extraction Log.n to private -user cloud data using usernames and passwords pro aided by the investigated sub:ect. retrieved from personal files. contacts or via other discovery means Forensic data preservation Extract information from cloud data sources while logging and trac-ng the entire process to maintain data authent;lty Each piece of extracted data is hashed separately and can be later compared against is origin. Visualize data In a unified format Normalize different cloud services .n a unified format and view in Timeline, File Thumbnails. Contacts or Maps format. Report, share & export Generate and share easy -to read. PDF reports for entire data sets or filtered nformation Expert ext -acted data to other analytical toots for deepe• analys s and cross source investigation with third pezy data 8 PERFORM TIMELY EXTRACTIONS OF PRIVATE USER DATA By using login credentials extracted from a mobile device, examiners can extract private user cloud data from key social media webmail and cloud storage sources, war in preapproved legal boundaries. This provides forensics examiners with a useful workaround to obstacles posed by uncooperative service providers and speeds access to authentic data wide waiting for lengthy legal processes such as the MLAT to go through UNIFY AND ORGANIZE DISPARATE DATA INTO A COMMON VIEW Dynamically visualize and analyze large cloud data sets in a unified format to bring key insights to the surface for easy analysis. This unique capability enables forensic specialists to normalize and organize disparate data retrieved from aaious sery ce providers nto a unified format, to qu ckF uncover common connect ons and coTelate critical evidence. Immediate access to private cloud-based data saves valcable time offering a data source that Can be validated against service provider records SHARE AND INTEGRATE DATA FOR FURTHER ANALYSIS Sharing crarce evidence or intelligence with supervisors, command leaders. attorneys and other outside parties has never been easier Our solution ensures the data they receive 5 comprehensive, - elevant and mission specific. Easily export and integrate JFED Cloud Analyzer data into UFED .ink Analysis or other advanced analytical tools, for deeper analysis. THE °FED CLOUD ANALYZER SIMPLIFIES THE INVESTIGATIVE WORKFLOW Seize and extract mobile device 1 Decode cloud services login information using UFED Physical Analyzer Extract private user data utilizing login information or credentials Analyze and report data in a unified format Share data and proceed with the investigation with UFED link Analysis or other analytical tools ,;: : :I''I .1 1 I' +1 ML!f ll( LISI TODAY .4ro* t0,..een u.vr• Urn, Arulks UFED CLOUD ANALYZER SYSTEM REQUIREMENTS about Cellebrite Windows compatible PC with a dual -core or compatible processor running at 1.6 GHz or higher Windows 7 Service Pack 1 or Windows 8, 64 bit Recommended: 16 GB Minimum: 8 GB 90 MB of free disk space for installation Microsoft.Net Framework version 4.5.2. Newn 4 EA! Elan Content categories Cellebrite is the world leader in delivering cutting -edge mobile forensic solutions. Cellebrite provides flexible, Feld- proven and innovative cross - platform solutions for lab and field via its UFED Pro and UFED Field Series, The companys comprehensive Universal Forensic Extraction Device (UFED) is designed to meet the challenges of unveiling the massive amount of data stored In the modern mobile device. The UFED Series is able to extract, decode, analyze and report data from thousands of mobile devices, including, smartphones, legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets. With more than 30,000 units deployed across 100 countries, UFED Series is the primary choice for forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery. Founded In 1999, Cellebrite Is a subsidiary of the Sun Corporation, a publicly traded Japanese company (6736/JQ) To learn more, visit www.cellebrite.com sales @cellebrite.com ® 2015 Cellebrite Mob le Synchron•zatwon LTD. All rights reserved. cellebrit -e I Inc i I It u1.111 • i 71)(I r.•• cellebrite dellVerin(J rnu6ile ex[)ertirse SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS Extract the Insights that Focus Investigations THE DATA SOURCES THAT MATTER MOST 95% / MOBILE DEVICE ITSELF - - 59% THIRD -PARTY APPS 45 °i (({ ,)) WIRELESS! CELLULAR PROVIDERS 32% ► CLOUD PROVIDERS lots ee4•xe ewrrnr ereamn sm. THE CHALLENGE As the Importance of Mobile Evidence Grows, the Need for New Tools and Capabilities Take Center Stage Mobile digital data Ifs defining the outcomes of a mina) cases and putting growing pressure anforensic exammers to extract, fitter anayzeandshare insights quickly The volume and complexity It. is data now rep. esents has stretched forensic labs beyond [heir capacity Multiple device types per suspect. victim and crime only tompl,tate matters further With demand for mobile data only accelerating and device backlogs bu Iding your operations have reached a critical upping point The challenges are daunting. Manaej-,g rapidly evolving device types, encryption methods and operating systems becomes nearly impossible without the right tools. As does accessing critical new doud data sources and sifting through mountains of data now generated by each device. Roadblocks and red tape abound. Uncooperative providers, lengthy legal processes - including MLAT for international search warrants - make obtaining prorate and cloud-based data an ongoing challenge- The abtny to extract deeper insights and visualize key conneaons quickly, will help unlock the intelligence of mobile data to unify nvestigatrve teams, speed investigations and produce evidence you can stand behind. of Gelid] rite customers stated service providers' non- compliance with legal process is a cliallcngc Saw. la 4 hid ex. tow, Device Backlogs Continue to Challenge lab Operations Nearly BO% of respondents report some level of device backlog in the last year; 44% of those lasting 1 to 12+ months. THE SOLUTION CellebrIte's UFED PRO Series Our Innovative UFED PRO components deliver the most comprehensive mobile forensics extraction and decoding capabilities in the industry with more data now residing outside mobile devices. examiners cam nsk missing critical time-sensor. evidence. Our solution uncovers the deep insights needed to accelerate investigations and streamline workflows t,nified data Rows seamlessly between tools so forensic examiners and investigators dont have to spend valuable time requesting information from numerous service providers, and then manually collating and merging multiple data formats Flexible. scalable and secure, un. clue tools . alow forensic examiners, in all lab environments, to access and import data from the widest variety of mob le and GPS devices, as wel as from prrate cloud data sources and mobile operators. -o turn information into timely, actionable intelligence requires easy-tor useanaytics The strength of Ihe UFED PRO S ercomenfrom to ability to simplify complex analytical tasks. Robust analysis. advanced visuatuation and reporting tools allow examiners to organize, search, map and carve data easily to find patterns and reveal meaningful connections between one or numerous subjects. The UFED PRO platform features Industry trusted tools and analysis capabilities that allow users to. • Bypass use Iccks, recover application data and reveal deleted data • Extract and decode rich sets of encrypted and non•erxrypted data while ensur ng extractions are performed in a forensically sound manner via proprietary r ead•ony bootvyaders. o Calls, $MS, MMS, Media, treads, calendar and contact files o Location information decoded from apps. GPS, tell [owers, WI•FI .networks and media files o App icatia, data and private user cloud' data rrrarwurt] 0n nrwrm, • validate recovered artifacts with a unique evidence venfication engine • Narrow the results using search and advanced filters • Utnize a rich net of analysis capabadles including timelne, project an rlytics, watch lists, matware detection language translation and more • Generate and share easyao• read, custom reports in dr, "erent file formats 11 POWERFUL COMPONENTS MAKE THE UFED PRO SERIES THE INDUSTRY GOLD STANDARD The strength of the UFED PRO solution ties in the sum of its impressive parts Whether leveraged Individually or together, they help examiners collect, protect and act decisively on mobile data with the speed and accuracy a situation demands - without ever compromising one for the other. UFED Pro CLX A police officer pulls evere suspect driving a recently reported stolen car. He Identlflesthe driver as a suspected gang member and nukes an arrest, :thing both his phone and tablet. In the lab, an examiner uses 0181 PRO tic to access deleted texts uncovering boasts about stealing not only this car, but three ethers. UFED Cloud Analyzer reveals casebook posts showing the suspect In front of the grand delagsabout the "take'. Unified data extracted from both devices uncover communications between a number of people, both known and unknown to police. UFED link Analysis reveals connections to these suspects and highlighted case related data, Indicating Involvement in an even larger city -wide auto theft ring. our most robust odenng for lab forensicaper.akSts UFED Pro EUr ntegrates UFED Ultimate. UFED Coud Malyzer And UFED Link Aralyso rao one powerful solutmn. UFED Nuance enables the pnyslcal logical and !le system extraction of sA data and passwords - even deleted - from the widest ranged mobile phones, portable GPS dedces and tablets ,FFED Mod Analyzer modes real-time access to private cloud -based data. saving erne in hart =g toacqu,•e it from service providers rive Facebook Twitter etc -Armed with lntuOve UFED link Malysis examiners Can rapidly import normalize and organize disparate data indudng third party data, from one or more devices into trnried view Empowered with robust search filter and ki ramicgraphic capabames indudrngtimeline andmapdxsed wen examners can quickly uncover common connecuord and correlate crnkal evidence that can help solve CASes faster UFED PRO AT A GLANCE With warehouses of mock device and loud data being treated dady,.'orensics manners need fast anil efCcIent ways to tap eit0 and unify data sources when a Situation demands. The UFED Pro Series is designed for forensic examiners and +nlvestigators who require the most comprehensive moble data extiatzrdn and decoding support available Key solution components include 12 UFED Ultimate ®. UFED Ultimate enables the pnysicat logical and 1 e system extraction of all data and passwords - even deleted - from the widest range of mobile phones. portable GPS devices and trinkets. The powerful comarauon of proprietary boot loader. UFED Pny nil Analyzer UFED Phone Detective and UFED Reader enables advanced decoding mobile phone detection, data analysts and reporting every t.me UFED Pro LX A state trooper slops a suepicleusvan for a moving violation. Noting the nervous behaviorol the driver and facial bruises on the teenage male occupants, theofficer is Immediately concerned. After detailed questioning, the driver confesses to not knowing the boys and the officer arrests bim and seizes his phone. thing UFED PRO In the lab, Ifs determined that the driver was in route to transfer his passengers to various locations in a five -state area. Six of the passenger:were identified as victims of human labor trafficking. UFED Link Analysis Identified multiple common connections, uncovering an even larger nationwide trafflddng ring and providing actionable leads for federal law enforcement to pursue. Line is the enemy of ainunet knestigations. Device backlogs of any length put criminal cases In leopard/, North UFED Pre Lk forensic professionals can spend more none analyzing data and less tame collecting and normalizing R Irow a variety of ocked and unlocked mobile deuces- By combining the 1t -depth extraction and advanced decoding capadiaes of IJPEED lilt mate and UFED Ur,k Analysis, users can effectively mule and efficiently organize. search filter and Carve ruble. hdden And deleted data to Identdy patterns and wsuakze connections Designed to shorten investigation tames, the task -Row oriented interface redoes compleeiry of dolled and tams raw mobile data Into acuwyabk intelligence. JFED Cloud Analyzer UFED Cloud Analyzer provides loren$lc pen Ilioners with real -titre extraction, preservation and analysis of private social media, file storage or other loud -based account canter- Po unique application ai:tomatically maws both ensung Stud slats and metidata, and packages q In a forensicalFjr preserved manner making It easy to report relevant ntelgence. and export to other advanced analytical Dols. UFED LIME Analysis. UFED Link Analysis immediately Idenufies common connections between multiple dMces and disparate data sources to generate leads and uncover acDnnable insights from erdungcall logs text messages multimedia. applications and location data Advanced nsualiaalrpa /Mow users to see connections and case-related data in a wafted view, and search ono fitter data based on date and time stamps, communication met:hada. location types and distance.