This report presents the features and manufacturer claims for Cellebrite's Universal Forensics Extraction Device (UFED), a hardware-based platform that supports extraction of data from more than 4,000 phones and devices, and results are presented from the performance testing of UFED by the National Institute of Justice's Electronic Crime Technology Center of Excellence.
The manufacturer's UFED manual claims that the UFED forensics system "empowers law enforcement, anti-terror, and security organizations to capture critical forensic evidence from mobile phones, smartphones, and PDAs." The "ruggedized" version is designed for field use by military, law enforcement, and government agencies; the standard version is suitable for office and lab use. Along with the standard hardware, Cellebrite offers an upgrade package called Physical Pro, which is designed to perform physical memory dumps and file system extractions from supported devices. In the performance testing, UFED performed well consistently. Connectivity issues between the UFED and phones tested were rare. In these tests, the UFED only had difficulty connecting to certain GSM phones that did not contain a SIM card; these issues most likely could be remedied by creating a cloned SIM card. The UFED's physical interface is simple to use, and it is easy to select certain information to extract from a phone. The user interface of the software allows quick discovery of desired information. Searching is implemented well in both software tools, providing the ability to search for information relevant to an investigation. In order to maintain maximum operational capability, users must keep both software packages and the UFED up to date. This report describes the test bed configuration and presents results from each of seven tests of different mobile devices.