Source: @NEW YORK TIMES
A properly processed device can yield emails, text messages, call logs, location history, photos, metadata and more — even material that has been deleted.
Mr. Reim wanted to reconstruct John’s movements on the morning of April 27. He plugged the phone into a hand-held tablet, called the Touch2, made by the Israeli company Cellebrite. Known as a universal forensic extraction device, the Touch2 is able to pull data from almost any gadget and preserve it in a format that courts will accept as evidence. Mr. Reim also used a Cellebrite software program called Cloud Analyzer to reach John’s data on Google’s servers.
Cellebrite, which has promoted its ability to break into locked phones, is one of the industry’s biggest names. Grayshift, founded by a former Apple engineer, makes a product called GrayKey that has allowed law enforcement agencies to break into and extract data even from encrypted iPhones. There’s also Magnet Forensics, which has offices in the United States, Canada, the Netherlands and Singapore; Black Swan Digital Forensics, based in Memphis, which advertises a “remote extraction” service for around $500 a pop; and OpenText, which recently acquired the California-based Guidance Software, which was one of the first to start making forensic software, back in 2002.
At least public defenders know that GrayKey exists. For years, that wasn’t the case with so-called I.M.S.I. catchers (for international mobile subscriber identity), better known as StingRays. These devices, made by the Harris Corporation, impersonate cell towers to intercept texts, calls, emails and other data; they can also locate cellphones and thus the people using them.
Forensics experts have helped law enforcement acquire even the most daunting digital evidence. After a December 2015 mass shooting in San Bernardino, Calif., the F.B.I. asked Apple to help it get into a locked iPhone. Apple refused, on the grounds that it would undermine the security of their products. The F.B.I. ended up paying an unnamed third party to break into the device.