Understand Emergency Download Mode (EDL) to Get Forensically-Sound Access to Mobile Devices
If you are a digital forensic examiner who needs to bypass locks faster and physically extract data from popular Qualcomm-based Android devices, we have created an in-depth how-to webinar dedicated to just that.
Watch the recorded webinar “Access Digital Evidence Faster Using Emergency Download (EDL) Mode” brought to you by the Cellebrite Security Research Labs to discover how Cellebrite’s unique automatic Emergency Download Mode (EDL) capability can provide you with forensically-sound access to extract physical data from Qualcomm-based Android mobile devices
Scott Lorenz who has been a Texas Peace Officer since 1993, a licensed private investigator in Texas since 2003, and currently Chief Forensics Analyst for Centex Technologies. Scott is a member of the faculty and Professor of Criminal Justice at Central Texas College and a frequent instructor in the police academy. Scott has been conducting digital forensics investigations since 2009 and conducts examinations for multiple state and local police agencies in state and federal criminal investigations. Scott is a moderator on the Mobile Device Forensics and Analysis group.
Shahar Tal is Vice President of Research at Cellebrite Security Research Labs
Shahar joined Cellebrite in 2015 to lead the mobile forensics extraction research group. Prior to joining Cellebrite, he led a vulnerability research group at Check Point and also served 9-years in the Israeli army holding different technological leadership roles.
Cellebrite Security Research Labs to the Rescue
Traditional forensic extraction methods up to this point have mainly required convoluted reverse engineering to discover hidden vendor commands and low-level protocols, as well as, perform analysis of device internals and map access to flash memory.
In recent years, we have seen dramatic changes to the extraction landscape as industry awareness of security and data protection has grown. Presently, processor performance allows commodity implementations of advanced encryption schemes like Android FDE, right out of the box.
These changes are making extractions more challenging. This is why modern methods require the type of in-depth security research that Cellebrite Security Research Labs does so well. We discover vulnerabilities that allow forensic evidence extraction solutions for the digital forensics community.
The webinar, “Access Digital Evidence Faster Using Emergency Download (EDL) Mode”, is a practical walk-through exploring 3 main areas:
- What is EDL, how to detect EDL mode and access popular Qualcomm chipsets for forensically sound mobile device analysis
- Bypassing device locks to ensure fast physical extraction using Cellebrite’s exclusive, automatic EDL capability
- Best practices and other hardware and software techniques to enter EDL mode and perform physical extractions
View EDL extraction tests showing results for an encrypted Alcatel phone with a pattern lock, a ZTE Device with Qualcomm chipset that is badly damaged, and more.
By viewing these real-life examples, you will come away with an understanding of how to get forensically-sound results in minutes at the crime scene without the need to send evidence to the lab. All this can be achieved without disassembly or advanced training.
Also discussed are the Advanced Unlocking and Extraction Services which are offered as a premium service and delivered globally by a team of highly-specialized operators at secure Cellebrite Forensic Labs.
The following questions will be answered during the Q&A Session:
- Will using the non-decrypting method of extraction work on an encrypted device?
- Are the EDL methods limited by any security patch level?
- Is there anything on the horizon to defeat pattern locks, as some ZTE devices are pattern-locked before the OS even starts up. Additionally, there are many Samsung and LG models with patterns that are not possible to bypass yet. What can be done?
- When using the UFED 4PC to perform EDL extractions, can they still be done using the UFED Touch2?
- When to choose the Decrypted Bootloader option versus the standard (non-encrypted) Bootloader?
Watch the webinar “Access Digital Evidence Faster Using Emergency Download (EDL) Mode,” to understand how to increase your tactics of mobile device access and perform forensically-sound digital investigations.