IBM Security i2

Expand all | Collapse all

i2 ANB and Cellebrite UFED files

  • 1.  i2 ANB and Cellebrite UFED files

    Posted Wed December 09, 2020 02:37 AM
    Hi,
    Most likely my question is addressed to IBM team.  A few years ago was a possibility to instantly import Cellebrate UFED files without any specification, it was an automated process, just needed to choose the appropriate option in the Import menu. Currently, this feature disappeared. Some of our customers really unhappy. Does someone know why? Is these feature will be available in the future i2 ANB versions?
    Thanks in advance for clarification.

    ------------------------------
    Ruta Jasinskiene
    Intelligence Analysis Expert_IBM i2 ANB trainer
    NRD Cyber Security
    Vilnius
    ------------------------------


  • 2.  RE: i2 ANB and Cellebrite UFED files

    Posted Wed December 09, 2020 03:44 AM

    Hi Ruta,

    Here is what I believe is the case as to why this happened to the best of my knowledge.

    When the previous versions of our software included the ability to import Celebrite UFED files automatically, we actually found that due to the vendor changing the format of the files themselves with different versions of their software, it would sometimes end up not working to import the data because the UFED format had changed somewhat.

    This meant that, although we would update the automatic function to import UFED files, at some time during that product versions particular release cycle, the function would appear not to work, because the file format itself would change.

    As such, I believe that Offering Management made the tactical decision to discontinue the automatic support, based on the fact that the Celebrite offerings themselves often have built in ways to export data to .CSV files which the i2 products natively support.

    This way, if the format of the export changed within Celebrite internally, the hope was that their export to CSV function would output data still in a consistent way, meaning that clients should only really require to make 1 import specification to bring in all their Celebrite UFED data.

    We understand that this feature was useful to some of our clients however, so if you did wish to see this feature added again to a future release of the product, then you can raise this as an enhancement request for the product here.

    IBM RFE Community

    I hope that this helps to answer your question. 
    Thanks and kind regards,
    – Dan Brace - IBM i2 Product Support Team



    ------------------------------
    DANIEL BRACE
    ------------------------------



  • 3.  RE: i2 ANB and Cellebrite UFED files

    Posted Thu December 10, 2020 05:30 AM
    Hello Ruta

    I'm sure you have figured this out for yourself, but the alternative to having it as an option from the drop down menu is to create a master .XIMP file (import spec) that work with the Cellebrite .CSV export files.  The master .XIMP can then be shared with all your customers, or stored in a Shared Folder location for each organisation.  Your customers would then need to just select the .XIMP and point it to the saved .CSV. 

    As Dan has indicated the reason it has disappeared is because Cellebrite are making ongoing changes to their product to keep up with new device features, it might be that a whole series of .XIMP files need to be created, to align with each iteration of Cellebrite.  That way if your customers need to re-analyse a Cellebrite examination from e.g. 2 years ago, they just select the matching .XIMP from the library and it should work.

    As both Cellebrite and i2 ANB are global products, in theory only one ANB user needs to create these XIMP files, and they could be stored somewhere on the IBM portal as a shared resource for all ANB customers.  I'd volunteer to create this, but Cellebrite is not the primary phone forensic tool used at my organisation, so my knowledge of their reports is very limited - it would be better designed by someone very familiar with Cellebrite reports. 


    Ant

    ------------------------------
    Anthony Patamia
    ------------------------------



  • 4.  RE: i2 ANB and Cellebrite UFED files

    Posted Thu December 10, 2020 01:37 AM
    Thanks, Dan, for your answer!
    Ruta

    ------------------------------
    Ruta Jasinskiene
    Intelligence Analysis Expert_IBM i2 ANB trainer
    NRD Cyber Security
    Vilnius
    ------------------------------