> Cellebrite’s products are part of the industry of “mobile device forensics” tools. “The mobile forensics process aims to recover digital evidence or relevant data from a mobile device in a way that will preserve the evidence in a forensically sound condition,” using accepted methods, so that it can later be presented in court.
>“For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question."
A tool with such a vulnerability, one that can affect past, present, and future uses of it, absolutely calls into question the "forensically sound condition" of the data it produces. One wouldn't even need to argue that they or the person they are representing was the one who could have corrupted the data. It could have been any previous device that was scanned.
>“For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question."
A tool with such a vulnerability, one that can affect past, present, and future uses of it, absolutely calls into question the "forensically sound condition" of the data it produces. One wouldn't even need to argue that they or the person they are representing was the one who could have corrupted the data. It could have been any previous device that was scanned.