Ellington didn't have time to test the UFED Ultimate before putting it to work. "We had a backlog of phones when it first arrived," so he judged its effectiveness on the fly. The UFED device was able to bypass a phone's own software, so that Ellington could circumvent security protocols and obtain a physical "raw dump" of the phone's data.
The UFED supported industry-standard hashing, a constant Ellington used when analyzing PCs. "This mathematical fingerprint verifies that the data you get matches the data from the source," he says. "You could now go into court with it, show the hash value, and show that on this day, it matched the suspect's phone 100 percent."
The UFED produced the same results each time, unlike the methods Ellington previously had used. "Up until this point, you couldn't get any real validation."
UFED Ultimate helped Ellington check a phone for deleted text messages, email, or voice mails. UFED extracts relevant information from Skype, Google Voice, and even Words With Friends, which has a built-in chat client. "We've had so many cases where people were using [Words With Friends] to communicate, thinking it doesn't leave a trace, but UFED does a really good job of parsing out and making viewable the different data types that these apps store," he says.
UFED Physical Analyzer software generates comprehensive reports. "An attorney comes in and just wants the communications between Party A and Party B. The Physical Analyzer software lets us specifically target those parties and report all [the communications] between them," explains Ellington.
Via a recent update, UFED Physical Analyzer now can compile information from multiple parties and phones to create a timeline. Ellington recently finished up a case where five different parties were involved: a woman, her husband, the husband's girlfriend whom he had met online, the girlfriend's boyfriend, and the girlfriend's ex-husband who was suing for custody of their kids. "Under subpoena we copied the phones for all five people, including chats, photos, voice-mail messages, [and so forth], and compiled them all into one timeline using an Excel spreadsheet, which created a minute-by-minute chronology of how this mess unfolded," he says.
So what did Ellington find out about the doctor's wife? Ellington says the UFED Ultimate recovered deleted voicemails from her iPhone that delineated her scheme to withdraw all the money from the couple's joint bank accounts and her search for a new job and apartment in a different city.
Robyn Weisman is a freelance writer based in California. Email: email@example.com.