Shahar Tal

Modern Phone Forensics 101


During this session, I will give a quick review of modern-day mobile phone forensic extraction technology, and discuss the forces shaping this domain, as well as cover the dramatic changes overturning the industry in recent years. We will cover the main challenges Law Enforcement examiners face in this domain, as well as some of the technical challenges facing the vendors creating the tools. How prevalent is 0-day use? what attack surfaces matter? how interesting are n-days (and released PoCs)? What are the implications of check{m8,ra1n} (or other vulnerabilities in PBL/ROM) on this field? Coming from the position of the market leader in this domain, I will also present some of our ethical considerations, as well as our tools and processes to control and limit the use of sensitive technology.


Shahar has been leading Cellebrite's research group tasked with forensic extraction of mobile devices since 2015. Prior to joining Cellebrite, Shahar led the malware and vulnerability research group at security-giant Check Point. He also served 9-years in the Israeli army holding technological leadership roles as a Major with the Intelligence Corps and Air Force.