> In computer forensics it's ALL about being able to verify, without a shadow of doubt that something is what they say it is
Mostly. The other side gets all the evidence that the opposing side sees. They both get a chance to review it.
> Chain of custody rules everything.
Agree.
> This blasts a huge gaping hole in all that.
Not really. The analysis goes in two steps. One is to pull all the data from the phone, in a chain-of-custody manner. In an adversarial case, both sides can do this.
The collection and analysis go into two steps. First is moving the data to windows box. Next is the analysis. As I understand it, the analysis portion is where things can explode. Then, if in the hands of someone skilled in forensics, the extracted data would be saved in some other device, possibly to be shared with the other side. Then the risky, potentially explosive analysis would be done. It is very unlikely that all previous cases exist on that device and nowhere else.
Therefore,
> It calls all past and future cellbrite reports into question.
is not true, as the extracted files are likely not on the collecting windows device.
In any case, it is not clear how many uses of this device are in actual legal environments.
If the data collection step can possibly be affected by things like media file exploits then that would be a much bigger problem by itself. Cellebrite would have no reason to execute or interpret anything off the target device in this stage. If they were doing that then the Signal article would of pointed that out first.
Mostly. The other side gets all the evidence that the opposing side sees. They both get a chance to review it.
> Chain of custody rules everything.
Agree.
> This blasts a huge gaping hole in all that.
Not really. The analysis goes in two steps. One is to pull all the data from the phone, in a chain-of-custody manner. In an adversarial case, both sides can do this.
The collection and analysis go into two steps. First is moving the data to windows box. Next is the analysis. As I understand it, the analysis portion is where things can explode. Then, if in the hands of someone skilled in forensics, the extracted data would be saved in some other device, possibly to be shared with the other side. Then the risky, potentially explosive analysis would be done. It is very unlikely that all previous cases exist on that device and nowhere else.
Therefore,
> It calls all past and future cellbrite reports into question.
is not true, as the extracted files are likely not on the collecting windows device.
In any case, it is not clear how many uses of this device are in actual legal environments.