Re: What if..
Reading their brochure there is much to cause concern. It talks in parts about techniques that may be similar to the one you just described. However...
It also talks about not making modifications by virtue of the fact that it deletes anything it has to temporarily install.
Their caveat in that it claims it doesn't alter the "user partition": so ok to alter anything else then?: "Cellebrite ensures that the process is non-intrusive and that nothing in the device’s user partition is changed"
And even if it does alter the (alleged) crime scene - apparently that's not a problem because at least you know those are your footprints in the snow: "This type of installation is comparable to walking into a snowy crime scene to retrieve a murder weapon. The investigator may leave his or her own footprints behind, but this necessity is acceptable in court as long as it is carefully documented. "
No worries then about overwriting evidence that could prove somebody innocent!!!???
And that it does alter things permanently: "This necessitates rewriting the phone’s memory, permanently changing the device boot loader to Cellebrite’s own."
There's plenty of contradictions in the document to befuddle the technically unsofisticated - so that's you fucked if you are the accussed in any UK court then.
Love this humdinger though: "Some agencies, for example, may require examiners to always disable the “automatic uninstall” setting, declare and document its use and leave the client in place. Other agencies may require this action only for suspect phones, but allow the client to be uninstalled from a victim’s phone as long as its use is documented."
Did they actually just say "victim"!? So any alleged suspect is a "victim"!? Nice Freudian there guys.
