The analysis of the cell phone seized from banker Daniel Vorcaro, owner of Banco Master, involved the use of tools capable of accessing information even when it was deleted or protected by a password. Federal Police experts used specialized software to copy the complete contents of the device, recover fragments of data and track records of messages and files being sent.
According to experts in digital forensics, these programs are usually used in a complementary way: while some serve to unlock the device and perform raw data extraction, others are responsible for organizing and analyzing the large volume of files obtained during the investigation. Discover some of the tools used by the PF in the investigation:
Cellebrite
Cellebrite is one of the main tools used in digital forensics to access data stored on cell phones. Developed by an Israeli company, the program allows you to unlock devices and make a complete copy of the device’s content.
This procedure, known among experts as “bit by bit” extraction, mirrors the entire cell phone system, copying absolutely everything that is stored on the device. This even includes fragments of data that remain recorded in the system database even after files or messages are deleted.
This feature allows you to track records of sending messages, files and images. Even when the message content is not fully recovered, system logs can indicate when it was sent, to whom, and what type of file was associated with the conversation.
GrayKey
Another tool used by PF is GrayKey, developed by the American company Grayshift. The software’s main function is to unlock smartphones, especially Apple devices, known for more robust encryption systems.
Continues after advertising
After bypassing the device password, the program completely downloads the cell phone’s file system. This allows experts to examine messages, photos, call logs and data from applications installed on the device.
As with other digital forensics tools, GrayKey can also access fragments of data stored on the system, which helps track information even after deletion attempts.
IPED
After extracting data from the devices, the PF uses the IPED (Digital Evidence Indexer and Processor) to organize and analyze the collected material.
As modern cell phones can store enormous volumes of information, the program allows you to structure files, facilitate navigation between them and perform keyword searches in documents and conversations.
IPED also generates a unique digital signature for each file analyzed, called a hash code. This sequence of letters and numbers serves to guarantee the integrity of the evidence and check whether the content has been changed during the investigation.
When creating folders to make data easier to view, the system automatically groups files based on parts of this code. Experts highlight that this organization does not indicate a direct relationship between the contents, as different files can appear in the same folder just by cryptographic coincidence. So if a screenshot and a person’s contact end up in the same folder, it’s just that fact, not proof of sending.
Continues after advertising
