Okay so I’ll try my best to convey what I know (I studied DFIR in college, but I work as a security engineer now):

There are two types of mobile device forensic acquisitions/collections/extractions: BFU and AFU.

BFU (Before first unlock) extractions simply refer to what Cellebrite is able to pull from the phone when it has been turned on but not unlocked for the first time, similarly AFU (after first unlock) is what it can collect after its been unlocked.

You can think about this as your phone being in two states: when you first boot it up (and I’m talking from the Android perspective, because I have never owned an iPhone) you’re required to use your pin/password to unlock the device and then it will complete its boot. Any time after that first unlock though, you can unlock with stuff like biometrics and its much faster (i know my phone when i unlock for the first time after a boot will display an “Android is Starting” or something like that while it loads up).

Bringing this back to your main question: depending on the OS version and device, what is pulled from AFU/BFU will vary. So looking at the image you linked:

If you were an incident responder, you’d probably read this chart left to right. Lets say i have a Samsung S23 running presumably android 13 or 14, I’d first look at the samsung rows, choose the second one for the version, and then id have to determine if the device is in BFU or AFU mode, and see which options are available to me. In this instance, it doesn’t make a difference because I can get user data from either (because i can brute force the password on the lockscreen for this specific device). Otherwise, a BFU extraction might only pull out surface level information from the device because everything may not have been decrypted yet.

I feel like I’m rambling but I hope it’s shedding some light, your point about the password is important but not everything. Companies like Cellebrite and Magnet pay a lot of money for zero day vulns that they can build exploits for into their software, meaning that if theres something critical (like a pin code bypass) then they could just use that and get all your data. But, there’s a lot of various data on cellphones, take Signal for example (and this is just an example, I don’t actually know): it’s possible that if signal is encrypting messages stored on the device, that even if an examiner pulled that database out, they might still not be able to do anything about it.

My final point, there’s also a high degree of secrecy around these tools. Obviously Cellebrite and Magnet are incentivised to keep their exploits quiet so they continue working, otherwise Google or Apple could just issue a security patch and render them useless. Often, they’ll have different tools that are available to different organizations: a company may have a few cellebrite dongles for internal investigations and litigation support, the details of which are kept under NDA, but they’re still likely to be separate from what an organization like the FBI would have access to. This is why it’s often hard to find information on these tools, especially updated or recent information

Yeah, although now that its officially on a recall I’ll have to evaluate the options we have

I hope that lemmy doesn’t grow any heavier than it is growing right now

I hope for more like minded individuals to help them out

How is the latter supposed to happen without the former? Like it or not, many of us are here solely because Reddit went to shit with their extreme monetization. Lemmy is still a really small community and absolutely NEEDS larger adoption in order to remain a viable option

I have no issue with this, I personally wouldn’t use it but I get that they need to make money (which is why i have a recurrent donation every month).

If this helps them to do that, then so be it

Awesome, I just installed one of these last year and now it might be up for a potential recall ;-;

With any luck it’ll be a returnless replacement so i can swap out one of my other units that’s noisy as fuck

Once the port is open, you should be able to access it via the tailscale IP just as you would locally on your network

Happy to help!

Side note, if you want to make publicly available services, you could use cloudflare tunnels. They work in a similar way – letting your services be accessible over the Internet without needing to open ports. Some other people in the comments have mentioned that Tailscale funnel can also work for this, but i haven’t used it so I can’t really advise on that front

To my understanding, yes! I touched on it in the post but since tailscale is a VPN that doesn’t require open ports to access other devices in the tailnet, you don’t need to worry about CGNAT