Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Cellebrite expands to Mac forensic tools with $33M BlackBag purchase

Cellebrite's Touch2, a forensics tool used to extract data from mobile devices

Cellebrite, a digital forensic company known for assisting law enforcement in unlocking iPhones, is expanding its reach to other platforms, with the purchase of rival firm BlackBag adding PC and Mac forensic services to its portfolio.

Announced on Tuesday, Cellebrite has agreed to acquire BlackBag Technologies. The purchase, said to be valued at around $33 million, will give the Israeli company a wider array of products and services it will be able to offer to clients.

Owned by Japan's Sun Corp, Cellebrite's purchase of BlackBag is largely funded via an investment from IGP Capital in June, Reuters reports, valued at $110 million. The acquisition is unlikely to be the only one made by Cellebrite, as the available funds offers the opportunity for the firm to fill out its services and holdings further.

Cellebrite is best known for its mobile forensics tools, which can unlock smartphones and tablets like the iPhone, along with some cloud services. In June, the company claimed it had the capability to break into any iOS device, including those running iOS 12.3, with the ability to determine passcodes and perform unlocks for Apple devices, followed by a full file system extraction.

Its clients largely consist of law enforcement agencies and other government organizations. Cellebrite is thought to have been the firm that provided the FBI with assistance in the San Bernardino investigation in 2016, with it allegedly receiving $900,000 for helping crack the shooter's iPhone.

While Cellebrite is focused on mobile devices and cloud, BlackBag instead centers its work on computer forensics, including tools for quickly searching through volumes of data stored on servers. The purchase of BlackBag increases the capabilities of Cellebrite, making it capable of operating on more platforms.

Part of BlackBag's work includes accessing Macs and MacBooks, with its MacQuisition tool claimed to perform live data acquisition, targeted data acquisition, and forensic imaging of macOS devices. The tool is said to be the first and only one capable of creating images of Macs equipped with Apple's T2 chip, which handles encryption and other security-related tasks.

Cellebrite says the purchase helps it create a "one-stop-shop" offering to its clients "capable of meeting all of their digital investigation needs."

"This acquisition will allow Cellebrite to accelerate the delivery of new Digital Intelligence solutions and services that will empower our customers and allow them to maximize the efficiency and accuracy of their digital investigations," said Cellebrite Co-CEO Yossi Carmil. "The acquisition is a major milestone in our journey to help our customers build safer communities and we welcome the BlackBag team to Cellebrite."



8 Comments

apple ][ 13 Years · 9225 comments

Why is the govt asking Apple to unlock the terrorist's phone?

Why don't they ask this company?

jimh2 8 Years · 670 comments

Will this one stop shop be able to beat Apple's Disk Encryption for MacOS? I am thinking they will not be able to.

SpamSandwich 19 Years · 32917 comments

I thought breaking encryption like this was considered a Federal crime and violated the DMCA. Guess when government violates the laws all is forgiven, eh?

seanismorris 8 Years · 1624 comments

Pretty funny Trump saying Apple should unlock a terrorists iPhone, then Cellebrite makes an announcement jumping up and down and waiving their arms... we’re right here... what are you blind?

I also find it ironic the terrorist is from Saudi Arabia (just like 911) which is our big “ally”.

seafox 17 Years · 90 comments

apple ][ said:
Why is the govt asking Apple to unlock the terrorist's phone?

Why don't they ask this company?

Probably because they don't want to spend $900,000 every time they need to get into an iPhone. Not to mention what would happen if there really wasn't anything worthwhile found on the device after spending all that dough. Much better to get Apple to do it for them, proving they had the ability the whole time, then they can just legally force Apple to do it for free every time from then on, Or even better, make Apple give them the tools to do it themselves whenever they want -- even if it's not a lawful police investigation!