How can vulnerabilities in forensic software affect cases brought to the courts? That question was the impetus of what kicked off my research on the Cellebrite UFED. We'll cover what my process was, what I found, how I went about reporting my findings, and the concerns, hopes, and fears I had along the way. Forensic tools like these are often expected to only be available under strict non-disclosure agreements. That didn't stop me from being able to legally obtain several of their devices though. I rooted them and reverse engineered the cryptographic implementation protecting their forensic tools and exploits. We'll talk about their use of hardcoded authentication keys and what the possible implications of my findings were and how they've been addressed. We'll also cover not just how these tools can help law enforcement, but how they can hurt everyone else in the process and how you may be able to defend yourself from them. Join me for a demonstration where my proof-of-concept Android application is able to detect and defeat *some* of the extraction options of the Cellebrite UFED.