Mobile Forensics and eDiscovery Comparison

The following is a comparison I put together of my opinions on gathered research for various commercial mobile forensics and ediscovery tools. These tools were selected for having broad mobile ediscovery and acquisition capabilities, as well as being professionally reputable. While we've done a technical mobile forensics dive on this blog before, this post will be focused on professional ediscovery and acquisition suites, as opposed to the analysis end of the spectrum. Further, this will be a very high level comparison of capabilities (of these largely equivalent mobile forensics suites), based on the information available to me at the time. While I've used some of these tools, I have not used all of them; and ideally my personal experience with these tools does not play into my gathered thoughts here. The following link is a helpful chart that shows how nuanced and important the right tools can be for mobile forensics data acquisition, it's critical to make sure your tool of choice can acquire your target mobile device model. Also, books like Practical Mobile Forensics will show one how to best leverage some of the following tools in their investigations. The following are some estimated (prices and) information about these mobile forensics suites:

Oxygen Forensics Suite Pro Dongle
$3,000-$3,6000, 1 yr license
Can generally acquire Android, iPhone, Windows Phone, and Blackberry.
Has rooting capabilities, malware detection, and special application analysis; highly recommended by analysts.

FTK Imager MPE+ (Mobile Phone Examiner)
$3,000-$9,000, 1 yr license
Can generally acquire Android, iPhone, and Windows Phone.
Plugs into the FTK family with broad acquisition capabilities but has poor reviews of being slow and bad support.

Cellebrite UFED 
$3,500-$11,000
Can generally acquire Android, iPhone, and Windows Phone.
Very capable and popular for ediscovery, has some specialized application parsing.

Blacklight
$3,400, 1 yr license
Can generally acquire Android and iPhone/iPads.
Somewhat clunky interface, runs on OS X and Windows, and has specialized application analysis.

XRY
$3,000-$8,000, 1 yr license
Can generally acquire Android, iPhone, Blackberry, and Firefox OS.
Highly praised for it's broad acquisition capabilities (including various bypasses for locked devices) and analysis tools.

Some specific tools will still be critical for acquisition or when one encounters specific applications or mobile scenarios (like needing to brute a pin code or root a device). Heather Mahalik author of Practical Mobile Forensics, shows how to best leverage some of the above tools and highlights their strengths. If you have the resources, owning a few of these tools and leveraging them to their strong suites is key here, otherwise you will want to have broad acquisition capabilities or know specifically what devices you will have to acquire from in your practice. Both Encase and FTK have broad acquisition capabilities with Android. Here is a great paper showing that, EnCase and FTK beating out Oxygen on Android acquisition and analysis. Cellebrite is another preferred favorite for acquisition, except when it comes to one off app analysis and edge cases, then people have a myriad of specialized tools they prefer. Here we see similar evidence, showing a strong analyst preference towards working and looking at data in XRY over Cellebrite UFED, yet Cellebrite is maintained as a staple tool for ediscovery.