Digital Forensics and Fraud Investigation: What Cellebrite's Tools Can Do

Guest speaker:

Hamish Findlay, Senior Strategic Account Director at Cellebrite, spoke at Counter Fraud 2026 about the growing role of digital forensics in fraud investigation, the scale of the data challenge facing investigators, and how purpose-built tools are helping teams work through it faster and more defensibly. Here is a summary of what he said:

The data problem is already beyond manual review

Findlay opened with a striking illustration of the scale of the problem facing fraud investigators today. A standard mobile device in 2026 holds around 60,000 messages, 32,000 images and 1,000 videos. A 128 gigabyte device - not a particularly large one - contains the equivalent of 3 million sheets of paper. Stack them up and you are looking at two and a half times the height of Ben Nevis. Now multiply that across 10, 20 or 30 devices in a single case.

That volume is beyond manual review. Yet 80% of investigators say they do not have the right tools to work with the data they are collecting. Fraud and financial crime now account for around 40% of reported crime in the UK. Smartphones are involved in 97% of cases. The average time to review digital evidence, look at videos, photos and messages, and produce reports is 39 hours per device. When case volumes increase, that figure becomes unworkable without automation.

Findlay's core argument was that digital devices are not just sources of evidence - they are impartial witnesses. They are always on, always recording and always consistent. The challenge is not gathering them. It is making sense of what is on them quickly, at scale, and in a way that is defensible in court.

Cellebrite's platform: Four tools, one end-to-end workflow

Findlay described Cellebrite's portfolio as an end-to-end investigation platform built around four products, each addressing a distinct stage of the digital forensics workflow.

Cellebrite Inseyets (the extraction tool that the company is best known for) is designed to access and extract data from the latest iOS and Android devices. Critically, this includes encrypted data and containerised application data: cryptocurrency wallets, encrypted messaging apps, and other sources that are particularly relevant to fraud cases. The tool can bypass device lock screens and decrypt individual application databases, giving investigators access to data that suspects may believe is secure.

Pathfinder is Cellebrite's AI-powered multi-device analytics tool. It is designed to surface connections across large, complex datasets and reduce the time it takes to reach evidential conclusions. Findlay highlighted several specific capabilities that are directly relevant to fraud investigation.

• Media analysis automatically categorises images and videos on a device into predefined groups - documents, barcodes, money, and others - so investigators are directed towards the most relevant material rather than scrolling through thousands of files. Custom categories can also be created, so if an investigator is looking for a specific document type or a particular individual, they can feed Pathfinder a small number of reference images and it will search across the full dataset for matches.
• OCR - optical character recognition - extracts text from images and makes it searchable. In document-heavy fraud cases, this is particularly powerful.
• Text and topic analysis automatically tags messages by theme. Where Pathfinder identifies conversations relating to money, evidence obstruction or other relevant topics, it flags them so investigators can filter directly to what matters rather than reading through millions of messages.
• Link analysis gives investigators a network view of a suspect's communications - who they are connected to, across which platforms, and when. Findlay demonstrated this live: starting from two devices, the tool immediately surfaced a third individual who appeared as a common contact, bringing someone into the investigation who had not previously been identified. Critically, Pathfinder combines communications across Facebook Messenger, WhatsApp, email and SMS into a single coherent timeline, removing the need to jump between applications.
• Location analysis consolidates all location traces found on a device - Wi-Fi data, GPS, application data - allowing investigators to identify frequently visited locations and focus their work accordingly.

Cellebrite Guardian: Cloud-based sharing and AI-assisted review

Findlay described a workflow that many investigators will recognise: a device is extracted at a location hours from the relevant office, copied to a pen drive, physically transported, and then handed to an investigator to plug in and open. Cellebrite Guardian is designed to replace that process. It is a cloud-based, SaaS digital forensics platform that allows an extraction to be uploaded immediately and shared with an investigator anywhere via a secure link, opening instantly without any physical transfer.

The cloud-based architecture also makes AI capabilities more powerful within the review process. Findlay demonstrated an AI summary function: rather than an investigator reading through a lengthy message thread, a single click produces a paragraph summary of what the conversation covers and flags any topics of interest. A translation feature performs the same function for foreign-language conversations, producing a short English summary with key points highlighted. Both features are designed to cut review time significantly without replacing the investigator's judgement - they direct attention, they do not make decisions.

Guardian is already in use across multiple UK police forces and government agencies. The transition from offline, on-premise digital forensics towards cloud-based SaaS products is, Findlay said, a direction the sector is moving in - and one that makes collaboration between agencies considerably more straightforward.

AI on both sides of the investigation

Findlay was candid about a challenge that runs through all of these capabilities: fraudsters are also using AI, and the tools available to them are improving rapidly. The ability to generate convincing fake identity documents, for example, is already a live issue for fraud investigators. Cellebrite's response is a media origin analysis capability built into Inseyets that can determine how an image arrived on a device - whether it was taken directly, received via WhatsApp or Telegram, or downloaded - and can give a strong indication of whether an image is AI-generated by examining its metadata and characteristics.

His broader point was that the same technological shift that is making fraud more sophisticated is also making investigation tools more powerful. The question for fraud teams is whether they are keeping pace - and whether they have access to tooling that can process the volume of digital evidence that modern cases generate in a way that is both efficient and legally defensible.