From Phones to Drones to the Cloud: Cellebrite CMO David Gee on the Future of Digital Forensic Intelligence
ASIAN Defence Journal speaks to Cellebrite’s Chief Marketing Officer David Gee at Milipol TechX Summit (MTX) 2026 on how the company moves forward in today’s landscape of digital forensic investigations.
ADJ: Can you give us an overview of Cellebrite and its mission — what the company does, who it serves across defence, intelligence, and government environments, and what operational problem it addresses?
DG: Cellebrite is almost 20 years old with about 1,200 employees and directionally about a half a billion dollar business today. We serve around 7000 clients across over 100 countries. Cellebrite historically is primarily mobile phone digital forensics. When it comes to mobile phones, each phone is essentially a digital twin of its owner, the phone goes everywhere with its owner. Therefore, its primary historical use case is to extract evidence for law enforcement during an investigation. We assist law enforcement agencies to lawfully unlock, extract, decode, and analyse mobile phone data. As phones have gotten increasingly more powerful, there is a lot of sophisticated technology needed in order to be able to conduct digital forensics. It is vital for almost every investigation, be it murder, organised crime, scams, human trafficking, crimes against children, drug trafficking and more.
When an individual is arrested, typically authorities would search their homes, turn everything upside down, while the most vital information turns out to be on their phone. As phones became more sophisticated, the amount of data in them exploded, such as the number of saved contacts, the applications installed, calls and more. If you marry that with all kinds of other digital data, it makes it easier to get a real picture. For example whether an individual was at the scene of a crime with the victim at the time of the crime’s occurrence, and who the suspect called on their phone for instance. Sometimes it is a tad more complex if there are accomplices. Who the suspect called? Where the suspect called from and so on. Once you start to marry that in an investigative process with cell tower data, call data records, CCTV footage, chats, images and data that’s on the phone. That’s a pretty sophisticated set of analytics, which has migrated from being on-premises to being in the cloud and capable of generating the investigative workflow. So now we are not just a digital forensics expert, we work with investigators, prosecutors to build a case. And that’s historically a basic premise of our business.
Increasingly, more of what we do is protecting communities, nations, and businesses. We also do this for the private sector, you can think about large organizations that may want to do an e-discovery or an employee investigation. An example is if a company wants to conduct a fraud investigation within the organisation, the falsification of company expenses is one of the cases which happens more than we think. Our technology can be applied in certain use cases with consent being crucial. That is one category, then the defence and intelligence sector often which involve cases of people crossing borders, cross-border, scams, Take scam farms, if one scam farm gets raided, it is a trove of intelligence for data gathering coming not from just one or two phones but possibly even 100 or 500 phones. Sadly, we are in a world where conflict is rife. That means the intelligence and data that can be gathered from cross-border travel, or on the battlefront, and mobile devices has increased, so we play in all of these spaces.
Another thing to highlight is that we acquired a number of companies over the past year. People are aware of digital forensics from a phone but now you see drones and unmanned systems everywhere. When unmanned aerial vehicles (UAV) are used in criminal activity or national security activities, their threats can be mitigated by either being shot down via kinetic methods or forced down through soft kill methods. We have technology from a company that does the same thing we do for phones on drones. It extracts important data such as where it went, who controlled it, its flight trajectory and origin and its activities among them. With that in mind, we have the FIFA World Cup soon to be held in the US as well as the 2028 Summer Olympics in Los Angeles, California. So the question is how do we protect the venues or high profile events or run investigations that are potentially under threat?
That brings us to the last piece, which is our acquisition of a company called Corellium which can create a virtual instance of a phone. We are the only company in the world that can stand up a virtual instance of an iPhone. Whether it’s an iPhone X to an iPhone 17 no matter the operating system it runs on from the iPhone X onwards. This matters because security researchers can test for vulnerabilities, including testing for malware, testing how an application runs inside the phone in ways that general developers are unable to. So for enterprises rolling out applications for its employees, that is super important.
We have a whole set of tools for mobile research, mobile development, mobile vulnerability testing, and ultimately through the investigative process. This part of our business is one that really matters, because many law enforcement agencies as well as government agencies rely on our technology to assist in investigations ranging from missing children, missing persons, gang-related crime, narcotics, scams and more.
We recently held a user conference and several participants from law enforcement agencies shared their experiences on stage, including the arrest of a child predator who had been under investigation. Upon his arrest, authorities had thought that it was a one to one predator. As it later turned out, the suspect had preyed on dozens more identified by the authorities who then brought the individual to justice. This was a well documented case and it was done with the benefit of what we do. After that, another law enforcement officer stood up on stage, with both of these officers from the United Kingdom. His case was where a deranged individual had murdered his immediate family and was arrested while walking the streets thereafter. It was later found that he was on his way to initiate a mass school shooting, and this was a fact that they could not have known quickly without our investigative capabilities, our tools and analytics as a part of that investigation. So we really cover a broad range as mentioned before, missing children cases, crimes against children, organised crime, high profile crimes, scams and more.
It is crucial to stress that warrants are needed for us to do what we do. We operate lawfully in many countries, but there are also many countries that we do not operate in. This is attributed to our set of ethical guidelines particularly in terms of the democratic index of a country. If you take China for example, we do not operate there. And in this day and age, digital forensics can be said to be more relevant now than DNA was at its peak. As I mentioned, mobile phones are the digital twins of its owners. It might not know what you had for breakfast, but it knows where you had breakfast and more.
What we do greatly reduces the cost of investigations if we can have the vast majority of forensic investigative data coming out of mobile phones. In the old days, you might have had to seize the car, search the property, dig up an entire field somewhere without certainty on which area of the field it was. All that translates to overtime and a variety of other costs. We offer the ability to ascertain vital clues with great certainty. We can find out where suspects went to buy supplies and whether they used Apple Pay, Google Pay or even cryptocurrency, plus we would combine that with financial records and decode where the crypto went.
ADJ: Defence and intelligence agencies are dealing with an expanding volume of digital data from an increasingly diverse set of sources — devices, drones, cloud infrastructure. Where are agencies feeling the most operational pressure, and how does Cellebrite address it?
DG: More and more, most of the pressure is concentrated around borders for border security or even the front lines of ongoing conflicts. Take the India-Pakistan border, or conflicts in Ukraine and the Middle East. The amount of vital data and intelligence available in devices and drones in these areas have increased exponentially, therefore it has since become even more imperative to have access to those devices and electronics. On the battlefront, humans are aided by technology in what is becoming an increasingly technical war, be it drones in the air, on the ground or out at sea. Every soldier is also likely to possess phones, so the necessity of being able to triage all that intelligence and data rather than sending it back to a lab and waiting three days for example before you can truly ascertain if those soldiers are who they say they are. To do so, we have to have operating procedures and technology in place to be able to identify it.
One really relevant example that we have discussed publicly is that after US forces withdrew from Afghanistan in 2021, images of Afghans chasing after military airlifters to get out of the country come to mind, and many of them were translators, drivers or those that aided the US mission. After many of those who were evacuated onboard the transporters, they were brought to locations across the US to be processed to a certain extent, this is because despite that, almost none of the evacuated Afghans had paperwork, however they did have mobile phones. So when the evacuees arrived in the US and underwent processing, our technologies which had been utilised by US federal agencies found that 3 of those individuals were actually on the US’ most wanted list. To quote the movie A Few Good Men, “you want us on that wall, you need us on that wall”.
ADJ: The Spring 2026 Release spans device access, AI-powered analysis, drone forensics, and multi-cloud infrastructure. What is the strategic intent behind this release, and what does it signal about Cellebrite’s direction for government and defence customers?
DG: To make it simple, everything that I talked about before are now going into the cloud. But, there will always be agencies that want things in their own environment, on premises as sovereignty of data is super important. All the customers that we’ve engaged, especially here in the region, are very clear on that. Point number one is, that the amount of data has exploded, phones have gotten bigger not physically, but in terms of memory computing capacity. Local processing of those makes fewer lessons because those should be in the cloud. Users would want to take advantage of our artificial intelligence (AI) that are in the cloud to be able to carry out analytics, instead of basically having outdated technology. Singapore’s police force, the Singapore Police Force (SPF) is extremely well funded, but police forces in the outskirts of the United States, or Western Europe are actually not as modern as one would think. It can be shocking to see investigations in those regions happening through transfers of data on USB sticks or through burning CDs, which are obviously not the best available options in this day and age. There are risks of losing them or being corrupted over time after sitting in a closet somewhere for too long. It is only prudent for those to be in the cloud in order to maintain its integrity. We can know who looked at it, how it was processed, the provenance of the data in the workflow, and conduct analytics on them. Users would want to be able to interrogate the system in its natural language to analyse, build timelines of what happened with augmented data sources. That would include call data records, CCTV footage, license plate readers. When users want to do multi-data source analytics, it is even more important that all that takes place in the cloud. As such, we have that capability in the US, a handful of countries across Europe, now in South America, and we are now beginning to build that capability here in Southeast Asia. The capability of having instances of cloud-based services in countries which we have demand for. But in the case of defence and intelligence, it is still rather split. Certain countries will always want that air-gapped and in their own infrastructure. Therefore we have to serve our customers both to our native and in powerful implementations that are on-premises. Corporations on the other hand have much more comfort with cloud-based systems but that depends on data residence.
ADJ: The Spring 2026 Release adds drone forensics support across 84+ UAV models using the CFID format. As unmanned systems become more embedded in both operational and threat environments, what does that capability mean for agencies working in the field?
DG: We touched on it earlier on, but there are more drones around today than there were four years ago. The presence of drones as a threat vector in crime, national security and defence has grown exponentially. In that aspect, Cellebrite is an industry leader in being able to extract digital forensic data from a vast range of commercially available drones and several more not commercially available. How that works is we literally plug the drone into a box, extract the data, and we can know for certain who was its operator. For example, if someone caught operating a drone over a restricted area can claim that it was a one-off incident from accidentally flying off-course. But we might be able to find out from the data that the same drone actually flew over the area 17 times prior to this. That paints the situation very differently compared to the initial claim or investigation.
In a battlefield scenario or contested environment, the ability to possess such vital information right in the operator’s hands is hugely important. Even more so when critical national infrastructure ranging from power stations and other or even large-scale public events. These days, drones are even going over prison walls and delivering items to inmates, its cargo includes contraband, phones, narcotics, weapons and more. The use of drones for such purposes have grown considerably.
As a response, authorities not only need to mitigate the drone by bringing the drone down as there is no shortage of solutions available to neutralise it. But, what we offer is even more in-depth which can easily provide crucial clues to questions that need answers. Once the drone is neutralised either kinetically or non-kinetically, then comes the time to investigate. I want to be clear on what we don’t do because almost everything we do happens post-event. We do not operate malware, or function as spyware, we do not eavesdrop and we do nothing to mobile phones or devices until after an event has occurred. Even then, everything we do happens in a digital forensic investigation, lawfully through the courts and judicial process.
ADJ: Guardian Investigate unifies data from multiple sources into a single workspace with AI-powered search and timeline reconstruction. How does that change what analysts can do when managing and organizing data at scale across complex, multi-source operations?
DG: Five or ten years ago, it was an easy data dump of a phone and you’re off to the races. Today, the data sources have multiplied, we constantly circle back to CCTV, audio, license plates. Mobile phones are constantly communicating with a cell tower. Data traffic of call data records, the location of phones, when it was last pinged, who the phone called. Typically, a central repository for that would be best, paired with the analytics to be able to connect the dots, interrogate that data, create timelines. The process would include not just one person, it would involve multiple investigators working the case, digital forensic experts, prosecutors and anyone else that is required as part of that case.
Guardian Investigate now brings all of that together to be done on the cloud. So, if an investigation begins, the extraction of data from the phone would kick off the digital forensics investigation, followed by the input of that data into the Guardian platform which is then augmented with other data sources, Excel files, PDFs, open-source intelligence (OSINT) data, call data records. Once those are all put together, it is important to ensure that the data does not get tampered with, so provenance of the data and the workflows are really important. These are the things which generic AI is not capable of doing whereas we have trained our AI engine on operating procedures and processes. Our AI engine is walled off to make sure it does not access the Internet and “hallucinate” throughout an investigation. It would not make stuff up as it is all attribution reported. It can make an assessment and develop the timeline with information on where it acquired that information. If it showed call data records or text messages, investigators can click on it and see the location of the call made being pinpointed on the map. I would say there is close to zero possibility of “hallucination”.
Another important aspect is that it keeps the human in the loop, because it creates and reports insights that investigators or operators would have to read through and ensure makes sense. After information is presented, investigators check and make sure that it is indeed valid before the investigation continues. All that is now on the cloud, allowing for complex investigations, multi-data source investigations, multiple personas who are working on that investigation together. All this negates the traditional big whiteboard that one might see on the TV which has to be wiped off after each investigation and misplaced USB sticks, laptops and other factors. This calls for none of that with everything on the cloud and secured. With that, the speed of investigation increases, the investigation’s accuracy improves, and the cost of investigation decreases as well. Investigators or even chiefs can just look at the dashboards and see how many investigations are currently running and their progress among other things. This is an improvement for how investigations are run
ADJ: Crypto is most known for being untraceable, anything. So what kinds of intelligence or information can Cellebrite extract from these transactions?
DG: Though I am not the expert on this, I can only furnish you with a high level answer, we have a number of third parties integrated into our toolset that enable us to identify, trace and track crypto transactions.
ADJ: You mentioned several real life uses in the Afghanistan withdrawal and law enforcement cases in the UK, can you tell us more instances of where Cellebrite was instrumental in the past or future in other investigations?
DG: In the Spring Release, one of our augmentation investigative platforms is a generative AI capability called Genesis. Genesis, to put it simply, is close to a quick hit tool in an investigation. The Guardian platform is for multi-data source, multi-personnel, departmental investigations. Genesis is more of a standalone gentic AI. Though cloud-based, it will stand alone. And we are doing an early access on it.
In other use cases, one notable case was in the US, where an investigator went onstage during our user conference and said that his department had been trying the Genesis capability during an investigation of cooking oil being stolen from restaurants throughout the city. Investigators input the cell tower information and more into Genesis and it had narrowed down a suspect or two within over a minute. There had been 9 restaurants which had their cooking oil stolen and Genesis was able to identify a suspect within 72 seconds.
So, Genesis is a generalised investigative, kind of quick hit tool. Investigators have an idea, some data and combine it with the UFDR, which is the extraction file off a mobile phone. Once it is put into the system, it allows investigators to start with a wide net and gradually narrow it down further. Then, that proceeds to using the broader investigative workflow.
About Cellebrite
Cellebrite’s (Nasdaq: CLBT) mission is to protect communities, nations and businesses as a global leader in digital investigative and intelligence solutions. More than 7,000 global law enforcement agencies, defence and intelligence organizations and enterprises trust Cellebrite’s AI-powered software portfolio to make forensically sound digital data more accessible and actionable. Cellebrite technology allows customers to accelerate nearly 3 million legally sanctioned investigations annually, enhance sovereign security, elevate operational efficacy and efficiency and enable advanced mobile research and application security. Available via cloud, on-premises and hybrid deployments, Cellebrite’s technology enables its customers around the globe to advance their missions, elevate public safety and safeguard data privacy. To learn more, visit us at www.cellebrite.com, https://investors.cellebrite.com/investors and find us on social media @Cellebrite.
Media Contact
Victor Cooper
Sr. Director of Corporate Communications
+1 404.804.5910
Investor Relations
Andrew Kramer
Vice President, Investor Relations
+1 973.206.7760