UFED stands for Universal Forensic Extraction Device. It is the product line, not a single device: UFED Touch 2 (the field-deployable hardware unit used at borders and field operations), UFED 4PC (software-only on a forensic laptop), UFED Premium (the high-end tier targeting current iOS and Android), UFED Cloud Analyzer (extracts data from cloud services given credentials or tokens). All sold by Cellebrite.
What it means in practice
UFED is what is happening to your phone in the back room when a border agent says “we need to take this for a few minutes.” The unit cables into the phone and runs a sequence of acquisition methods, escalating from logical (what the OS exposes through standard backup APIs) to file-system (deeper, requires more permission) to physical (bit-for-bit, the goal). The operator sees a progress bar, hands back the phone, and walks away with a forensic image. The image is then opened in Cellebrite Reader, Magnet Axiom, or another analysis tool to surface messages, photos, location data, deleted-but-recoverable files, app data, and anything the device synced from the cloud. Acquisition can take 15 minutes for a logical pull or many hours for a full physical on a high-storage device.
Who uses it, and against whom
Operated by border agencies (CBP at US ports of entry, UK Border Force, Australian Border Force, equivalent elsewhere), local and federal police across at least 100 countries, military intelligence units, internal-affairs investigators, and increasingly civilian forensic labs serving family courts and corporate investigators. Against whom: anyone whose phone is in the custody of someone running UFED. That includes seizure with a warrant, seizure without a warrant at a border, voluntary surrender for “inspection,” and consent-based exam in a custody case where one parent agreed to a court-ordered phone audit. The lawful range is wide and the technology is the same in all cases.
What you can change today
The single highest-leverage action is the passcode upgrade: replace a 6-digit numeric PIN with an alphanumeric passphrase of 10 or more characters. UFED Premium against a 6-digit PIN is hours; against a 10-character alphanumeric, it crosses into the impractical range for most operational deadlines. Combine with: power off (BFU state) before crossings, USB Restricted Mode on iPhone, lockdown mode on Android, and offload sensitive content to a Proton Drive or other end-to-end encrypted store before the trip with the local copies deleted (then emptied from Recently Deleted, then waited 30 days for the album to actually purge).