Sunday, November 13, 2011

Cell Phone Forensics

By Andrea Campbell

Statistics are that in 2005 over two billion cell phones were out in the universe. Today that number hovers around five billion. Estimates are that that number of mobile phones will grow by another billion in 2012—that’s a lot of communication devices and evidence.

New Technology

Unfortunately for many crime scene investigators today there isn’t a lot of information about how to collect and use mobile phone forensics because this technology is in its infancy. Unless investigators operate in a large metropolitan area where there are plenty of technology nerds to consult, or unless they have access to professional organization training seminars, odds are they will not have the kind of knowledge needed or know how needed to utilize what a phone offers: data from a call list, photographs, text messages, video and more usable leads.

Cyber Forensics

According to Science Daily, “Approximately 80 to 90 percent of legal cases today involve some sort of digital evidence.” It’s the recovery and interpretation of this evidence that is sometimes in question by the courts and, at other times, just difficult to access correctly or to explain to juries. Cyber Forensics also involves other devices such as mp3 players, CDs, and more. Wayne Jansen, researcher with the National Institute of Standards and Technology says, "One of the first things that's looked at is a cell phone now.” But unclear forensic tactics for gathering evidence means that some investigators resort to ad hoc tools and procedures—making cell data likely to face new hurdles in the courtroom.

Flasher Box

Non-experts can transfer cell phone data to a computer with a flasher box. According to Lester Wilson, managing director of a London company that makes forensic tools and who often works for police extracting evidence, "People seem to take joy in recording their crimes to their mobiles. Anything you can think of--street robbery, kidnapping, sex crimes--they're taking pictures…" Apparently getting a “forensic” tamper-free version of a tool has not always been available until more recent machines and software. There will always be some models for which no existing forensic tools work. In that case, "Sometimes the best tools are hacker tools, as long as they've been thoroughly examined and reverse-engineered," said Jansen, who helped write NIST's official recommendations for documenting the chain of evidence and creating tamper-proof files. And with the plethora of cell phone choices, the more complex models can be problematic as they are vulnerable to tampering. This means that using wireless technology, the data can be changed.

Seize, Isolate and Document: Data Mining

According to the National Institute of Justice, by exporting information from multiple digital devices (such as call logs from multiple cellular phones or e-mails from computers) and importing that data into an analytical software package, investigators using data-mining techniques can diagram and visualize a criminal enterprise or a timeline of events. This graphical representation can make it easier for investigators to understand the complex relationships in a criminal enterprise or for a jury to understand criminal activity and the possible connections among offenders in a courtroom presentation

SOP

All cell phone discovery must start with Standard Operating Procedures and handled carefully and documented just as other evidence to prevent contamination or tampering. This starts with the legal rights to collect such evidence, photographing of all phases, isolating the components to prevent remote access or a network signal, maintaining network isolation and proper documentation and, so often overlooked, preparation for the courts. For now some investigators will have to enter into training courses, seek certification and the counsel of veterans, and stay in the loop as far as obtaining the most current software and technologies.


Reference & Resource


Dixon, Evan, “Best Practices in Mobile Phone Investigations”, Evidence Technology Magazine, Sept.-Oct., 2011.
http://www.sciencedaily.com/videos/2009/0104-digital_evidence.htm
http://www.wired.com/politics/law/news/2007/05/cellphone_forensics
http://www.nij.gov/topics/forensics/evidence/digital/mobile/welcome.htm
https://www.ncjrs.gov/txtfiles1/nij/199408.txt
Photos: everystockphoto.com

3 comments:

Anonymous said...

It's only a question of time before somebody comes up with an app for effectively wiping a phone in seconds or encrypting everything inside it.

Anonymous said...

It would make sense to have an app to wipe it. But big corporations want to do everything they can to sell people's data so its not likely to happen

Anonymous said...

No habla espaniol.