Contraband Cell Phones in Prison – Problem or an Opportunity?

Last Updated on Tuesday, 17 May 2011 06:57 Written by kelly.solid Tuesday, 17 May 2011 06:57

 Contraband cell phones in correctional institutions are at an all time high.  A recent article in Business Week states  ”although there are no nationwide statistics, in California alone more than 10,000 contraband phones were confiscated from inmates in 2010, up from 1,400 in 2007. In Mississippi, authorities grabbed more than 4,000 handsets from prisoners last year, up 43 percent from 2009.”  The article goes on to state,  ”Illegal cell phones are probably the largest public-safety risk prisons are facing nationally,” says Terri McDonald, chief deputy secretary of California’s Corrections and Rehabilitation Dept.  The risks arise from the inmates using the phones to run outside criminal activity from prison, intimidate witnesses, coordinate escapes and order retaliation against other prisoners.

This problem has caused the correctional industry to look hard at cell jamming and finder techniques to limit the infiltration of the cell phone contraband.  Realizing that this is really a huge problem, it can be an opportunity as well.  An opportunity – you say – how does that make any sense? 

Trying to think outside of the box, lets look at some of the advantages of a cell phone in an inmate’s hand.  A contraband cell phone gives law enforcement something that they are not afforded (as readily) through the inmate use of a “secret” cell phone.  An inmate with a cell phone is  now “free” to make calls and speak freely.  They are more apt to contact individuals that would not normally contact to facilitate activities that they would not dare do on the recorded prison calls.  When a phone is then confiscated, and the cell forensics data is retrieved through the use of a Cellebrite UFED or SecureView device, we now have a full and open profile of the inmate.  We can not a only see who he talked to and text-messaged, we can bounce that against other inmates to look for collaborations on the outside and common contacts. 

Analysis of this type can be readily done using techniques in Excel – looking for correlations or other software products on the market such as THREADS - that specifically analyzes inmate phone CDRs (call detail records) and cell forensics to provide calls and callers of interest.

Cell Forensics Analysis Software

Last Updated on Tuesday, 17 May 2011 06:18 Written by daniel.solid Saturday, 22 January 2011 04:10

In two previous articles on cell forensics, we first laid out a brief case for why cell forensics are important, and then we listed our favorite mobile forensic extraction tools. But once you get the call records, text messages, address books, images, etc of the phone, how can you most efficiently produce leads for your case with the data?

The Task: Analyzing Cell Forensics

Sadly, most investigators are just viewing the data on a manual, phone-by-phone basis. This painstaking, manual process is certainly more worthwhile than not analyzing cell phones at all – but it requires the investigator to move back and forth between other data related to the case in order to identify correlations.

In our experience, most investigators dealing with cell forensics end up with multiple phones at once. This is particularly true for narcotics and gang related investigations. When you start dealing with multiple, likely affiliated phones the need for correlating the data becomes increasingly more important. However, because there is so much data to work with, the detective assigned to the case is only able to scratch the service with a manual approach due to time constraints.

Here in the USA, we are behind other countries – like the UK fore example – who have been on the mobile forensics analysis scene for a long time; but the reality is that even for the pros, the process from acquisition to extraction to analysis to correlation to lead generation is very manual. When we considered the fact that systems like the Cellebrite UFED, Secureview, and XRY already export to a standardized format, we recognized serious need for an analytical software tool that imports from these existing systems to for correlation. What do investigators need to be able to do? Here is a partial list.

The Requirements: Software Capabilities for Cell Forensic Analysis

1. Automatically import from most common cell forensic extraction hardware
2. Case management database with names, numbers, events, and whatever else is related to the case
3. Automatically match subject names & aliases, phone numbers, emails, calls, and other data to existing data already in the case management system – with manual override as needed
4. Produce graphical linkage reports based on individuals and groups of individuals connected by calls, text messages, email, calendar events, and especially phone books
5. Upon identifying numbers or names of interest, the ability to attach additional subpoenaed records to the names, images, and aliases found on the mobile phones
6. Cell tower import and mapping for subpoenaed records with lat / long data
7. The ability to maintain and export source files in an organized manner for use in court

You may be able to generate some link charts in I2 Analyst’s Notebook, but it is certainly a VERY manual process. The goal here is to make everything happen at the push of a button; that way, even if you are not a technical forensic analyst, you can still get the job done quickly. This is especially crucial for investigators; they need something that generates leads in the office so they can follow up in the field. Software systems exist for extracting the data and running a few rudimentary reports; but nothing comes close to meeting the 7 expectations listed above.

The Only Solution: THREADS™ Crime Analysis Software

The core capability of THREADS™ is criminal communication analysis, especially when it comes to call detail records. Its analysis is backed by a robust case management system that allows the analysis to link back into the records themselves, and to correlate with existing data in the case. In it’s 1.4 release which is coming out this January, THREADS™ is adding cell forensic import from the Cellebrite UFED, the Secureview, the Blackberry IPD, and soon the XRY.

Analysis inside THREADS™ investigation software yields focused leads for investigations involving cell forensics because it correlates the calls, address books, subject names (and nicknames), and more with other data relevant to the case. Existing case data can be brought into the system, and on import, everything gets matched up. There is no redundancy in the data; the more you bring in, the more rich your analysis becomes. As the system points you to new leads, you can proceed to subpoena their call detail records (CDRs) and bring those in as well. And yet, the reports inside THREADS™ are easily filtered to exclude irrelevant or distracting links.

Some Reports that THREADS™ Generates from Cell Forensics:

Subjects can be correlated to see who knows who – this chart was automatically generated inside THREADS™ based on two cell phones; one from a Cellebrite UFED, and another from a Susteen / Datapilot Secureview:

When is a subject hot and heavy on the phone? Run a timeline report to correlate events and see if communications are causal, operational, or reactionary:

Subjects (suspects) can be automatically correlated based on their communications, activities, enterprises, and virtually any sort of connection that an investigator would encounter:

Here in the near future, we will post some case studies here of real-life scenarios where cell forensics are being correlated with case data inside of THREADS™ to generate valuable leads for law enforcement. Feel free to contact us at Direct Hit Systems to Request a Demo of THREADS™.

Cell Forensics Extraction Tools

Last Updated on Sunday, 24 January 2010 02:35 Written by daniel.solid Friday, 25 December 2009 12:40

In a previous article, we laid out a brief case for why cell forensics are valuable for law enforcement – even on the local PD level. We essentially pointed out that if you are not collecting cell forensics from your suspects, then you are missing a serious opportunity to close cases. But more than just collection, we said that it is important to do something with the data in the form of analysis in the context of the rest of the case data.

What was once a very challenging forensic task has become easier with the development of push-button cell forensic extraction devices. We will recommend several of these cell forensic extraction devices – some that cost, but also many that are free.

Manual Data Extraction

The manual extraction of cell forensic data is a tedious, time consuming process. There is very little training available. In addition, the amount of customized hardware and tools required present challenges for even the most seasoned professional technicians.

Over in the UK, analysts are disassembling the phones and pulling data directly off of the data boards themselves; so, we know the manual approach can work. But I would submit that in light of rapidly advancing extraction toolset available, manual analysis is no longer yields the best time to results ratio.

Automated Extraction Tools (free)

There are sites on the web that offer free tools for an investigator to use to perform cell forensics. Many times, these tools are limited and focused a small set of phones – but can be useful nonetheless. One tool is Bitpim. BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers.

Another free tool focused on Blackberry devices can be found BlackBerry.com. The user can download the Blackberry Device Manager and back-up any Blackberry device. The back-up file is in a proprietary format (IPD) and extracts some very useful forensic data including call records, SMS, emails (including all content) and calendar events. An IPD file can be converted to a useable format by using another tool – ABC Amber Blackberry Converter. It is not free, but only costs $19.95 for the tool.

Automated Extraction Tools (cost)

• The Cellebrite UFED (Universal Forensic Extraction Device) automatically extracts and parses data from over 2,000 different cell phones, including CDMA phones (like the ones that run on Verizon and Sprint) and GSM phones (AT&T & most international carriers). That is 95% of all phones in existence. Their new UFED Physical Pro model also allows investigators to access deleted content.
• Another significant tool widely used is the Micro Systemation’s XRY/XACT. Touting support for almost 1000 phones including the new Android, this cell forensic tool is becoming a must for investigators.
• Susteen / Data Pilot’s Secure View is a unique hand-held computer that allows the user to both extract forensic data and do basic analysis

But in the next article on analysis, we will move beyond extraction.  We will look at some cutting-edge investigation software that imports and analyzes the call records, phone books, text messages, emails, and more with the push of a button.