Cell Forensics Extraction Tools

Last Updated on Sunday, 24 January 2010 02:35 Written by daniel.solid Friday, 25 December 2009 12:40

In a previous article, we laid out a brief case for why cell forensics are valuable for law enforcement – even on the local PD level. We essentially pointed out that if you are not collecting cell forensics from your suspects, then you are missing a serious opportunity to close cases. But more than just collection, we said that it is important to do something with the data in the form of analysis in the context of the rest of the case data.

What was once a very challenging forensic task has become easier with the development of push-button cell forensic extraction devices. We will recommend several of these cell forensic extraction devices – some that cost, but also many that are free.

Manual Data Extraction

The manual extraction of cell forensic data is a tedious, time consuming process. There is very little training available. In addition, the amount of customized hardware and tools required present challenges for even the most seasoned professional technicians.

Over in the UK, analysts are disassembling the phones and pulling data directly off of the data boards themselves; so, we know the manual approach can work. But I would submit that in light of rapidly advancing extraction toolset available, manual analysis is no longer yields the best time to results ratio.

Automated Extraction Tools (free)

There are sites on the web that offer free tools for an investigator to use to perform cell forensics. Many times, these tools are limited and focused a small set of phones – but can be useful nonetheless. One tool is Bitpim. BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers.

Another free tool focused on Blackberry devices can be found BlackBerry.com. The user can download the Blackberry Device Manager and back-up any Blackberry device. The back-up file is in a proprietary format (IPD) and extracts some very useful forensic data including call records, SMS, emails (including all content) and calendar events. An IPD file can be converted to a useable format by using another tool – ABC Amber Blackberry Converter. It is not free, but only costs $19.95 for the tool.

Automated Extraction Tools (cost)

• The Cellebrite UFED (Universal Forensic Extraction Device) automatically extracts and parses data from over 2,000 different cell phones, including CDMA phones (like the ones that run on Verizon and Sprint) and GSM phones (AT&T & most international carriers). That is 95% of all phones in existence. Their new UFED Physical Pro model also allows investigators to access deleted content.
• Another significant tool widely used is the Micro Systemation’s XRY/XACT. Touting support for almost 1000 phones including the new Android, this cell forensic tool is becoming a must for investigators.
• Susteen / Data Pilot’s Secure View is a unique hand-held computer that allows the user to both extract forensic data and do basic analysis

But in the next article on analysis, we will move beyond extraction.  We will look at some cutting-edge investigation software that imports and analyzes the call records, phone books, text messages, emails, and more with the push of a button.

Attorney General Candidate Plans to use Technology to Fight Crime

Last Updated on Friday, 11 December 2009 02:20 Written by daniel.solid Friday, 11 December 2009 02:20

In what feels like a breath of fresh air to crime investigators and analysts, California Attorney General Candidate Chris Kelly released A Plan to Use Technology to Fight Crime.  Kelly is currently the Cheif Privacy Officer for Facebook, so he has a lot of experience working with law enforcement from across the country to prosecute predator’s on the world’s largest social networking site. Solid Forensics thinks his plan sounds good on the surface, but that actually implementing a cost-saving technology development plan is harder than he makes it sound.

Point number one on Kelly’s plan outlines the need to update crime labs throughout California; both DNA and tech labs, in his opinion, need to be implementing better technology and standards accompanied by better training. The second point on Kelly’s criminal investigations technology plan is to create a “standardized crime mapping system across California”.  This would allow agencies to collaborate on geo-crime data for incidents, suspects, and even live tracking.  The other points are rather vague or somewhat irrelevant for the content on this blog  – so we will focus on these two.

We at Solid Forensics think that Mr. Kelly’s plan to improve lab technology and provide cross-agency mapping sounds great – but the “devil is in the details” as they say.  He claims that implementing new technology will reduce costs for an economically struggling California budget.  But in our opinion, which is based on extensive experience in actually providing this technology to law enforcement, their are plenty of systems out there that will not save anyone money.  Why?  Because they are developed and selected by government bureaucrats.

Kelly’s plan that is missing is the partnership with the private sector to needed accomplish these developments. Kelly mentioned “improving the DNA labs” across the state.   Good luck with that.  You may be able to speed up the processing of DNA samples from high-profile crimes, but you will never reach the level of effectiveness that is possible with a local partnership with a private firm.

Take the Palm Bay, FL successful implementation of a Local DNA Indexing System, for example.  They have managed to reduce their crime by 20% by partnering with DNA:SI labs to develop a LODIS system for use throughout their department.  We will write more on this development in the future, but the point here is that they saved residents millions of dollars in lost assets with a minor investment in a small firm to provide a service that – like the local PDs in California – is also provided by the state.

But the state – just because of it’s size – will NEVER be able to handle the volumes of DNA collection, identification, and analysis required to reduce crime like Palm Bay did.  It takes collaboration with private firms on the local level.  Any state-wide programs will be inhibited by red tape, lack of support for the systems, and sheer sluggishness due to size.

So, although Chris Kelly may have the right intentions, his state-wide, government-based solutions will ultimately end up costing taxpayers even more dollars that in our opinion, will never produce the return on investment that simply promoting local crime-fighting partnerships would generate.

Cell Forensics: Powerful Intelligence for LEOs

Last Updated on Thursday, 4 February 2010 07:54 Written by daniel.solid Tuesday, 8 December 2009 10:26

Gone are the days of analyzing pay phones.  Say hello to 2010: everyone, including the criminals we investigate, is using a cell phone.

And yet, it is hardly acceptable to just call these devices phones;  they would more appropriately be dubbed as “mini computers” with a whole host of valuable information for investigators.

Sadly, though, many local law enforcement agencies seem to think that analyzing cell forensics is “out of their league”.  Nothing could be further from the truth.  In fact, Europe, and especially the UK, are leaps and bounds ahead of us when it comes to taking advantage of mobile forensics – not because cell forensics are all that difficult, but because they recognize the value of the intelligence. In this article, we discuss the importance of cell forensics. In the next article, we will point out our favorite tools for extraction and analysis.

What are cell forensics?

This may seem like a stupid question, but I can think of at least a couple PDs that would give me a blank stare at the mention of “cell forensics”.  So here is my definition:

The extraction and analysis of data present on seized cell phones.

These phones are most often on an arrested suspect or are obtained through a warranted search.  I will not be going into details on how to legally obtain these devices; I have to assume a certain level of criminal justice knowledge here.  However, know that the entire process from acquisition to conclusions needs to be documented if you plan to use the data in court.  Consult your DA and make sure you acquire the devices correctly.

The data acquired from these phones includes:

• Numbers called and numbers calling in (aka Call Detail Records or CDRs)
• Address books
• Text Messages
• Pictures (sometimes with geographical location data!)
• Emails

Why are cell forensics so important?

If applied correctly, they can lead you to the next step of your investigation.

You get to see who has been called recently by your suspect, who is important enough to make it in his phone book, and in the case of a growing number of devices, you get to see who he is emailing.

However, cell forensics only have value if you have a system for analyzing them.  I have heard digital forensic acquisition professionals rant on and on about how they can get thousands of files off a phone.  This “feat” is completely pointless unless you have a plan for actually analyzing the data from the phones in the context of the case you are working.

In the next article, we will look at the hardware necessary to extract information along with the only software system in existence today that is actually performing analysis on cell forensics in the context of the rest of an investigator’s case.

If you have any questions, feel free to send us an email using the “contact us” tab at the top of this page.