Cell Forensics: Powerful Intelligence for LEOs

Last Updated on Thursday, 4 February 2010 07:54 Written by daniel.solid Tuesday, 8 December 2009 10:26

Gone are the days of analyzing pay phones.  Say hello to 2010: everyone, including the criminals we investigate, is using a cell phone.

And yet, it is hardly acceptable to just call these devices phones;  they would more appropriately be dubbed as “mini computers” with a whole host of valuable information for investigators.

Sadly, though, many local law enforcement agencies seem to think that analyzing cell forensics is “out of their league”.  Nothing could be further from the truth.  In fact, Europe, and especially the UK, are leaps and bounds ahead of us when it comes to taking advantage of mobile forensics – not because cell forensics are all that difficult, but because they recognize the value of the intelligence. In this article, we discuss the importance of cell forensics. In the next article, we will point out our favorite tools for extraction and analysis.

What are cell forensics?

This may seem like a stupid question, but I can think of at least a couple PDs that would give me a blank stare at the mention of “cell forensics”.  So here is my definition:

The extraction and analysis of data present on seized cell phones.

These phones are most often on an arrested suspect or are obtained through a warranted search.  I will not be going into details on how to legally obtain these devices; I have to assume a certain level of criminal justice knowledge here.  However, know that the entire process from acquisition to conclusions needs to be documented if you plan to use the data in court.  Consult your DA and make sure you acquire the devices correctly.

The data acquired from these phones includes:

• Numbers called and numbers calling in (aka Call Detail Records or CDRs)
• Address books
• Text Messages
• Pictures (sometimes with geographical location data!)
• Emails

Why are cell forensics so important?

If applied correctly, they can lead you to the next step of your investigation.

You get to see who has been called recently by your suspect, who is important enough to make it in his phone book, and in the case of a growing number of devices, you get to see who he is emailing.

However, cell forensics only have value if you have a system for analyzing them.  I have heard digital forensic acquisition professionals rant on and on about how they can get thousands of files off a phone.  This “feat” is completely pointless unless you have a plan for actually analyzing the data from the phones in the context of the case you are working.

In the next article, we will look at the hardware necessary to extract information along with the only software system in existence today that is actually performing analysis on cell forensics in the context of the rest of an investigator’s case.

If you have any questions, feel free to send us an email using the “contact us” tab at the top of this page.