Hold the phone

Feb. 20, 2015

Mobile Forensic Fundamentals, Cellebrite

Instructor: Buddy Tidwell, Director of Global Training for Cellebrite, a mobile forensics company.

Tidwell says police officers are good at securing and preserving physical evidence, such as a physical mobile device, but they still have trouble preserving the digital evidence on a mobile device. “We regularly hear about police officers who access a device, manipulate the icons, scroll through the images or text messages, and so on. All of that changes the evidence, and the officer risks inadvertently deleting the evidence, too. We also hear about officers who improperly (or not at all) bag, tag, or document evidence they seize, fail to preserve evidence, etc. That can complicate efforts to obtain data.

“The Riley decision last June established a bright line for particularity during a search. Officers need to be able to identify date and time ranges as well as content types when they seek a search warrant, or perform a search under exigent circumstances and arguably, even during a consent search, to protect their subject’s privacy.”

Mobile Forensic Fundamentals is part of a broader core curriculum that encourages professional certification at various stages of mobile device evidence collection and analysis. From Mobile Forensic Fundamentals, the Cellebrite Certified Logical Operator (CCLO), Cellebrite Certified Physical Analyst (CCPA), and Cellebrite Certified Mobile Examiner (CCME) all follow.

What you will learn: Understand how and why digital evidence collection is like any other form of evidence collection, and why it’s wise for those responsible for collection and analysis to be certified.

No two smartphones are alike. iPhones and Androids may work the same way on the surface, but underneath the way the store data is different. These data structures can tell a forensic examiner a wealth of information about how a subject uses their device—favorite apps, when they use the device the most, where they travel—so it is critically important to preserve the device without trying to access the surface data.

Just because it’s damaged or prepaid, doesn’t mean you can’t get data from it. Never write off a smartphone with a shattered screen or crushed data ports. Well trained and equipped forensic examiners can get a surprising amount of evidence from accidentally or purposely damaged devices.

A lot of analysis is automated now, so you don’t have to spend time manually putting together text messages or call logs from two or three suspects’ devices just to establish that they were communicating with one another. You can do link analysis on mobile devices and call detail records alone, without having to involve specialized analysts, to establish patterns of communication and travel among more than one person.

Looking ahead: Cellebrite’s Tidwell says the way smartphone users use their phones is changing in large part over privacy concerns. “Encryption technology is gaining ground, as is cloud storage, both of which complicate investigators’ efforts to obtain timely evidence and intelligence with which to do their jobs. While mobile forensic technology is trying to keep up, training will continue to be a critical path item for investigators to help them stay informed of new technology, legal issues, and how it all impacts their work—whether it’s finding a workaround for a tech challenge, or simply staying up to date on what’s around the corner. A major, high profile case is not the time to be caught unawares about some legal or technological issue.”

Cell Phone Data and Mapping, Police Technical

Instructor: Ashley Englefield

Upcoming dates: One every month in 2015, at various U.S. locations

From the website: “The amount of data retrieved during a cell phone investigation can be staggering. Call records and tower data generate hundreds of records in just a few days from a single phone, tens of thousands of records are not unusual.” This session teaches managing and mapping cell phone data for case management and prosecution.

What you will learn: Create CDR maps to show where a cell phone was during a period of time, putting a suspect ‘at the scene of a crime’. Create a database from data collected in criminal cases to aid in the development of higher possible charges or additional suspects.

Who can attend: Any law enforcement officer at any stage of his or her career

What you need: This course costs $350 to attend. A laptop with Microsoft Excel, Word and PowerPoint (version 2003 or higher)

Thomas M. Mason, Police Technical’s CEO says a lot of officers are doing it wrong. “They are provided a lot of information by a search warrant, but understanding that data is difficult, often case by case, and not something that is readily self-taught.  The problems of misunderstanding CDR data exposes their criminal cases to errors in deductions and jeopardizes their testimony in the courtroom.

While 20 years ago most crime had an auto nexus, meaning a car was used in the commission of crime or post-criminal activity (a getaway or transporting stolen goods), today’s nexus has shifted online and to handheld devices like cell phones.

He says cybercrime is an obvious example, but even “highly-volatile, person on person crimes with no apparent connection to the online world have a traceable online profile based on a subject’s online participation (or lack thereof), witness discussion on social media, and even posting of evidence both physical (like a stolen car parts) and media based (videos).”

Sponsored Recommendations

Build Your Real-Time Crime Center

March 19, 2024
A checklist for success

Whitepaper: A New Paradigm in Digital Investigations

July 28, 2023
Modernize your agency’s approach to get ahead of the digital evidence challenge

A New Paradigm in Digital Investigations

June 6, 2023
Modernize your agency’s approach to get ahead of the digital evidence challenge.

Listen to Real-Time Emergency 911 Calls in the Field

Feb. 8, 2023
Discover advanced technology that allows officers in the field to listen to emergency calls from their vehicles in real time and immediately identify the precise location of the...

Voice your opinion!

To join the conversation, and become an exclusive member of Officer, create an account today!