Cell Phone Forensics – Extracting Personal Data from Cell Phones

DAta1

Your cell phone likely contains more personal data than your wallet. It is a repository of every number you have ever called, every website you’ve used it to visit, every text you’ve ever sent, your location at any given time (as well as where you’ve gone in the past) and a host of other information. Cell phones can provide a treasure trove of data for those working in forensics and the data frequently helps solve cases and win convictions. Let’s take a look at how cell phone data is extracted, as well as some famous cases that were solved thanks to cell phones (and one that wasn’t).

It Starts with Your Service Provider

Whether your get your cell service from Verizon, AT&T, T-Mobile or another provider, your cell phone service provider keeps records of who you call, when you called them, where you went (thanks to the GPS location on your phone), who you texted, and when you texted.

Most of us know that between the years 2001 and 2015 the National Security Agency (NSA) requested cell phone data from services providers on a grand scale – they gained this information on the majority of Americans whether they were suspected of wrongdoing or not – but you may not know that law enforcement regularly does the same thing, frequently without a warrant. This is possible because the cell phone service providers sell access to their logs. They have created repository databases of their user data, and they sell both access to those databases as well as data specifics like cell tower dumps for a fee. Right now, the databases are only accessible to law enforcement agencies (you can’t for example, pay Verizon to tell you where your significant other was last night using the GPS on their phone) but law enforcement officials can find out easily. It’s big business too – in 2012 cell providers raked in about $20 million dollars selling data to law enforcement agencies. Cell phone forensics begins with the providers and continues once police gain physical access to a subject’s phone.

Cracking Your Cell Phone

Once Forensic Technicians gain access to a cell phone they have two primary goals: extract as much information as possible, and preserve it in a manner that is admissible in court. Extracting both current and deleted data on a cell phone is possible, just like it is with a computer. Data that can be recovered from your cell phone (even if you’ve deleted it or done a factory reset) includes: your photos, videos, the content of your texts, your contacts, banking details (if you use your bank’s app), your GPS location history, your emails, and a whole lot more. Forensic technicians extract data by using specialty software (and some of the software they use is publicly available). If you are working on your forensics degree and wish to work in this industry, you may want to learn how to use the publicly available software, and add it to your resume. It will help you find work after you graduate. You may also want to check out this NIST analysis detailing the current software, it’s capabilities and it’s limitations.

Three Famous Cases Solved Using Cell Phone Data

Jodi Arias

JodiArias1

Jodi Arias was convicted of the murder of Travis Alexander in 2013, partially thanks to the information contained in her cell phone and the phone belonging to the victim. Police knew from cell phone tower dumps that her alibi didn’t match up with her actual location and his phone contained messages she left for him after she murdered him in an attempt to establish her alibi (as well as multiple texts where she tried to establish contact prior to his murder). She was sentenced to natural life in prison.

 

Darryl Littlejohn

DLittlejohnIn 2009, nightclub bouncer Darryl Littlejohn was sentenced to life without parole for the rape and murder of 24 year old student, Imette St. Guillen. His cell phone records revealed that he made multiple calls after the murder, specifically while he was traveling from Queens to Brooklyn where he dumped her body.

 

 

Kruse Wellwood

Kruse2In 2010, 16 year old Kruse Wellwood raped and murdered his ex-girlfriend, Kimberly Proctor. Like Arias, Wellwood tried to establish an alibi by contacting the victim’s cell phone after the murder – he sent her a text saying, “Hey, I thought you had babysitting did you finish early?” The cover text wasn’t enough to prevent police from finding the avalanche of digital evidence Kruse left behind – linking him and his best friend Cameron Moffat to the crime. Detectives recovered so much data on Kruse and Moffat that if they had printed it out, it would have taken up about 1.4 billion pages. One critical piece of evidence presented at trial included a text message Kruse sent from the location in the woods where he and Moffat tried to burn Proctor’s body.

 

The Case That Got Away

apple vs fbi1

The 2016 mass shooting in a night club in San Bernardino, California remains one of the most famous cases where cell phone data could not immediately be used to gain information about a case. This is because tech giant Apple refused to comply with the FBI’s demand that they build a backdoor program which would allow them to get data from one of the shooter’s cell phones. Some Apple phones have a feature that automatically wipes the data off the phone after ten incorrect guesses at the password. The FBI wanted a way to disable this feature so that they could use a brute force attack to unlock the phone and get at the data, but Apple refused. The FBI did eventually gain access to the smartphone data months later, with the help of a third party; but the case highlights the legal issues facing retrieval of smartphone data. Even after a judge ruled that Apple had to comply, they found a way around it and the case was eventually dropped. Our laws have not yet caught up with our ability to collect digital data and until they do, be aware that nothing you do on your phone is private and for the most part it’s all easily obtainable.