Why Local Law Enforcement Should Take Mobile Forensics Seriously

aodaodaodaod / Shutterstock.com

Police in Providence, Rhode Island, call Det. Teddy Michael when they need mobile forensics on a case, like the murder of a 12-year-old girl, where the suspected shooter handed over his cellphone to authorities.

The suspect thought he’d deleted every incriminating piece of evidence off the device but Michael, using Cellebrite’s Universal Forensic Extraction Device (UFED) Physical Analyzer, recovered texts and Facebook messages.

Texts to a girlfriend revealed the man made up his story about his car being stolen.

“He said he’d been sleeping the whole night, but I found he’d been Facebook messaging a bunch of different girls,” Michael told Route Fifty in an interview. “I knew I had him.”

Since 2007, cases involving computer hard drive forensics have declined while mobile forensics have risen, increasing law enforcement demand for the ability to unlock, extract, decode and analyze digital evidence off smartphones and other mobile devices.

Israel-based data extraction company Cellebrite’s technology helps its law enforcement customers internationally with thousands of cases a year, particularly those tied to organized crime: drug trafficking, gang violence and Internet crimes against children.

“We’re starting to see bottlenecking of cases in police labs because of the time it takes for investigators to get access to mobile information,” Jeremy Nazarian, Cellebrite marketing vice president, said in an interview. “Law enforcement wants increased access to that information in the field, and the driver is that backlog.”

“There’s a major trend toward making that data intelligible and actionable to a broader range of users,” he said.

In a midsize city like Providence, Michael estimates he’s been called into the field 50 to 75 times a year and handles about 200 mobile phones.

Generally the process goes like this: Observe the phone where it’s been discovered or on the dead body, take it into possession, dust it for prints, clean it of blood if needed. Then take it apart and put it in safe mode.

A search warrant is needed for extraction if the owner is alive, but deceased individuals have no legal standing. The warrant can be obtained after the fact if the owner has died, Michael said.

Cellebrite’s UFED Logical Analyzer rifles through easily discoverable surface data and presents it in a reporting view for easier analysis and pattern finding, while the UFED Physical Analyzer extracts and decodes previously deleted information. Data can be GPS, calls, texts, emails, applications.

Between 50 and 60 percent of the time, mobile forensics provides a lead in a case, Michael said, and multiple times it’s been the smoking gun. Literally, a kid once posted pictures of the gun used in a murder to Facebook.

“You solve crimes, but you also catch people making up crimes,” Michaels said.

When a woman accused two Providence College basketball players of sexual assault, the data dump of her mobile phone told a different story, he said.

UFED tech is offered as software or on Cellebrite-supplied hardware, and the company also provides a Link Analysis tool that visualizes mobile data connections between multiple persons of interest—helping police narrow their search and develop leads in a case quickly.

Police personnel in Providence are pleased enough with Cellebrite’s results to keep renewing the city’s sole UFED certification, held by Michael, every two years since he got his in 2010. The city began using the software in 2008.

Cellebrite Certified Mobile Examiner training entails five days of instruction on logical versus physical operation from teachers who are all former members of law enforcement. An advanced class on smartphone forensics is also available, and knowledge of mobile forensics law is instilled to help investigators ensure the digital evidence collected stands up in court.

To that end, nonintrusive boot loader technology gains access to mobile phones without altering their content, and the closed system maintains the Providence mobile forensics lab’s chain of custody of data evidence.

“It’s really important to us that mobile devices be used properly, according to state and local laws,” Nazarian said. “The same discovery laws apply as with other types of evidence, and police agencies need to be cognizant of that.”

Dave Nyczepir is News Editor for Government Executive’s Route Fifty.

NEXT STORY: Despite Increased Awareness, Cybersecurity Challenges Persist For State and Local Governments