Cell Phone Forensics Provides Legally Defensible Evidence by Martin Prinsloo, CFE, CISA, CITP, CFF
Posted on April 13, 2016 by Martin Prinsloo
The ability to collect, recover and preserve digital data stored on individuals’ personal computers and networks is not new. In fact, according to the FBI, the history of computer forensics and its use in the investigation and substantiation of evidence in legal cases can be traced as far back as the 1980s.
As technology has evolved, so too have the methods of forensic investigations and data collection. Today, individuals increasingly use their mobile devices for all of their business and personal activities, far beyond just making and receiving phone calls. In fact, the amount of information stored on one’s smartphone and its applications produce a large digital footprint that can reveal as much about that person as his or her physical fingerprint. In addition to call logs, text messages, emails, contacts, photos and videos, smartphones can reveal users’ web browser search histories; online purchases; use of social media networks, such as Facebook, Twitter and Instagram; use of instant messaging services, such as WhatsApp and Snapchat; and GPS location history. Even more interesting is that a forensic investigation can turn up information regarding what smartphone users delete and the time they delete such data from their devices.
With access to such a wealth of information, it is no wonder that courtrooms are turning increasingly to mobile device forensics to provide critical evidence in legal cases that can involve divorce, business disputes, child protection, fraud and even violent crimes. Yet, the process of mobile phone forensic investigations is not without challenges. As a relatively new field, it is used by a limited number of specialists who not only have access to the tools required to recover cellular phone data but also the unique forensic investigation skills one needs to extract, organize and present the data in a legally defensible manner in a court of law.
Key Requirements for a Successful Mobile Device Forensic Investigation
Recovery and Extraction Tools. Recovering cell phone data requires software that can perform equally well on all operating systems, including Apple’s iOS, Google’s Android and Windows, and keep up with each system’s regular updates. It should also be able to extract the information readily available on a device as well as data that may be hidden in third-party applications or that users previously deleted. For optimal efficiency, the solution must also be able to produce reports in a variety of formats that are both customizable and searchable for use in legal proceedings.
Data Preservation. It is vital that forensic investigators preserve and protect the original data on a mobile device without making any alterations that could damage its admissibility as evidence. Moreover, because smartphone users have the ability to remotely wipe all data from their devices, forensic analysts must take necessary steps to prevent any remote wipes.
Investigative Expertise. Like any forensic investigation, cell phone forensics is a science that requires specialized training and skill to sort through mountains of data to uncover the proverbial needle in the haystack that points to misconduct or suspicious activity. Investigators must know what specific information to look for, where and how to find it, how to build a timeline of facts and how to interpret those facts to support their findings. Moreover, they must understand the legal challenges of data privacy, access to passwords and ownership of the device in question. A final requirement is the ability to present findings as an expert witness in a court of law while considering the Daubert or Frye standards governing the admissibility of expert testimony.
It is clear that the data stored on mobile phones create revealing cyber trails about their owners, including who they contacted, what they communicated about and where they were at a particular date and time. In matters of divorce, evidentiary smartphone data may reveal an App from an unknown banking institution, transactions pointing to hidden money or where a spouse was or traveled to at a particular point in time. The same holds true for business disputes, for which cell phone data may reveal users’ attempts to threaten of undermine their partners and commit fraud.
A successful smartphone forensic investigation will hinge on many factors. Key elements should include access to and reliance on mobile data and extraction solutions, such as those offered by Cellebrite, as well as a forensic examiner’s unique ability to gather, authenticate and analyze data and present his or her findings within the constraints of the legal system.
Berkowitz Pollack Brant’s Forensic Accounting and Litigation Support practice has the tools and professional skills required to conduct forensic investigations on a wide range of complex matters. Our professionals have deep experience supporting legal counsel and analyzing large quantities of data to uncover a trail of financial facts in matters involving divorce and family disputes, complex business litigation and business disputes, bankruptcy and reorganization, and claims of fraud brought by corporations and governmental regulatory agencies.
About the Author: Martin Prinsloo, CFE, CISA, CITP, CFF, is a senior manager with Berkowitz Pollack Brant’s Forensic and Business Valuation Services practice, where he applies business skills and technical expertise to support acquire, preserve, validate and analyze digital data for use in legal proceedings. He can be reached at the CPA firm’s Miami office at (305) 379-7000, or via email at firstname.lastname@example.org.