Transcription
Federal Law Enforcement Training CenterCell Phone investigationsNAMESenior InstructorTechnical Operations Division
ObjectiveGiven an investigative scenario relating to theseizure of digital evidence, the officer willdemonstrate the ability to seize, transport andstore a cell phone in such a way as topreserve evidentiary integrity.Presenter’s NameJune 17, 2003
“Handheld Devices”Since the process of seizure of otherhandheld devices, such as PDA’s andPagers, are similar to that of cellphones, this presentation also includesdiscussion of these relatedtechnologies.Presenter’s NameJune 17, 2003
What is a ‘Handheld Device’ An electronic device designed for a limited orspecialized application. Including (or found in) Industrial Machines,Automobiles, Medical Equipment, Cameras,Household Appliances, Airplanes, VendingMachines, Toys, And the more obvious Cell Phones and PDA’s May be either ‘fixed capability’ or contain a‘programmable interface’ with (usually) datadump capabilityPresenter’s NameJune 17, 2003
Purpose of Seizure Trace Evidence Analysis DNA, Prints, Other Types of Analysis Data Acquisition and AnalysisPresenter’s NameJune 17, 2003
A Look at Cell PhonesThis course will concentrate on cell phonesseizure.But the principles can generally be applied toother handheld devices.Presenter’s NameJune 17, 2003
Why Are We Interested?Cell phones can provide any or all of the following Contact Information Internet Pages Tasks/to-do lists Data From Attached Devices Calendars and Schedules Calculation Results When the cell phone is used as acalculator Received e-Mail E-Mail logs Sending and Receiving PDA’s MP3’s, GPS Devices, etc. Audio Files Photographs Text Messages Text Logs Subscriber Information Service Provider, ESN, etc.Presenter’s NameJune 17, 2003
How Did We Get Here?A (very) brief look on the history of cell phonetechnology including: How we got here Where we are And where we are goingPresenter’s NameJune 17, 2003
In the Old Days . Prior to 1983 (the birth of modern first generation cell technology),mobile communications required a powerful radio-receiver. High-powered transmitter was required Communications channels limited to 25 in a single geographicarea. Devices were bulky and heavy. Transmission Relay towers were few and far between (ornonexistent).Presenter’s NameJune 17, 2003
Cell Phones: The Basics Each Cell Carrier is provided (by FCC)832 frequencies per geographic area. Of these, 42 are used by the carrier forsystem control These frequencies are distributed via“cells”, each of which is about 10square miles in area. Each cell is assigned 56 voicechannels. When users move from cell to cell,frequencies change without noticeableinterruption.(b)(7)e
How itWorksMTSO(Mobile TelephoneSwitching Office)PSTN(Public SwitchedTelephone Network)Presenter’s NameJune 17, 2003
Placing aCallSynchronizes signal andforwards it to MTSO912-267-2314SENDFor Land-Basedcommunication,forwards signal tophone company(PTSN)Presenter’s NameMTSOprocesses cellto-cell, Internet,e-mailJune 17, 2003
Cell Phones: The Basics By using multiplex technology these 56 assignedchannels can provide substantially more simultaneousconversations. For example, TDMA technology can interlace threeconversations on a single channel. CDMA can typically interlace 10 or more communicationson a single channel.Presenter’s NameJune 17, 2003
Cell Phones: The Evolution In 1983, the first digital cell technology wasintroduced. Voice Only Cell phones were very basic communicationsdevices But still are frequently encountered May contain call logs and contact listsPresenter’s NameJune 17, 2003
Cell Phones: The EvolutionCurrent Cell Technology TDMA Voice Only. Oldest digital technology. CDMA Voice as well as other data (photos, email, etc.) GSM (Global Systems Mobile for Communications) The standard in 168 different countries Allows for cell communications when you travel to (e.g.) Botswana Identifying feature: It requires a SIM memory cardPresenter’s NameJune 17, 2003
Cell Phones: The Evolution AT&T Wireless and Cingular recently switched toGSM. CDMA and GSM are now the only majortechnologies in the U.S. The GSM-required (removable) SIM Card contains: Cell Subscriber Information Everything else (photos, music, email, web pages, etc.) When upgrading a GSM phone, just changememory cards!Presenter’s NameJune 17, 2003
Cell Phones: Service Providers Alltel: AT&T: Cingular: Nextel: Sprint:(b)(7)e T-Mobile: U.S.Cellular: Verizon:Presenter’s NameJune 17, 2003
Cell Phones: What’s NextThe staggering implications of ‘4G’ cell service isonly two or three years away. Higher frequencies and broader bandwidth Will enable live (real time) video transfer Will allow your iMAC to be your cell phone Your cell phone can subscribe to XM-Radio Your Blackberry can play real-time movies Integrated cell and Internet and email technologies ‘Killer’ application waiting to be bornPresenter’s NameJune 17, 2003
Cell Phones: Important Codes ESN: Electronic Serial Number A unique 32-bit number programmed into the phone atmanufacture MIN: Mobile Identification Number Your assigned 10-digit phone number SID: System Identification Code (or ‘Data’) A unique 5-digit code assigned to your mobile provider(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Manufacturers Nokia Motorola LG (Life’s Good!) Siemens Mobile Samsung Sony EricssonPresenter’s NameJune 17, 2003
Cell Phone Trivia 42% of cell phone users say they will upgrade toa new phone within the next year. 11% say they will buy a new brand. In 2005, 26% of all cell phone users switchedservice providers. 60% of all cell phone calls are made outdoors Of which 62% are made from vehicles and 36% are made whilewalking or standing 20% of cell phone users don’t know their brandname (47% are Nokias!)Presenter’s NameJune 17, 2003
Cell Phone ManufacturersNokiaPresenter’s NameJune 17, 2003
Cell Phone ManufacturersMotorolaPresenter’s NameJune 17, 2003
Cell Phone ManufacturersSiemens MobilePresenter’s NameJune 17, 2003
Cell Phone ManufacturersSamsungPresenter’s NameJune 17, 2003
Cell Phone ManufacturersLG (“Life’s Good!”)Presenter’s NameJune 17, 2003
Cell Phone ManufacturersSony EricssonPresenter’s NameJune 17, 2003
Cell Phone SeizureThe Four Rules of Cell PhoneInvestigationsPresenter’s NameJune 17, 2003
Cell Phone SeizureRule 1: (b)(7)e Presenter’s NameJune 17, 2003
Page 30 redacted for the following reason:--------------------(b)(7)e
Cell Phone Seizure(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Seizure(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Seizure(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Seizure(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone SeizureRule 2:(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Seizure(b)(7)e Presenter’s NameJune 17, 2003
Cell Phone SeizureCell phone accessories include Bluetooth devices Antennas Covers Cables Earpieces Chargers Batteries Transport devices Mikes Adapters Cameras SpeakersPresenter’s NameJune 17, 2003
Cell Phone SeizureRule 4:(b)(7)eCell forensics hardware and software can bepurchased for less than 1,000Presenter’s NameJune 17, 2003
Cell Phone SeizureAt the Site(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone SeizureAt the Site(b)(7)e(b)(7)ePresenter’s NameJune 17, 2003
Seizing Pagers(b)(7)e(b)(7)ePresenter’s NameJune 17, 2003
Computer v. Handheld AcquisitionCOMPUTERHANDHELD(b)(7)ePresenter’s NameJune 17, 2003
Cell Phone Analysis Cell phone acquisition and analysis is fairlyunsophisticated. You need a Hardware Kit. Contains cables and interfaces for every known cell phone. And a Software Kit A computer program that, when run, hoovers the data from thecell phone, assimilates and sorts it, and gives it back in the formof printed (and saved) reports.Presenter’s NameJune 17, 2003
Cell Phone Analysis(b)(7)ePresenter’s NameJune 17, 2003
Legal Considerations Seizure of cell phones and accessories should beincluded as part of any search warrant. Subsequent analysis of cell phone data should be handledcarefully – and legally.Did you hear about the new sushi bar thatcaters exclusively to lawyers? It’s called‘SoSumi’.Presenter’s NameJune 17, 2003
Legal ConsiderationsAt least two additional legal statutes should beconsidered when dealing with cell phoneevidence.(b)(7)ePresenter’s NameJune 17, 2003
Legal ConsiderationsTitle III is relevant because: Cell phones are devices for receiving ‘aural’ (orvoice) communications. Part of all cell communications travels through‘wires’.Presenter’s NameJune 17, 2003
Legal ConsiderationsECPA is relevant because: Cell phone service providers retain certaininformation related to subscribers, their accountsand activities. The acquisition of this data is largely regulatedby ECPA.Presenter’s NameJune 17, 2003
Legal ConsiderationsALWAYS get legal counsel from your prosecutor ouragency counsel prior to any evidence analysis ofa cell phone, PDA, or other handheld device!That way, you’ll have somebody to blameis something goes wrong!Presenter’s NameJune 17, 2003
Summary and Conclusion Cell phones and other handheld devices are acritical part of investigative evidence-gathering. Always protect the integrity of the evidence When processing cell phone evidence, rememberthe four rules of cell phone evidence. Every search warrant should include stipulationsfor seizing cells and PDA’s.Presenter’s NameJune 17, 2003
Federal Law Enforcement Training CenterNameSenior InstructorTechnical Operations DivisionDigital Forensics Branch(b)(6)[email protected]
store a cell phone in such a way as to preserve evidentiary integrity. Presenter's Name June 17, 2003 "Handheld Devices" . Transmission Relay towers were few and far between (or nonexistent). Cell Phones: The Basics .
