CELL PHONES : INVES TIGATING DATA By: Christopher Robinson Cell - PowerPoint PPT Presentation

CELL PHONES : INVES TIGATING DATA By: Christopher Robinson

Cell Phones TECHNOLOGIES

Terms & Technologies • GS M vs. CDMA - the two technological platforms currently in use for cell phone companies. • GS M - Global S ystem for Mobile Communication (most commonly used worldwide); used by AT&T and T-Mobile. Most visible feature is the use of a S IM card. • CDMA - Code-Division Multiple Access; used by Verizon and S print. • S IM Card - S ubscriber Identity Module (smart card) used by GS M phones and generally not by CDMA phones (however, some CDMA phones use a S IM card for less robust purposes such as data storage).

Terms & Technologies • IMEI: International Mobile Equipment Identity – This is a code that is embedded in the phone to provide device information. It can be used to identify the phone that is used. • IMS I: International Mobile S ubscriber Identity – This is a code that identifies the subscriber and account info. The IMS I is stored on a S IM card. (S IM: S ubscriber Identity Module).

Global Positioning S ystem • Cell phones have GPS -R Technology • Cell phone acts as a passive receiver used to calculate location in relation to the satellites orbiting the earth. • If program (App) is installed it may do more than just receive. It may record.

Global Positioning S ystem • 24 S atellites Orbiting the Earth • 8 Visible at anytime • Orbiting satellites constantly transmit message, which are then acquired by ground receivers and translated into longitude and lateral coordinates. • Accuracy varies, bet generally within about 10’ • Accurate in rural areas/ less accurate in urban areas.

Why it all matters to you. THE LAW

Police S tate • Hawkins v. S tate , 604 S .E. 2d 886 (Ga. App. 2010) – Defendant’s car is searched incident to arrest. – Police find a cell phone. They immediately search it for text messages between the officer and the arrestee. – Court notes that the rationale for search incident to arrest exception to warrant requirement is safety & preservation of evidence. – Arrest was lawful. Officer limited search to text messages and didn’t do a “ general search” thus met 4 th Amend. Restrictions.

Police S tate • People v. Diaz , 2011 WL 6158, (California January 3, 2011) – A warrantless search of the text message folder on an arrested person’s cell phone, 90 minutes after arrest ,was valid as incident to a lawful custodial arrest. – Cell phone on arrestee’s person is same as a cigarette pack in his pocket or the clothes on his back. – Length of time between arrest and search didn’t concern the court. • Preservation of evidence justification of search incident to arrest exception has left the building!

Police S tate • U.S . v. Hill , U.S . District Court (January 10, 2011) – Hill driving in a white S UV decides to expose himself to some children. He is subsequently identified and arrested. During a search of defendant, officers located an iPhone and immediately began searching it. The phone contained images of a young girl exposing herself to defendant and vice versa. Back at the station, officers also discovered videos of the same girl and defendant on the iPhone. They get a search warrant based on this evidence and hit the lottery at his house. – Court ruled cell phone equivalent to a wallet.

S weet Home “ Ohio? ’ • S tate v. S mith , S upreme Court of Ohio, No. 2008-1781 (2011) – Ohio S upreme Court rejected argument that a cell phone is like a container on or near a person searched incident to arrest. – Once officer has cell phone they did not need to search it to preserve evidence. – Ruled a person has a high expectation of privacy in a cell phone’s contents, thus warrant required.

Lesson to Take Away • When driving place your cell phone in the glove compartment and lock it if you don’t want it to be searched. • If a person has a password protected cell phone would that change the court’s view on expectation of privacy? • Will Vermont's Constitution provide greater protection for expectation of privacy in a cell phone’s contents? • S omeone in this room will likely get the first case in Vermont (if they haven’ t already). It is incumbent upon all of us as defenders of rights to understand this technology and be ready to argue in order to create good law.

How Cell Phones Work NETWORK EXPLAINED

S imple Cellular Network Explanation • The cellular telephone has an antenna. • The Base Transceiver S tation (BTS =cell tower) also has an antenna. • Both antennas transmit and receive Radio Frequency (RF) signals. • Base Transceiver S tation-BTS (cell tower) transmits an originating and terminating RF signal.

Key Terms • Radio Frequency (RF) S trength - also referred to as signal strength. Radio frequency is the rate at which radio waves alternate. RF strength is measured in Hertz (Hz)- cycles per second. • Base S tation Controller - controls one or multiple cell sites’ radio signals. It is similar to a computer data router “ routing” incoming and outgoing calls. It also has radio repeater functions enabling the consumer to call another cell worldwide. This is where RF strength data gets recorded. • MTS O (Mobile Telephone S witching Office) “S witch” - the central switch that controls the entire operation of a cellular system. A sophisticated computer that monitors all cellular calls, arranges handoffs, keeps track of billing information, etc.

Triangulation vs. Historical Data Reconstruction Analysis • They are not the same thing. • Position based on triangulation is much more exact. • Records pertaining to triangulation are much harder to obtain. • To determine relatively exact location you would need to obtain the RF strength (i.e. signal strength) records from the Base S tation Controller sometime within about 0-72 hours.

Historical Data Reconstruction Analysis • This is what the title suggests. – Not real time – S ubpoena available (historical) records: • Calls made and received (includes times and dates) • Towers of origination and termination • Cell S ector orientation – Analyze data to suit your need – Reconstruct it

Triangulation Key Terms • Triangulation -a process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction of the received signal from two or three different points. Triangulation is sometimes used in cellular communications to pinpoint the geographic position of a user. • “Ping”- About every five seconds, a cell phone sends a signal to cell sites within its network. This occurs whether the cell phone is in use or not. The base station controller records the RF strength (signal strength). You can determine a cell phone’s approximate location within about a 300-meter radius using data captured from the Time Difference of Arrival (TDOA) and/ or Angle of Arrival (AOA) recorded by the cell phone company.

Triangulation Key Terms • Time Difference of Arrival (TDOA) - Each tower measures the time taken to receive a handset’s signal. The tower translates this information (RF S trength) to estimate the distance of the handset from the tower. The information is cross-referencing with other towers in the network. The handset’s position is then expressed as longitude and latitude readings. • Angle of Arrival (AOA) - Antenna arrays at a base station determine the angle at which a handset’s signal arrives at the station. By comparing this AOA data among multiple base stations, the relative location of a wireless phone can also be triangulated. This is also expressed in longitude and latitude coordinates. *S ome networks indicate that they utilize both TDOA and AOA for more accurate locations.

The S nitch in Your Pocket Newsweek: February 19, 2010 • FBI and other LE Agencies are obtaining more and more records of cell phone locations. • S print Nextel has even set up a dedicated Website so that LE agents can access the records from their desks – a fact divulged (and confirmed later) by the company’s manager of electronic surveillance. • “ The tool has just caught on fire with law enforcement,” he said. • Jack Killorin, a director of a federal drug task force in Atlanta commented, “ This is pretty workaday stuff for us.”

S tranger Than Fiction The Roving Bug • U.S . v. Tomero (2006) – The government applied for a “ roving bug,” that is, the inception of Ardito’s conversations at locations that were “ not practical” to specify. Judge grants application, authorizing interception… and the installation of a listening device in defendant’s cell phone. – Device functioned whether or not cell phone was powered on or off!

CELLEBRITE UNIVERS AL FORENS ICS EXTRACTION DEVICE (UFED)

CELLEBRITE UNIVERS AL FORENS ICS EXTRACTION DEVICE (UFED) • The UFED family of products is able to extract and analyze data from more than 3000 phones, including smartphones and GPS devices. The mobile device performs both logical and physical data extraction, including recovery of deleted messages and content. • Designed for portability, the UFED solution is a stand-alone device that can be used either in the field or at the lab.

Gleaning the Cube ACQUIRING & PRES ERVING DATA