As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Supreet Singh, a senior consultant at iDiscovery Solutions, Inc.
It’s hard to believe the first smartphone was released over 20 years ago. At that time, few thought it would become such an integral part of our lives. Additionally, this year marks the 10th anniversary of the iPhone and its introduction altered the world of digital forensics. Smartphones contain a wealth of personal and sensitive information like passwords, security or access codes, account numbers, electronic communications, and much more. But they are more than mere containers of data. Between the operating system, installed applications, and service providers, there’s a wealth of information that can provide dramatic insight into conversations, activities, habits, preferences, and movements of the phone’s user.
There are essentially three places where smartphone related data can be found: on the phone itself, with mobile app providers (e.g. Facebook, Snapchat, or Yelp), and with the service provider (e.g. AT&T or Verizon). Data from all three sources can be very useful in civil lawsuits, criminal cases, or internal investigations, depending on the needs of the case.
Let’s look at data stored locally on the phone and captured by mobile application providers. Many mobile apps require access and store data you’re not aware of, enabled by permissions sometimes given without a second thought. Common examples are photo editing apps accessing camera and media files and navigation apps accessing your GPS (Global Positioning System). Some apps seek permissions to access user data not needed for app functionality, like gaming apps accessing text messages or contacts. Many apps transmit and receive data between phone and remote servers, meaning a copy of user content may be collected and stored on those remote servers in the name of a better user experience.
The third player, service providers, collect and store information like historical call records, including locations of cell towers a phone connected to. This can be powerful evidence in relatively simple cases or highly complex crimes. Let’s use a middle-of-the-road example: serial bank robbery. If a bank crew robbed different banks at different locations, and they carried phones turned on during the thefts, then cell tower logs from in and around each bank’s location could be analyzed to narrow down persons of interest, as it would appear unlikely for people other than the robbers to be at all the same locations on the dates and times of the thefts.
Smartphone data can be a key source of evidence in litigation or investigations. Preserving and retrieving it in a manner that is admissible and defensible in court is vital. Many smartphones can be wiped remotely, so they usually should be turned off when seized, and stored in a secured location with no cellular, WiFi, or Bluetooth connectivity. Smartphones may present challenges to many forensic investigators due to their frequently changing systems. Capturing all associated data can be difficult – interpreting it even more so. We have had great success with custom tools developed to speed up the extraction, analysis, and mapping of usage data.
Counsel should be aware there’s more to smartphones than meets the eye. At a minimum, the first step in litigation or investigations should be to preserve data from any smart device, and seek expert forensic assistance. It could make an invaluable impact in your next case.