Of course coming from the skies somewhere above the United States I am going to talk about the beginning of my quest in cellphone forensics and where we are today. And for those that cringe every time I say “forensics” in the same breath as cellphones I say, “cellphone forensics”. That little debate can happen next blog.
This roll really stems from conversation that was brought to light at a conference and in the many questions I get when speaking and also in training. Is this new?
Actually extracting data from a cellphone is not new, but the realization that data actually exists and can be captured is on the news more than ever today. Political figures, celebrities and sports figures have found out that having a cellphone and doing bad things is not a good choice (what’s up Farve). So the media captures it in vivid pictures, we eat it as consumers and law enforcement is demanded to recover the text message deleted two years ago on the suspects LG VX5200. Well, they did it on CSI so why can’t you? There lies the rub. What about yesteryear?
Once upon a time… As a police detective in a northwestern police department we would bring in our suspects into an interview during a late night call out. We would completely neglect the weird talking device they had in their possession. This of course was in the time of the sweet StarTac and Audiovox candy bar type phone (called candy bar of course because of the size and shape). What were we supposed to do with those? I seriously laugh and cry at the same time when I think about the cases that I might have closed if I had just looked at the device, even if commando style. Fast forward to the early 2000s when I pondered, “Hey, I have been to many computer forensic classes, are these crazy phones just digital storage devices”? The rest is history as they say, at least for me.
We began to not take these little devices for granted, but actually put them above a computer exam because of the intimate information they yielded. Heck, they ride around in the owner’s pants all day, how intimate is that? No, seriously the data held in a cellular phone is probably 200 times more probable to paint a valid picture of the owner than any other piece evidence found. We unfortunately are slaves to the digital age. A testimony to this is just picturing yourself stranded in an airport without your cellphone. Yes i have had a panic attack or two…truly frightening, we are slaves…… What this means to you as a reader is to become educated to the tools and training available to you, because these devices will be at the forefront of digital investigations there is no doubt. If you are pushing these tools and or training to “something to be dealt with later” because cellphone forensics is a “magical task” you are already behind the curve. These devices are not going anywhere. What is old to some is very new to others
What we as examiners need to now focus on will be the idea of a clean and forensic examination of the material/device and not focus on the “cool stuff” extracted by the software. I say that because the day is coming where an exam will not be judged by what was extracted but moreover by how it was extracted.
This brings me to the conclusion of my roll.. No matter the tool you use in your examination the time to understand the underlying principles is upon us. Back when we started we just worried about what data was recovered, today we must worry about how, where and why we extracted and recovered it.
Thanks for hanging with me and don’t forget to subscribe to this blog….