No solicitor or investigator can afford to ignore the growing importance of mobile phone forensics. Due to the limitations of the technology involved, the evidence that can be derived from mobiles and their use is not solid enough to stand alone as evidence in court. But it is increasingly playing a valuable role in confirming and complementing other forms of evidence, and can make a critical difference to the outcome of a case.
For example, Vogon was recently involved in analysing data in a case where a man had been accused of domestic violence. The defendant had pleaded not guilty, and claimed he was not at home at the time the offence was stated to have taken place – he was with a male friend. Billing data obtained from his mobile phone service provider supported this claim and showed the handset had been used in the location he had indicated. The court considered that the mobile phone forensic evidence corroborated his alibi and the charge against him was dropped.
Despite the obvious value of mobile phone evidence, there is a lack of a governing body in this field. The good practice guide for computer-based electronic evidence issued by the Association of Chief Police Officers does touch briefly on handsets, but there is a need for more extensive and properly ratified guidelines. Part of the problem in achieving this is the speed at which the technology is changing. Mobile phone handsets are becoming increasingly complex in the range of facilities they offer a user and, as a result, their data storage requirement has exceeded the capabilities of the humble SIM (Subscriber Identity Module) card. Examination of the SIM card can still reveal a wealth of useful information, but newer handsets also store data in their built-in memory. Then there are various types of removable media such as MMC and SD memory. Given that there is little standardisation between the handset manufacturers, accessing the information from all of these memory sources in a forensically sound manner can be quite an undertaking.
The speed of technological change and the lack of standardisation make it all the more important to ensure that the handset is examined in a laboratory containing the appropriate equipment. The integrity of the evidence in court will be affected by the way in which the data has been downloaded from the handset.
In addition to examination of the handset itself, the history of use should be obtained from the service provider and can clearly provide vital information. There are now good systems in place to ensure that solicitors can gain access to this data. Solicitors do, however, need to be aware that they should request this data at the earliest opportunity, because there is no standard length of time for which records are stored.
It is also important to ensure that one obtains the relevant data in its entirety. This includes both the billing information and cell site data (providing information such as antenna bearings). If proper expert analysis is then applied, the resulting evidence can reveal the location of the handset at a specific point in time, as well as the nature of calls made (text message, mobile to landline, mobile to mobile and so on). The procedure should be: act fast and request the full extent of data available to you.
Analysing the data can then be a lengthy process, and requires laboratory-based services to ensure watertight evidence is presented. Specialist skills are mandatory, in order to interpret the data correctly. For example, a knowledge of radio transmission techniques is necessary when undertaking call analysis: one needs to understand how radio waves travel in order to establish possible call routings.
Further important considerations in this field relate to the seizure of mobile phones by the authorities. Should the investigator leave the phone switched on or turn it off? Either route can bring problems. If the user has utilised the PIN security facility, the investigator may not easily be able to access data once he switches the phone off. On the other hand, if the phone is left switched on, the critical geographic positioning data will be affected as it is moved around. This is more proof of the need for clear best practice guidelines.
It is certain that mobile phone forensics will play an increasingly significant role in determining the outcome of some legal cases. It is essential for all those involved in the gathering and presentation of mobile phone evidence to keep abreast of developments, as it is an area of dynamic change.
Rick Yeomans can be contacted at Vogon International on 01869 355255. Information is also available on www.vogon-international.com.
