Tracing the Path of Mobile Device Forensics
During a recent interview with Forensic Focus, I was asked about the early days of my career and involvement with high tech crimes working for the New Jersey State Police.
The original cases I mentioned involved collecting and analyzing phones that were fraudulently used by criminals. The fact that phones were used fraudulently was the key to our ability to collect them at the time; the cell provider agreed to be the “victim” and allowed us access to the phones.
At that time, ‘collection’ meant going through the phones and putting numbers, contacts, limited text messages, and maybe calendar entries into a spreadsheet. ‘Analysis’ meant reviewing those entries, adding new information as more phones fell into our hands, and looking for connections that gave us more information about the criminal networks.
That Was Then…
That was in 1994, before having a mobile device was considered commonplace and well before the advent of smartphones, with their wealth of information and complexity. Just that basic evidence helped us uncover common phone numbers used by low-level members of narcotics distribution networks. Those phone numbers allowed us to build cases that helped dismantle entire distribution networks.
Two years later, in 1996, we started seeing the inclusion of cameras and photos as evidence on mobile devices. Photos suddenly gave us often very incriminating evidence of wrongdoing—even today, criminals still seem to enjoy taking pictures sitting on stacks of money and drugs while waving around their firearms.
Every year, new technology gave us new data sources, but also increased the complexity of analysis. Spreadsheets and manual collection got very cumbersome, fast.
…This Is Now
Mobile forensics, for better or worse, is something we hear about in the news with some frequency today. Criminals can still get their hands on ‘burner’ phones, but they hardly resemble the devices used in the mid-90s.
With the plethora of apps available and different communications possibilities, the tools used to analyze modern phones have become equally sophisticated and powerful. Yet while some may fear AI will take over the role played by investigators, nothing could be further from the truth.
Software like Nuix empowers investigators to focus on their craft by automatically classifying images, for example, using deep learning techniques that have been present in eDiscovery now for years.
The challenge for investigators is in their actual analysis of the results. Explicit text messaging isn’t the norm anymore. Criminals will send pictures back and forth in apps like Snapchat to communicate with each other. Someone who wants to set a meeting will send the picture of a clock with a time on it, the next picture will be a photograph (maybe a specific type of car or location).
You don’t see messages anymore that directly state, “Meet me at noon at Liberty Park.”
It’s incumbent on the investigators to stay proficient with these investigations and understand how communications take place. Just like a baseball catcher changing his signs to the pitcher—a timely analogy—criminals will naturally change the way they communicate to avoid detection.
Maintaining a street level knowledge of how communications take place is key to an investigator’s continued success. That success is also incumbent on having the evidence they need in front of them, which often will come from inside any number of mobile devices used by suspects.
Those devices are often the key to successful completion of a case. Considering the state of the technology—and law enforcement’s methods for handling it—just over 25 years ago, I’d say we’ve witnessed a quantum leap forward during our lifetimes.
Photo by Vincent Diamante