How your iPhone or Android will be used against you in court
As of 2010, there were more smart phones sold in the US than PCs. It seems that everyone has their iPhone, Android or Blackberry with them at all times. They are also constantly increasing their capabilities and storage capacity – a 16 gigabyte iPhone can store about 1.6 million pages of email. This increasingly rich source of information is not immune to the power of the subpoena, which I may try to use to prove that distracted driving was a cause or contributing factor in acar accident injury case.
Phones/PDAs store info on:
- device memory (RAM has calls and texts recently made/delivered).
- SIM cards
- removable memory cards
- on linked computers (backups, synced folders, etc.)
- on the network
- enterprise systems (exchange).
With bluetooth and WiFi it is very easy to trace a person’s steps. The phone will track when it connects to a particular device or WiFi signal, often using geo markers…so I can use those records to piece together a lot of information (where were you when you were sending that text message?).
Forensic Examination Techniques
Smartphones LOVE to communicate (they are always reaching out to connect to anything possible). So its important to isolate the phone from the network before examining it to preserve data at time you care. Turning off the phone is one alternative (but it may result in the loss of the temporary RAM memory, which may be OK, but needs to be kept in mind). The phone can also be put on airplane mode. In addition, there are special bags (one brand is the “faraday bag” depicted here) that isolates the phone from the outside world. The smartphone will then be subject to one of the following:
(1) LOGICAL READS
- benefits: relatively easy and quick (not comprehensive because needs to be interpreted), requires software support.
- drawback: sometimes results in deleted data, can require invasive techniques (jail breaking for iPhones or rooting for androids) + there is variability between forensic software tools used.
(2) MEMORY DUMPING
- benefits – get deleted data, ephemeral data
- drawbacks – difficult to do, time consuming, may destroy the device (along with the data).
What information will I try to obtain?
1. Device Info: make, model, serial numbers, ID numbers
2. Communications Info: call logs, contacts, text messages (even deleted ones)
3. Some media info: music, docs, video.
4. Browsing History
5. App usage and traces (see what google maps they’ve looked at…sometimes apps communicate by providing latitude and longitude info (i.e. when checking in…or often photos taken from phone will be tagged with similar geolocation or geo marker information).
6. Connection logs (Wi-Fi, Bluetooth, etc..)…easier way to get location info.
7. Advanced Location information (can analyze/triangulate signal strength from different cell towers to pinpoint location and movements)….this involves more advanced techniques and is more expensive to obtain this kind of information.
Here’s how I may attempt to obtain or subpoena mobile-phone data.
If you would like to speak to a miami personal-injury attorney, please call 800.379.TEAM and ask for Jason Neufeld or he can be emailed directly at email@example.com.