Have you looked everywhere for digital evidence?

Building a good case means gathering as much relevant evidence as possible to build a full picture of the situation.

There are several obvious places to look for evidence: a computer’s hard drive; a flash drive; a SIM card from a mobile phone, for example. But looking down the back of the proverbial sofa can reveal a whole heap of potential evidence you may not have thought of.

Here at CCL-Forensics, we like to be helpful – and we also love a good list. So here, for your delectation, are five places you may not have looked…

  1. Location-based services

SatNav devices are not the only way to stop yourself from getting lost these days. Quite apart from the traditional paper map, most mobile devices now contain built-in GPS which works with applications to provide location-specific data to the user.

A few examples: weather apps showing the local forecast need a GPS fix in order to deliver the correct data; social networking apps such as Facebook and foursquare also use GPS to place the user and their online friends in various locations; and a significant number of devices run GPS in the background without the user even noticing.

All this can leave valuable forensic traces on the device. It’s worth considering whether this data is relevant to your case, and if the geographical location of the person attributed to the phone is important. If so, this data should be requested as part of a handset examination. When combined with, for example, ANPR hits or cell site analysis it could strengthen your case.

  1. Geo-tagged images

Following on from location-based services, it’s now possible to tag photographs and other files with a code from a GPS signal to show where the device was when the file was created.

It’s not just mobile digital devices that do this, either; many digital cameras now use GPS signals to geo-tag their photographs.

This metadata can be used to associate individuals or locations featured in photos with a set of geographic coordinates. It’s potentially valuable data that could go unnoticed using “traditional” forensic tools.

  1. SatNav in your hand

Dedicated SatNav devices are well known among digital forensics investigators, but SatNav apps are becoming increasingly common on mobile devices, with smartphones beginning to replace windscreen-mounted devices. (There are a couple of interesting articles on this subject.)

There is an additional evidential opportunity available on the phones themselves, as there is the potential for them to contain records of directions, searches and other SatNav-based activity. If geographic location is relevant to your case, this opportunity should not be underestimated.

Search terms which coincide with significant locations in your investigation can, for example, show that the user had a specific interest in that location. GPS fixes, where recorded and retrieved, may show that the device had moved to or from that location.

  1. Instant messaging

Instant messaging facilities are now a major part of many computer and phone social media applications – not to mention newer tablet technology.

Using smartphones for instant messaging allows suspected criminals to communicate without details being recorded in text message history or on the billing records. Many tariffs now include data as well as airtime, making IM a much more accessible medium – and it can also be used over WiFi.

Most smartphones will have an inbuilt IM app, or will allow users to download one. Chats are conducted via the internet – but there is the potential to leave a forensic trace behind on the device itself.

This won’t be detailed in a standard examination report containing calls, texts and contact lists – but it’s worth considering whether this type of communication is relevant to your case.

A recent example of how instant messaging can be used extremely effectively in crime is last August’s riots. The BlackBerry Messenger (BBM) service is free and secure, and was used extensively to organise disturbances in the capital, and then throughout the UK. There are plenty of articles documenting how the system works, and how it worked during the riots.

It’s pretty obvious that recovering “fleeting” instant messages can be vital evidence in criminal cases – for the prosecution and for the defence.

  1. Organiser

How much of your life is on your mobile phone? With the widespread rejection of antique items such as paper diaries, smartphone organisers contain a huge amount of information about people’s appointments and movements.

They’re available on computers, smartphones and other mobile devices, and are often synced with other apps via online sites such as Google or Hotmail. It’s not just a diary, either; notes apps and programs are the modern equivalent of scribbling a note on a post-it, and can add a valuable extra dimension to evidence.

The data contained therein can provide a great evidential opportunity, complementing data found elsewhere on the suspect’s device(s).

There are 20 places you could try looking, in all – so stay tuned over the next couple of weeks.

Advertisements

One thought on “Have you looked everywhere for digital evidence?

  1. I’m excited to uncover this site. I wanted to thank you for your time due to this fantastic read!! I definitely liked every little bit of it and i also have you book-marked to see new things in your website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s