Arun Prasannan, member of CCL-Forensics’ R&D team.
Every now and again, an unusual device arrives for analysis at CCL-Forensics, which proves interesting – but above all, significant to an investigation.
Earlier this month, a UK law enforcement agency submitted what can only be described as a ‘black box’. It was plastic, no bigger than a packet of cigarettes, and from the outside, it had only a slot for a SIM card and a socket for power.
Working closely with the investigating agency, a member of CCL-Forensics’ R&D team carried out an in-depth analysis of what was inside the device, and what data it was capable of storing.
It was initially suspected that it was some kind of tracking device, and when disassembled, it was found to contain a battery, and two separate circuit boards, to one of which was attached a mercury switch which detected movement. One board contained all the circuitry one would normally expect on a mobile phone, and had everything it needed to connect to a GSM network. When examined VERY closely, it was labelled (in very small print) with an IMEI number. From this, we could identify the board, and then research all the available documents about that piece of hardware.
Interestingly, it was a widely used GSM module found in many mobile devices such as GPS trackers, Fax machines and even some phones.
The SIM card was analysed separately, and it was strongly suspected that there was additional data on the board itself.
Our analysts procured a test module, and carried out a comprehensive technical analysis to validate what data it could store. It was found to have the capacity to store call data (made, received, missed), SMS and contacts – as well as some call timers. It was also determined that SMS messages could be extracted without changing their status.
Following this comprehensive research, it was found that the suspect device DID contain a number of phone numbers and call times – which were presented back to the investigator in the case. This was a level of potentially vital evidence which would have been missed without this very low-level investigation of the device and the data it contained.
For more information, please contact us at email@example.com