Handling Cell Phones and Their Digital Evidence

Cell phones can provide investigators with a call history, text messages. and contact lists. They can also provide us with other valuable data that's sometimes overlooked.

Mobile forensic devices can extract data from seized cellular phones. Photo by Graham Kuzia.Mobile forensic devices can extract data from seized cellular phones. Photo by Graham Kuzia.

Using technology to collect evidence is no longer an option. It's a necessity. Yes, cell phones can provide investigators with a call history, text messages. and contact lists. They can also provide us with other valuable data that's sometimes overlooked.

Smartphones have operating systems; store data; access the Internet; and send/receive files that could be potential evidence. Smartphones also have the ability to use applications that can circumvent records subpoenaed through their service provider. An example of this is Skype and WhatsApp that use data plans instead of text messages to communicate. The service provider does not have a record of the conversation.

A 2012 study by Analysys Mason revealed that more than 45 percent of smartphone owners use a messaging application other than standard SMS text messaging.

The contents of smartphones can now be erased remotely. This means the phone could be in your patrol car on the way to the police department and your suspect can erase everything on it from a computer or another phone. This is done through a variety of programs such as iCloud for iOS or Google Sync for Android. If you think that this is beyond the capacity of offenders, think again. Apple currently has over 150 million iCloud users. That's roughly half the population of the United States.

So what can law enforcement do to ensure that the evidence on phones is not altered or destroyed? Here are five suggestions:

  1. Put on gloves. You don't want to put your DNA or fingerprints on the phone.
  2. If the phone is off, leave it off and photograph it.
  3. If the phone is on, photograph the screen and place it in a Faraday bag, aluminum foil or signal-blocking container. This will prevent a third party from connecting to the phone and being able to alter what's on it.
  4. Collect the phone charger if you can find it and place it in evidence with the phone. When the phone's signal is blocked, it will drain the battery rapidly trying to connect to the network. The correct phone charger will be important during extraction.
  5. Bring the phone to a law enforcement digital forensics specialist trained in proper extraction methods.

Here's one suggestion about what not to do. Don't attempt to look through the phone on scene. Incorrect password attempts may lock you out of the phone permanently. By navigating through the phone, you are also altering evidence.  

Seizing digital evidence properly can make or break a case. Without best practices being adhered to by law enforcement on the response level, evidence that may have been used to convict a violent offender could be found inadmissible in court. It's imperative that officers acknowledge the need for continued education and keep current with technology.

Graham Kuzia is a reserve Gaston County (N.C.) Police officer and digital forensics program developer at the American Academy of Applied Forensics. He was featured in a 2010 "Shots Fired" article.

Related:

Michigan ACLU Questions Troopers' Use of Cellphone Data Extractors

About the Author
Page 1 of 10
Next Page