By DAVE GOLDING
Police are fighting a continual battle with smarter, tech-savvy criminals; from terrorist cells and organised crime to keeping the peace in the face of mass demonstrations coordinated through the use of mobile devices.
Coordinating meeting times and planning the demonstrations becomes all too easy with messaging services.
Organisations with nefarious intentions use similar networking tools to commit large-scale crimes. A clear example would be recent hacking of a credit card processor where the perpetrators coordinated the simultaneous withdrawal of US$45mil (RM135mil) across the world.
Thankfully, the tools available to the police, to help with catching the ‘mobile criminal’, are increasing in volume and effectiveness; forensic technology is keeping up with the wide range of communication mediums because the digital capabilities of criminals are only going to expand in the future.
Messaging applications, mobile calls, SMS and e-mails are all ways in which criminal networks stay connected and this is an area that must warrant considerable attention from the police.
Support needs to be given to the police in the form of cutting-edge technology in order to prevent such crimes and help ensure the perpetrators are held accountable for their actions. In an age where digital communication is so advanced, law enforcement agencies across the country must have a digital tool box at their disposal to combat smarter criminal activity.
There is a three part process when it comes to mobile data collection. The first part is the actual extraction of the data. This involves connecting the phone with an extraction device to access the phone’s storage.
After the extraction has taken place, the decoding of data from the mobile phone is designed to convert the data into its native format so that it can be analysed by the forensic team.
The final stage is the analysis of the mobile data. This stage allows police to read patterns of communications between criminals and put pieces of the investigative puzzle together. It will improve their chances of obtaining evidence that can prevent a potential crime from occurring or to bring a criminal to justice.
But, there is no rule of thumb when it comes to mobile forensic investigation. Every case is different and for that reason, varying approaches may be needed to fully optimise the forensic technology.
Creativity among investigators is essential because mobile devices are not meant to be interrogated. They were not designed to have police teams rip data from them and so a level of experimentation is required by investigators during the more challenging cases.
Digital forensic equipment such as the UFED Link Analysis product from Cellebrite, can drill into mobile data to the point where investigators can see how long communication between criminals has being going on for and who they are talking to on a regular basis. This allows the police to gain a further insight into criminal activity through a more thorough assessment of retrieved mobile data.
But, as with standard forensic equipment, every case differs so investigators have to choose the right tool in order to effectively extract mobile data from a suspect’s phone.
In a case where time is of the essence, perhaps in a kidnapping incident, a quicker analysis of mobile data will be needed. What is called a ‘logical extraction’ gives general data, rather than an in-depth breakdown, in a much quicker time.
A ‘physical extraction’ provides a detailed history of data of a suspect’s phone and takes more time to extract and analyse. In a murder investigation, where lots of evidence needs to be collated and triple-checked, the physical extraction option would be the most effective.
Any investigation is about gathering information and building up a picture. Just as biological forensics helps to put pieces of the puzzle together, mobile forensics can give more information about people and their habits. In addition, this can throw up alternative leads for the police and can help to identify key facts within an investigation.
What the future holds
The process of examining data is a science, but with all sciences changes occur that need updated solutions. Just as viruses mutate, forcing scientists to develop remedies to combat the bacteria, methods of communication mature meaning that investigators have to think outside the box in order to stay one step ahead.
It is not just police forces that have to stay in the loop with technological developments; the mobile forensics industry must ensure that it is also one step ahead of criminal operations, providing law enforcement agencies with the latest software to fight the advances in criminal communications.
Mobile technology is on a steep upward curve and most criminals now operate using mobile devices. So, to ensure that no stone is left unturned, police forces need to not only have the correct forensic software in place, they also need to have the knowhow to operate the equipment and not just by simply reading the manual.
As criminals innovate, so must the police. Relying solely on technology can be detrimental to an investigation and investigators should apply human rationale while operating the forensic technology to better understand the criminal and the patterns that manifest.
Dave Golding is general manager of Cellebrite APAC Pte Ltd. Cellebrite is an global authority in mobile data technology and has an established mobile forensics division.