EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Note from the Publisher about the EVALUATION COPY Thank you for downloading this evaluation copy of Cell Phone Investigations by Aaron Edens. The following materials are excerpts (Table of Contents, Introduction and Chapter 1) from the upcoming book, Cell Phone Investigations by Aaron Edens, first in the “Cell Phone Investigations Series” from POLICE PUBLISHING, a Division of POLICE TECHNICAL. At nearly 600 pages in length, Cell Phone Investigations’ first edition will be released in December 2014. Over three years in development, it represents the broadest examination of the subject yet to appear in print. Recently re-edited to include the summer 2014 Supreme Court rulings on Cell Phone Searches, it contains 11 Chapters ranging from Device Forensics to Cell Towers to Sample Search Warrants. This evaluation copy is provided to U.S. law enforcement personnel for evaluation and comment. If you would like to share your comments about this document please contact: Brianne Hofmann POLICE PUBLISHING, Editor [email protected] 812-232-4200 Pre-Sale Orders If you would like to purchase pre-sale copies of Cell Phone Investigations by Aaron Edens, please visit POLICEPUBLISHING.com or POLICETECHNICAL.com. The single distribution price will be set at $65.00; the pre-sale order price is $50.00. Presale orders will be taken until December 2015. Thank you for reading the following excerpts from Cell Phone Investigations by Aaron Edens, and thank you for your interest in POLICE PUBLISHING. Respectfully, Thomas M. Manson POLICE TECHNICAL, CEO POLICE PUBLISHING, Publisher [email protected] EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Table of Contents Introduction 4 Chapter 1: Search Warrants 6 Before the commission of the crime? 8 During the commission of the crime? 8 After the commission of the crime? 9 Common Search Warrant and Affidavit Errors 9 Operating System Warrants: Google 16 Chapter 2: Phone Records 47 § 2703. Required disclosure of customer communications or records 48 How about the assault and battery case? 57 Preservation Letters 62 Search Warrants 64 Chapter 3: Tools for Examining Records 80 Understanding How Providers Work 81 Cell Phones in Prisons 83 Call Detail Records (CDR) 84 AT&T Records 125 Using Cell Phone Data to Reveal Patterns 134 Specialized Records Searches 138 Calls -to -Destination Searches 141 International Phone Records 146 Caller ID Spoofing 149 Chapter 4: Cell Towers and Cell Sites 156 Cell Site Infrastructure 157 Site Identification 163 Mapping Cell Site Information 166 EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Cell Site Dumps 170 Mobile Phone Tracking 182 Per Call Measurement Data (PCMD) 184 Chapter 5: Cell Phone Forensics 199 Physical Evidence Preservation 202 Documenting Characteristics of the Phone 205 Preserving Electronic Evidence 209 Preventing the Phone from Communicating with the Network 209 Storing the Phone Evidence 217 Chapter 6: Digital Evidence 219 Call Logs 224 Calendar 224 Image Files 225 Graphic Files 235 Video Files 236 Text Messages 236 Memos or Notes 238 Voice Recordings 238 Internet Activity 239 Maps 239 Chapter 7: Types of Examinations 241 Basic Examination of Cellular Devices: SIM Cards 242 External Storage Media 250 Recovering Deleted Files 251 Imaging the Card 254 Recovery Tools 262 Chapter 8: Using Cell Phone Forensics 273 Cameras 274 Cables 276 EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Improvised (Free) Tools 276 Nokia PC Suite 278 Samsung PC Studio 7 291 Free Android Forensics Tool for Law Enforcement 291 Recoverable Data 292 Required Equipment and Software 293 Magic Berry by Mena Step Innovative Solutions 312 iOS Research 322 Paid Forensic Tools 324 Logical Versus Physical Forensic Examination Tools 325 Platform Specific Tools 340 Smartphones 340 Chapter 9: Locked Devices 345 Consent 345 Deception 346 Physical Screen Examination 348 Provider Unlock: Android Passcode Bypass Procedure 349 Provider Unlock: iPhone/iPad/iPod Touch Passcode Bypass Procedure 352 Properly Identifying the Device 353 Smartphone Passcode Bypass 359 Chip-Off 360 Chapter 10: iPhone Backup Files 363 Seizing the Backup File 365 Simple Mode 375 Expert Mode 395 Wide Angle Software’s Ibackup Extractor 403 iBackup BoT 409 Chapter 11: Sample Search Warrants 426 Search Warrants 429 EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Pen Registers/Traps and Traces 432 Templates 434 Appendix 515 Regional Information Sharing Systems® (RISS) Nodes 515 RISS Centers: 517 CDR Indexes 518 High Intensity Drug Trafficking Areas (HIDTA) Program 519 Fusion Center List 536 Cell Phone Investigation 547 Index 551 EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Introduction “If I have seen a little further it is by standing on the shoulders of giants.” - Isaac Newton, 1676 The cellular phone forensics field is advanced by a small group of visionary and tenacious hackers, technicians, programmers, and code writers, some who are law enforcement and some who are not. Evidentiary examinations of cell phones are a complex and often frustrating process. However, the rewards can frequently justify the time and costs associated with its procedure. This book will provide an introduction to the basics of cell phone forensic examination but is in no way a complete or comprehensive treatise. Cell phone forensics is a dynamic field and the available tools do not always keep up with technology, which is one of the constant challenges to those involved in forensic examinations. The National Institute of Standards and Technology (NIST) in their 2007 report entitled Guidelines of Cell Phone Forensics states: “Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions using accepted methods.” Unfortunately, cell phone technology rapidly outpaces the forensic sciences and often times there are no “forensically sound conditions using accepted methods” available. Often cell phone forensics requires an examiner to use techniques that have not been evaluated as an “accepted method.” Frequently the examination technique involves the use of non-forensic methods such as using a manufacturer’s content management software, highly technical programming or repair tools, and third party software designed to modify the operating systems of phones. Law enforcement has resisted the concept that a cell phone carries the same evidentiary weight as any other item of evidence or contraband. Perhaps it is the ubiquity that causes veteran investigators to treat a cell phone differently than a firearm or package of narcotics. Trends such as this only change course when a significant case is lost or an adverse legal precedent is established. From physical evidence contained on the handset itself, to the digital evidence contained within the device, there is a wealth of evidence and intelligence to be recovered from even the most primitive cell phones. Combined with the information retained by the cell service providers, it is possible to glean critical insights into criminal activities and conspiracies that eluded earlier generations of law enforcement officers. Writing a book is a challenge, particularly when the field involves the topics of law, technology, and forensic principals. My personal goal is to arm the reader with knowledge of the techniques and tools available in field of cell phone forensics, as well as, avoid the many pitfalls you may encounter in this new and ever-evolving field. I hope that by reading this book you will gain an insight into these various disciplines and be able to apply some of the investigative techniques into the noble profession of law enforcement. EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY I would like to express my gratitude to those who comprise the tip of the spear in the field of cell phone forensics. I would especially like to thank those who freely make their research, tools, techniques, and programs available to the law enforcement community. One of the greatest aspects of being a police officer is the community that exist nationwide. I can think of no other occupation where a person can travel across the county and be immediately accepted by his or her counterparts. No other job or career sees the outpouring of support from departments and agencies across the nation when one of our brothers or sisters falls. Equally important is the sharing of information, techniques, and tactics. While I have tried to put to paper the best tools and methods, I eagerly await those that are discovered by others. If I can be of any assistance to you or you would like to share something not covered in this book, I invite you to contact me at [email protected]. Stay Safe, Aaron Edens EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Chapter 1: Search Warrants On June 25th 2014, the Supreme Court of the United States announced their decision in two cases, People v. Wurrie and Riley v. California. The result of those decisions requires a search warrant, or other valid warrantless search exception, before a mobile device may be searched. This decision presents unique challenges and opportunities for both veteran and entry level law enforcement officers. The first challenge is writing the search warrant affidavit itself. For many law enforcement agencies, seeking a search warrant is the exclusive dominion of seasoned detectives, narcotics officers, and other investigators. However, the Supreme Court decision is likely to push the responsibility for seeking and executing search warrants for mobile devices down to the patrol level. Nearly everyone has a cell phone. A 2013 study by the Pew Research Center’s Internet and American Life Project found that cell phone ownership among adults in the United States is 91%. Consequently, there is a statistical probability a criminal suspect will own a cell phone or other mobile device. There is also an increasing likelihood a cell phone or other device will be integral to the investigation of many crimes. Cell phone investigations are a common investigative tool in conspiracy crimes investigations where communication between co-conspirators is an operational necessity. However, the use of a cell phone or other mobile device as a communication mechanism is not limited to these types of crimes. Certainly there are certain types of crimes where a mobile device is unlikely to be used, but those crimes are few and far between. Common criminal investigations involving the use of mobile devices include: Pedophiles using their mobile devices to communicate with and recruit victims and to store images, videos, and other mementos of their heinous crimes. Intoxicated drivers who communicate their location, plans, and intoxication level using social media, digital photos and videos displaying themselves in their intoxicated state, phone calls, and text messages from their mobile devices. Burglars targeting specific locations and communicating about the presence of alarm systems, dogs, street lighting conditions, access points, and egress routes. Organized retail theft ‘booster rings’ targeting specific stores and possessing digital ‘shopping lists’ of preferred items to steal and fence. Car thieves looking for specific makes and models of vehicles and describing the best way to steal them, as well as, communications regarding police pursuit policies in the area. The fact nearly everyone has at least one cell phone or other mobile device coupled with their involvement in the nearly every major type of crime creates a need for proper search warrant preparation and procedure. For many law enforcement agencies it will not be sufficient to wait for the experienced detective to come in and write the search warrant. Not only will this burden an investigator with completing search warrant affidavits for which he or she has no direct knowledge, but it will rob the other officer of an incredibly valuable learning experience. Search warrant preparation is one of the key investigative tools in many law enforcement investigations. Once an officer has experienced the process a few times it becomes progressively easier and faster to complete one. Officers who might otherwise delay or abandon a case because a search warrant is required to advance the investigation will have increased confidence in their ability to seek, and be granted, a search warrant. EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY Law enforcement officers sometimes struggle with the proper nomenclature and technology for mobile devices. Many rely on search warrant templates or ‘boilerplate’ handed down from other investigators. Sometimes these ‘go-bys’ have not been updated to reflect the changes in technology. In some cases, they still refer to antiquated technology associated with rotary dial telephones and numeric pagers. To address the unique needs of a modern mobile device search warrant, it is helpful to start by addressing the correlation between the crime and the device. Some crimes inherently require the use of mobile communication devices. For example, it is nearly impossible to be a successful narcotics dealer without the use of a mobile phone. Some crimes, such as those involving gangs, are inherently conspiratorial and require the use of electronic communications, frequently using mobile devices such as cell phones and tablets to coordinate the activities of the group. The articulation of these facts is essential in an affidavit to support the search of any seized device. When you consider applying for a search warrant, think about the nexus of the device to the crime. Is it probable the suspect(s) used the device? Before the commission of the crime? As noted above, some crimes such as narcotics violations and gang activity require communication and coordination before the act is carried out. Another example is the crime of robbery. While some street level robbers will commit the crime with little or no pre-planning, many will perform surveillance on the target person or location. They will coordinate with lookouts and getaway drivers to insure there is no immediate police presence and easy escape routes from the scene. The articulation of this knowledge is based on the prior training and experience of the office and may be documented in a search warrant example. Based on your Affiant’s prior training and experience and the experience and training of other veteran law enforcement officers, your Affiant is aware [robbery/narcotics/weapons trafficking] is an inherently conspiratorial crime. The nature of the conspiracy requires participating members to communicate in order to coordinate their planning prior to the commission of the crime, as well as, during the actual commission of the crime. Such communications are commonly made using mobile devices such as tablet computers, mobile phones, and Wi-Fi capable portable gaming consoles. During the commission of the crime? Similarly, suspects may communicate during the commission of a crime. Narcotics, robbery, and other crimes require the suspects to actively communicate while the crime is being committed. Based on your Affiant’s prior training and experience and the experience and training of other veteran law enforcement officers, your Affiant is aware [robbery/burglary] is commonly a conspiratorial crime involving the use of others to assist during the commission of the crime. This assistance comes in the form of other suspects, both known and unknown, who will monitor police radio traffic and alert the perpetrators of the impending arrival of law enforcement, lookouts who will maintain visual surveillance on the approaches to the crime scene to alert their associates of the presence of law enforcement, and getaway drivers who will assist the perpetrators with their escape. Communications between co-conspirators is essential to the successful commission of the EVALUATION COPY - Cell Phone Investigations – Aaron Edens © 2014 POLICE PUBLISHING - EVALUATION COPY
Description: