Friday, July 11, 2014

Crime and Digital Forensics: Lessons for Mobile Users and Investigating Agencies

As mobile devices rise in popularity and sophistication, so does their use among people conducting illegal activities. For that reason, evidence from mobile devices is becoming increasingly important to law enforcement in fighting crime. In addition to no warrant being required to request a tower dump containing the mobile phone data of thousands of people to track down one or more criminals involved in a crime, privacy advocates also question what is being done to the data collected once an investigation is complete. In fact, digital evidence from a mobile phone led international police to the terrorists responsible for the Madrid train bombings that killed at least 190 people in 2004.
Digital forensics is a branch of science encompassing the recovery and investigation of material found in digital devices, including computers, cell phones, and digital cameras. Every time someone uses a cell phone, a signal is sent out that pinpoints where the user is. Cell towers and the GPS features in some smartphones track where a phone is at any moment. Cell phone carriers can provide authorities with a cell phone’s location via proper court documents.
By exporting information from multiple digital devices (such as call logs from multiple cellular phones or e-mails from computers) and importing that data into an analytical software package, investigators using data-mining techniques can diagram and visualize a criminal enterprise or a timeline of events. This graphical representation can make it easier for investigators to understand the complex relationships in a criminal enterprise or for a jury to understand criminal activity and the possible connections among offenders in a courtroom presentation.
The law enforcement agencies require basic knowledge of tools for collecting and analyzing digital evidence from mobile phones. They are also required the efficiency of assessment of the current knowledge level in the field like Identification of tools available to collect digital evidence from mobile devices; Identification of all the cell phones in use that may become evidence in an investigation and a determination of how many can be forensically acquired and analyzed with the existing cell phone forensic solutions; Identification of the gaps in the number of cell phones in use and the existing cell phone forensic solutions for future technology development project.
Now mobile network operators receive occasional requests from law-enforcement agencies to provide communications information from a specific tower. These requests usually cover short periods and the information provided is only metadata. Metadata is information about the time, duration and destination of calls but not their content. Metadata can also include location data about a mobile phone, even when it’s not on a call. To successfully collect and analyze evidence from mobile devices, law enforcement needs tools that can recover system files, operating system information, applications, deleted files and unallocated space. Some available tools capture the logical image (what users can see without using special tools), which is only a portion of the phone's data storage capacity. However, law enforcement needs more tools that capture the entire physical image including deleted files, messages, photos and call logs. Often, the deleted data is extremely valuable to the investigation and provides more comprehensive evidence for prosecution.
The law-enforcement agencies can also use a technique known as a "tower dump", which gives police data about the identity, activity and location of any phone that connects to targeted cell towers over a set span of time, generally an hour or two. A typical dump covers multiple towers, and mobile providers, and can net information about thousands of mobile phones. The dumps are usually used in circumstances when police have few leads and can be a useful, powerful tool in tracking down criminals. But privacy advocates say that while they may be helpful to police, they also target thousands of innocent people and don’t have any judicial oversight. A request for non-content information on the use of a particular tower during a specified period of time may be lawful under certain circumstances. What we need is transparency as to what's being done and who is doing it. But we need a well-defined law regarding this type of data. Considering thousands of users are affected by tower dumps,  they should count for the number of those who are affected. Around 330,000 requests for metadata were made by law-enforcement agencies in 2012-13, according to the latest report published by the Attorney-General’s Department of Australia.
Cell phones contain call history, contacts, text messages, web browser history, email, a Global Positioning System (GPS), and other location information that police and law enforcement agencies find valuable. Evidence from cell phones can help investigators piece together motives and events and provide new leads. Now Smartphones and cell phones have become a regular part of criminal investigations because they are now owned by most people and provide information about a person’s whereabouts and a person’s contacts.
Tracking subjects via their mobile devices has been utilized for many years and has become very much a part of many, if not all, investigations. Cell phone records can identify calls made and received. You also can obtain the cellular towers that were used in the conversation, SMS (short message service), or data communication. The cell phone records hold latitude and longitude information and can be used as a historical reference to where the mobile device was at a particular time. In addition to collecting cell phone communication records, police also encourage citizens to use their mobile devices to report crimes and send in tips. Police often reach out to the public and make it clear to them when they need help in an investigation.
People can send their digital photos and videos of crimes in progress to call centers in some cities. New technology allows sent images to be directly added to the record of a related call, and be forwarded to emergency responders on their way to the scene. An example of such technology is CrimePush, a multiplatform smartphone app that allows users to report crimes quickly and efficiently.  It also gives users the ability to send multiple, GPS-tagged distress messages to designated emergency contacts. High-profile incidents throughout the world have proven how valuable mobile phone images can be to crime investigations.
The London bombings in July 2005 marked a turning point in news coverage and the role of camera phone images. Witnesses to the attacks used their cell phone cameras to record their experiences in the aftermath. Not only did it signal a new era of citizen journalism, but police in London were able to use the cell phone photos as clues to find the terrorists behind the bombings. Just this April, 2014 investigators of the Boston Marathon bombings collected photos and video from cell phones and surveillance cameras to aid their investigation. Seconds after the bombs exploded at the marathon, Jacksonville Beach, Fla., businessman and marathon runner David Green pulled out his smartphone and took a photo of the chaos developing. He then put his phone away and helped the injured. After officials released a surveillance video of the two bombing suspects, Green realized he had a picture of suspect Dzhokhar A. Tsarnaev walking away from the scene. Editors of The Associated Press were able to establish the authenticity of Green’s photo and established an exclusive arrangement for distribution of the photograph. In addition to photos and video, text messages are proving to be helpful in investigations. Text messages are more discreet and safer in some circumstances, such as kidnappings or burglaries. Many police departments throughout the country have text-a-tip programs that allow people to send anonymous text messages from their cell phones. In order to provide people with a confidential means of communication, text messages are sent to a separate third-party server where identifying information is removed and assigned an encrypted alias to ensure callers’ anonymity. Identifying a phone from its radio frequency fingerprint is certainly not far-fetched. It is similar to identifying a digital camera where the image metadata does not provide a serial number. From underlying imperfections in the lens, which are detectable in the image, the source camera can be identified.
To keep from being tracked and getting caught, criminals use evasion tactics such as modifying the built-in ID code in their cell phone or swapping out SIM cards, making it impossible for law enforcement to track the criminals down by relying solely on cell phone signals. German engineers found, however, that the radio hardware in a cellphone — a collection of components like power amplifiers, oscillators, and signal mixers — all introduce radio signal inaccuracies. When these inaccuracies, or errors, are taken together, as seen in the digital signal sent to a cell tower, the result can be read as a unique digital signal –a digital fingerprint. These digital fingerprints do not change even if the built-in ID code has been modified, or the SIM card has been swapped out. Law enforcement agencies may soon have a new tool at their disposal — a device that which distinguishes between cell phones based on their digital signal. This new technology was developed by engineers at the Technische Universit├Ąt Dresden in Germany.
A TU Dresden release reports that law enforcement officials can track criminals as they talk on their cell phones using triangulation of cell towers. To keep from being tracked and getting caught, however, criminals began using new evasion tactics such as modifying the built-in ID code in their cell phone or swapping out SIM cards – making it difficult, if not impossible, for law enforcement to track criminals down by relying solely on cell phone signals. The technology developed by the TU Dresden engineers would allow law enforcement to overcome the criminals’’ evasion tactics.
Identity theft, stalking, fraud, pornography, illegal electronic surveillance, and theft of intellectual property are just some of the examples of crimes committed every day on mobile devices. A mobile device is simply a portable computing device, so any crime that can be perpetuated on a computer can be committed via a mobile device. The portability of mobile devices makes it difficult, but not impossible, to identify the source of an electronic crime. If a user is using a public wi-fi, a ‘burner’ prepaid phone, cloud storage, or any other anonymizing agent, difficulties in identification is compounded not only in 2G phones — but also defects are present in every radio device and even 3G and 4G phones. Law enforcement agencies will continue to be challenged to obtain the tools and the training to perform competent digital forensics investigations and keep pace with criminal activity. 
Serious criminals are extremely adept in using single-use phones and dumping SIM cards so new capabilities should be developed to help law enforcement. As the radio hardware in a cellphone consists of a collection of components like power amplifiers, oscillators and signal mixers that can all introduce radio signal inaccuracies.
When these errors are taken together, as seen in the digital signal sent to a cell tower, the result can be read as a unique digital signal –a digital fingerprint. Thus, whatever criminals do to their cell phone — short replacing the internal components of one phone with those of another phone — the phone will continue to emit a unique signal which can be read by a device and used to separate the particular phone out from all the other cell phones. This allows the police to locate the phone, and the criminal using it, by triangulating cell towers.

Source: technology Locating criminals by tracking their cell phones’ digital fingerprints Published 5 August 2013.

No comments:

Post a Comment