Are cellphones becoming the ultimate reveal in mobile device forensics cases?

Greg Freemyer, our director of forensics and disputes, had the pleasure of speaking on a panel at The Master’s Conference in Washington, D.C. last week. In this panel, Emerging Data Sources: Connecting the Dots from Disparate Data, Greg spoke alongside industry experts George Socha and Vishal Oza. The conversation was moderated by Trent Livingston, and spent a lot of time talking about mobile device forensics.

Through this discussion, the conversation became centered around how cellphones are becoming critical in unveiling evidence for cases. The four panel members dissected the changes and challenges around producing cellphones.

“Point-and-click forensics is every lawyer and examiner’s dream, but with the proliferation of new PC and mobile device applications we are going in the opposite direction,” Greg said.  “Data collection teams need a broad background in order to collect and process data for which automated tools don’t yet exist.”

Recent government subpoenas have included cellphones more in the last year than ever before. Verizon Wireless reported that in 2018, the company received 133,618 subpoenas from federal, state or local law enforcement in the United States. These subpoenas are often tricky in defining what constitutes a real communication. Verizon is unable to release specific content of communications in devices; in turn, a forensics expert is able to retrieve this information.

eDiscovery industry icon Craig Ball states, “today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice.” Any data on a client’s mobile device has the potential to be found, even down to that client’s movement. With smartphones constantly updating, location of the mobile device can be tracked in real time.

Figure 1 – Visual Capitalist

More than half of the world’s
web traffic now comes from mobile devices. In a given minute, millions of data points are collected on a given application. These numbers continue to increase year-by-year.

The Challenges

Emojis/Emoticons

Emojis and emoticons can have dual meaning or may be unable to read during a forensics scan. The panel discussed lawyers’ obligation to know what these mean and produce in a case where relevant.

Eric Goldman counted 171 cases in which emojis or emoticons were prevalent and of those, 30 percent accounted for 2018. With the increasing rate of cases similar to these, the stance of obtaining and understanding emojis and emoticons is pressing.

In a 2017 human trafficking case, both slang and emojis were critical factors to proving the defendant and appellant guilty. Emojis such as crowns, money bags and red high heels were used in social media and text messaging communication, indicating a prostitution exchange.

Applications (Box, Vault, Etc.)

Forensics experts can identify these applications during the collection itself, but often times are unable to extract the information held
within the applications. Methodologies for extracting conversations out of Slack, for example, are still a challenge.

Slack is a cloud-based messaging system companies often use as a way for employees to communicate with each other. This is because Slack is developed primarily to ingest information but not to export. Additionally, lawyers and even the in-house IT professionals are unaware of the several collaborative and communication platforms used internally by a company’s employees.

How to Solve

In the beginning phases, the best practice is to interview each custodian in a case to identify all of the platforms being used. In a company case, it is critical to know if there are multiple internal communication platforms. In other cases, such as civil law or criminal cases, understanding which social media platforms were used and dissecting each piece down to the emojis is crucial.

For forensics experts, necessary software to extract information from cellphones needs to be constantly updated, but that isn’t sufficient enough.  Forensic experts must evaluate what applications are in use and ensure their tools are collecting and processing the data appropriately.

S2|DATA Forensics Efforts

Greg was honored to speak on the topic of emerging data sources in today’s time. Through his professional experience, he has seen a multitude of cellphone collections play out in court. Through cellphone collections, lawyers are able to obtain crucial information that could be the link to solving a case.

Having forensics expert available during a trial can be critical to identifying key information. S2|DATA’s team of data professionals will help ensure your case gets the best-practice attention it deserves.