Thursday, 28 April 2016

When the Trill of a Cell phone Brings the Clang of Prison Doors

It was a crucial moment in 2007 during the trial of Paul Cortez, an actor and yoga teacher who was ultimately convicted of killing his former girlfriend Catherine Woods, a dancer who was working as a stripper.

After weeks of testimony and a parade of witnesses, the case against Mr. Cortez boiled down to this: a bloody fingerprint and data collected from a cell phone.

A record from a T-Mobile cell phone transmission tower on the day Ms. Woods was murdered showed that Mr. Cortez called her 13 times in the hour and a half before her death, and then never again. He had told the police in a written statement that he made the calls from his home.

But as he called, the record showed his cell signal hitting a tower near his apartment, and gradually shifting to towers near Ms. Woods’s apartment. At trial, when the prosecutor questioned him about the discrepancy, Mr. Cortez changed course, saying he had made some of the calls from a Starbucks.

Examining cell phone data is a technique that has moved from being a masterful surprise in trials to being a standard tool in the investigative arsenal of the police and prosecutors, with records routinely provided by cell phone companies in response to subpoenas. 

Its use in prosecutions is often challenged, for privacy reasons and for technical reasons, especially when the data comes during the morning or evening rush, when circuits are crowded and calls can be redirected to other towers. But it is often allowed and is used by both prosecutors and defence attorneys to buttress their cases.

DLA combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies for the best results.

Wednesday, 20 April 2016

We may never know how the FBI unlocked the shooter’s iPhone

We know now that the FBI was able to gain access to an iPhone 5C belonging to the San Bernardino shooter thanks to an outside security firm. What we don’t know is how it was done or even who did it. We may never know, thanks to the nature of the agreement between the FBI and the unnamed firm.

The government has what is known as the Vulnerabilities Equities Process, which is used to evaluate whether security flaws known by the government should be disclosed so they can be fixed. In this case, the exploit used to bypass the PIN lock on the shooter’s iPhone 5C is considered proprietary information by the company. Meaning, it’s not a publicly available exploit. It was either discovered by the firm, or more likely purchased from whoever uncovered it in the first place.

Having exclusive knowledge of an exploit allows a company to build a tool for bypassing security features, a hot commodity in law enforcement. These undisclosed exploits can sell for thousands, or even millions of dollars. For its part, the FBI probably couldn’t disclose the specifics of the hack even if it was permitted — it doesn’t know anything about the process.

Apple has said it would be interested in fixing the exploit, but it’s unlikely it affects newer iOS devices with hardware security features. The FBI isn’t likely to do Apple any favors even if it did have specifics. After getting a court order compelling Apple to assist with unlocking the phone, the company decided to fight it out in the courts. Virtually all tech firms rallied behind Apple, and the FBI eventually dropped the case and sought outside help. And the end result?Nothing significant has been found on the iPhone.

Digital and cellular forensics is much more than you may think. It requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations. The forensic experts at DLA will follow the electronic trail to find the evidence that you need.

Wednesday, 13 April 2016

Israeli mobile forensics firm helping FBI unlock seized iPhone

The mobile forensics firm Cellebrite of Israel is reportedly assisting the Federal Bureau of Investigation in unlocking a seized iPhone that has become the center of a legal dispute between the bureau and Apple.

The revelation comes two days after the US government tentatively withdrew its demands that Apple write code and assist the authorities to unlock a seized iPhone used by one of the San Bernardino County shooters. The FBI told a federal judge that an "outside party demonstrated to the FBI a possible method for unlocking (Syed) Farook's iPhone." A federal magistrate then tentatively stayed her order demanding that Apple assist the authorities in unlocking the phone.

That same day, according to public records, the FBI committed to a $15 278 "action obligation" with Cellebrite. An "action obligation" is the lowest amount the government has agreed to pay. No other details of the contract were available, and the Justice Department declined comment. Cellebrite, however, has reportedly assisted US authorities in accessing an iPhone.

For now, US-based security experts believe that Cellebrite does have the wherewithal to perform the task.

"I'm really not at liberty to confirm the third party, but based on the techniques I've described in my blog on the subject, I think Cellebrite, as well as many large forensics firms like it, have the capability to perform such tasks," forensic scientist Jonathan Zdziarski told Ars in an e-mail. "DriveSavers, for example, has released statements yesterday suggesting they're almost there. I think the techniques are pretty straight forward for firms like these now that the tech community has had a chance to comment."

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require - contact DLA today!

Wednesday, 6 April 2016

The demand for mobile forensics is continuously growing

Every day, more and more people are using smartphones. The amount of data which is wirelessly transmitted continues to increase at an impressive rate. According to the results of a survey there has been a huge increase in the number of active smartphones since 2011.

If you think about what our cell phones are today, they’ve actually moved away from simple cell phones and evolved into smartphones which are tiny, powerful computers that people are walking around with every day.

Digital forensic experts from DLA say that the value is not just in the cell phone call history and text messages. It’s about the ability to Google search whatever you want and have information at your fingertips. Cell phones have become diaries of people’s lives.

As digital detectives, DLA is trying to find out what was happening in somebody’s life, to whom they were talking, what the contents of those conversations were, and how they relate to the crime being investigated. This is indispensable evidence that can never be overlooked.

Mobile forensics examiners describe how there is probably more probative information found on a mobile device per byte examined than on computers.