The Madison, Wis., Police Department takes a CSI approach to extracting evidence from mobile devices.
On the popular television series CSI, detectives and criminalists use technology to gather electronic evidence from cellphones and mobile devices during an investigation. Much like the TV show, the Madison, Wis., Police Department finds that technology is key for collecting such forensic evidence once the devices in question are in their possession.
Madison PD detective Cindy Murphy said that cellphones often contain information relevant to an investigation, particularly in cases that involve stalking, homicide and illegal drugs. To extract information from cellphones, like text messages, call history, photos, or other data, police department staff have utilized Cellebrite technology. Since 2006, they have used the tool for critical mobile data visualization.
According to Cellebrite, the technology can extract data and passwords from thousands of phones, smartphones, portable GPS units and tablets - even phones manufactured with Chinese chipsets. The technology can also perform physical extraction and decoding on platforms including BlackBerry, iOS, Android and Nokia.
By connecting a cellphone or mobile device to Cellebrite’s hardware component, the data can be pulled out of the phone. Using its software component, the department can then analyze the data, Murphy said.
However, the department can only legally extract cellphone data if the device was obtained with a search warrant or if a witness provided consent to have his or her cellphone information used for investigative purposes.
Warrant exceptions do exist, for example, in cases of life and death situations. Murphy said if such conditions arise, the department can get the green light to use the extraction technology. In cases that deal with illegal activity like drug deals, suspects might take photos on their phones of the illegal narcotics. If the police obtain the phone, the photos can be used as evidence later in court, Murphy said.
“Bad guys always like to take pictures of their drugs, their guns and their girlfriends,” Murphy said. “If you want to brag to your buddies about what you’ve just done [sharing photos] is one way to do it.”
But unlike on CSI, where cellphone data is extracted for forensic examination in a matter of seconds, Murphy said the process takes much longer in reality. Phone type and the kind of data the department is looking to extract from a phone factor in to the length of the recovery process.
Extracting text messages may be as quick as 15 minutes, but performing full data recovery on a cellphone requires additional forensics, which can take days or even weeks. Depending on the phone’s make and model, the department may also be able to recover a device's deleted material.
In many cases, Murphy said the department successfully recovered deleted text messages, videos and call history.
Outside Wisconsin, other law enforcement agencies have also deployed Cellebrite technology to help collect evidence from mobile devices. The Anderson, S.C., Police Department and the Sacramento County, Calif., Sheriff’s anti-gang task force, are among the users, according to a Cellebrite press release.
“The more we can do in the field to identify leads and cut short criminal operations, the faster we can complete our investigations,” said Dan Morrissey, the task force’s commander of the Intelligence Operations Group, in the release.