​​Leverage  Investigations

Phone Forensics

We utilize Cellebrite and Oxygen Forensics software.  Never rely on a service that only has one solution.  We perform the acquisition, and analysis in house.  Don't be fooled by a company that is reselling services from a bulk forensics lab.  That is not us.  You will talking talking with our investigator multiple times during a case.  You are not going to be left hanging with a thumb drive and a 2000 page report of data.

317-660-1474

Fishers IN 46038 us
What is a Cellular Extraction


How is a forensics cellular extraction done?

Device must be isolated from any network connection to prevent any changes in the data stored on the device. Any extracted data must be an identical copy of what was on the device.  This includes un-allocated (unused or deleted) Space.  When you do a copy paste you are only copying the visible file structure, NOT the hidden files and not the un-allocated space. Extraction software must be able to acquire a file system, or image of the device. The Software used must have the capability to then re-organize to copied data (without changing a and allow the examiner to build a forensics report that is easily understood by the common person, as well have a forensic trail (called Hash Marks). The system and procedures used must be commonly accepted within the forensics community.  In laymen’s terms, it has to of proven itself with its technology, software, and forensics process.  A “new” product will need to be tested and compared with standard results.  Then results need to be proven to have been acquired within a forensics means.   (did it get data without compromising the evidence).

What is a Forensic Exam

An exam is a slow and methodical investigative sifting and analyzing the data acquired from a forensics extraction.  If you are looking for a specific set of parameters then that is not as slow of a process as you would think.  If don’t know what you need,  then everything must be examined and the forensic examiner needs to be up to speed on the parameters of the case so they know what might be significant.  The data is correlated and bookmarked within the report so it can be easily referenced as evidence.  Software and hardware from Cellebrite, Oxygen Forensics, SecureView, Belaksoft, XRY, Paraben, EnCase, and other similar brands provide excellent results.  There is never 1 solution that solves all phone forensics exams, restrictions from the device model and operating system version can affect what each varied forensic software can obtain from the records.

Why is a forensic method of extraction critical

Once that device is connected improperly, anything acquired can be called into question in court.  If this is a criminal trial, or a substantial civil trial;  that could be the difference between freedom or a large financial loss or gain.  That data can be considered questionable and that act (improper exam)  can taint the evidence within the device itself, a lawyer could argue that the improperly done exam changed the original device records.  A forensic device is first design around preserving electronic evidence and  NOT altering the data, then copying the unaltered data to a new destination storage media for exam.  That copy will match forensic hash marks with the original if the copy needs to be verified.

Some of the kinds of data that may be retrieved and examined during a cell phone forensic investigation, even after being deleted, include:

Call Logs – times, frequency, dialed and received calls, and call duration
Text messages or SMS messages
MMS Messages / Picture or Video messages
Browser History & Internet searches
GPS locations from cell towers, internet activity or pictures and videos
Wifi Access locations
Geo Tagging within images and videos
Photo Meta data
Voicemails
Downloaded App & App Data ( communications within apps)
Account names & Passwords
Email Messages, Contact,  names & phone numbers
Address book entries; pictures, bithdays, residential addresses and email addresses
Photos & graphics
Videos
Wi-Fi Connections & passwords

*Deleted data can be recovered in all these categories.

It is not the raw data that is impressive, but the investigative  research done with that data to determine, how, what, when, where, how often and more.  Often the term “EVERYTHING” can be recovered, but this term is dependent on the specific device model and operating system.

We are certified examiners, the processes and equipment we use are not readily available to a typical investigations firm, we are one of the only firms in Indiana using the cutting edge forensic equipment.  We have invested resources into this growing field to stay ahead of the curve.  There is not just one forensic system we use, we have multiple systems to make sure that we can produce results.  There is never just one, do it all tool in any job, cellular forensics is the same way.  Don’t bring just a hammer and expect the job to be done right.  Our examiners can stand up in court and the data and procedures we use will allow the evidence to be presented on a rock solid base.  A single phone record could exonerate you in a criminal charge.

Remember with the explosion of the phone industry, the carriers are reducing the records they keep because of the large volume of data.  The cellular data once purged from the carrier’s system is gone, unless you have either one of the phones.  If you are lucky and do get the last 30 days of text activity, there is no content, just a phone number that a message was sent.  Don’t forget that the carrier will not release records to you without a search warrant or court order.  Yes, you have to get a court order to get certain records from your own account!