Our technology is tracking us, and this location data can be a major factor in many types of investigations. Given the connected world we live in, people may not be aware of the fact that everything they do, and nearly everywhere they go, their phones or devices can potentially track it. Unless someone is willing to forgo technology altogether, they will almost certainly be creating location data that can be utilized as evidence.
Not only do our devices record more information about our location history, but they are also recording more kinds of location data. The sources of location information are no longer reserved for GPS units and phone records. Your mobile phone is recording your location activity so it can act as a personal assistant, able to inform you when traffic is heavy when it predicts your about to leave for work. Your digital camera includes geolocation coordinates in the metadata of the pictures you take. The infotainment system in your car can be recording where you go, even if you have no location set for navigation. And this is only scratching the surface.
Given the breadth of location evidence sources, and the depth of complexity for each individual source, our digital forensics division has a dedicated team of certified experts who specialize in location forensics.
Cellular Location Analysis
Despite the increased prevalence of call detail records being used in cases, both for determining historic location (or CSLI -Cell Site Location Information), or user activity, many are still unaware of how valuable this information can be in litigation or investigative matters.
What is a Call Detail Record?
A call detail record contains transactions between a cell phone and the wireless phone network. These transactions are automatically collected by the wireless phone company’s equipment and stored for a period of time, anywhere from a few months to years, depending on the wireless company’s policies.
The fact that call detail records are created as the result of the customer’s phone using the wireless phone company’s network provides legal proof that the service (voice, data, and text) is being provided. This means that if you call the wireless company and complain about not getting any service, they will pull your call detail records to see if that is actually the case.
Each call detail record contains technical details about each transaction your phone has with the wireless phone company’s network, such as the date and time of the phone call or text message. Each record may also contain the starting and ending cell tower used for a phone call and, in some cases, text messages and data sessions.
How Call Detail Records Are Used
Determining Historic Location
Call detail records can contain the cell tower used for a phone call and in some cases, text messages and even data transmissions. This associates a phone call/text with a cell tower location. By associating the activity with a cell tower, it is possible to determine an approximate location. This location information is often used in the establishment or discrediting of an alibi. However, beware that each type of transaction, voice, data, or text, may have different timestamps, and location information that is or is not reliable. You need an expert to assist you through that process.
Show “User” Activity
Determining user activity in a distracted driving accident is becoming an increasingly hot topic, both in civil and criminal cases arising from motor vehicle accidents.
Compared to a cell phone, call detail records have a limited set of information. This makes them easier for legal counsel to obtain. While a cell phone will tell you more, call detail records can still tell you a great deal of information related to voice calls, call forwarding, and text message and data transactions for particular service providers.
How to Get Call Detail Records
Call detail records can be obtained via subpoena to the wireless phone company. Example subpoena language can be found in our Digital Forensics Resource Packet. This guide also informs you what to expect to receive from different providers, be it Sprint, AT&T, Verizon, Metro PCS, or others.
There is an increased prevalence of Call Detail Records (CDRs) used in legal cases to determine the historical location and user activity of a person of interest. Despite this, many are not be fully aware of how this information can make or break a litigated case or investigative matter. This type of evidence needs to withstand all forms of scrutiny, and choosing the proper expert is vital. Our cell phone location experts have worked on numerous, well-known, high-profile legal cases and are here to answer any questions, provide a thorough analysis, and help you uncover the truth.
Location data is often of great interest in litigation when attempting to establish or challenge an alibi. Today, almost every smartphone has a GPS receiver. This GPS data is used to track your location even when you are not utilizing navigation software or applications. It uses this information to provide you with restaurant recommendations near you, tag your Instagram photos with the geo-location data, allow you to see who is near you from your LinkedIn network, or give you a heads up on how long the drive home might take with current traffic.
Other than the mobile phone, GPS devices today include personal GPS devices and auto, aviation, and marine devices. Envista has certified GPS examiners on staff who can properly collect data from GPS devices in a forensically sound manner and analyze the data using state-of-the-art forensic tools and mapping technology.
Understanding Global Positioning System (GPS) Forensics
With GPS, each satellite in the system transmits navigation data toward the Earth that contains the satellite’s position, a timestamp, and the health of the satellite. When a GPS device can receive signals from at least three satellites at once, the device itself can calculate its position in two dimensions, latitude and longitude. This process is called triangulation.
For a GPS device to calculate its position vertically for altitude, it must be able to receive signals from at least four satellites at the same time. This process is called trilateration.
The satellite signal data is refreshed every thirty seconds, once at the top of the minute and the bottom of the minute.
For the device to calculate its position, it needs to know the position of each of the satellites, the time it took for the signal to reach the device itself, and whether the satellite is healthy. Since the satellite travels at a known velocity, the data provides enough information for the device to perform the calculations.
The data contained in the signal is used by the GPS device to perform calculations not only for a position but also for direction (orientation) and speed. Bear in mind that direction and speed are derived values based on how the device is programmed to perform the calculations. Since device software is proprietary, the exact method and accuracy of the derived calculations can vary by manufacturer and model.
While the most basic GPS units only record waypoints and track points, GPS-enabled cellular phones and connected GPS units can contain a great deal more data that may be of evidentiary value.
Information from GPS Devices Can Include:
- Historic Locations
- Favorite Locations
- Trackpoints (locations where the GPS has been)
- Tracklogs (Complete list of Trackpoints the unit has created)
- Waypoints (locations where the user was physically and saved as a location of interest)
- Routes (custom series of Waypoints created by a user to navigate in a specific order)
Forensic Radio Frequency Verification (Drive Testing)
Worldwide, juries are presented with a Call Detail Record (CDR) and cell phone location information as part of trial evidence. This information can sometimes exonerate or convict an accused. However, today, many verdicts are under review worldwide due to improper analysis of cellular CDRs. Specific verification techniques can help further confirm the accuracy and completeness of a CDR analysis; these survey techniques are called forensic radiofrequency verification, often referred to as drive testing.
What is Forensic Radio Frequency Verification (Drive Testing)?
Forensic radio frequency verification, commonly referred to as drive testing, is performed using specialized techniques, hardware, and software, to collect data on radio frequencies in an area of interest. Our location forensics experts use this data to determine the actual coverage area of a cell tower and its sectors. From there, they can create what’s known as a propagation, or coverage map, for a specific tower. With that information, it is easier to pinpoint and determine if a cell tower has optimal service for a phone that may be reviewed as part of a legal investigation.
The Value of Radio Frequency Surveys (Drive Testing)
When we receive information concerning CDRs, we only know the tower and sector in which a phone was connected at a particular time. Radiofrequency engineering data is not provided to an examiner. Using a drive test, the examiner can now see:
- Areas of the tower that are stronger than others
- Areas that have hot spots (or cell tower coverage that bleeds into others, creating spots of coverage that allow someone to connect to a cell tower farther away than expected)
- Areas that may not have coverage
- Other factors that may have affected signal coverage such as nearby wooded areas, bodies of water, large buildings, or topography
In other words, we can determine in much greater detail the likelihood of a cell phone connecting to a particular location. This data is used to validate claims concerning a person’s location or challenge it if the radio frequency data collected through drive testing doesn’t coincide with the mapping from call detail records alone.