Lt. Josh Moulin: Cellular Phone Evidence

 

Lieutenant Josh Moulin supervises the Central Point Police Department’s Technical Services Bureau and is the Commander of the Southern Oregon High-Tech Crimes Task Force. He is one of approximately 470 Certified Forensic Computer Examiner’s worldwide and has been trained by a variety of organizations in digital evidence forensics. Lt. Moulin has also been qualified as an expert witness in the area of computer forensics and frequently teaches law enforcement, prosecutors, and university students about digital evidence.

Beginning his public safety career in 1993, Josh started in the Fire/EMS field working an assortment of assignments including fire suppression, fire prevention, transport ambulance, and supervision. After eight years Josh left the fire service with the rank of Lieutenant and began his law enforcement career. As a Police Officer Josh has had the opportunity to work as a patrol officer, field training officer, officer in charge, arson investigator, detective, and sergeant.

For further information about the Central Point Police Department please visit www.cp-pd.com, and for the Southern Oregon High-Tech Crimes Task Force visit www.hightechcops.com. To reach Lt. Moulin you can e-mail him at joshm@hightechcops.com.

Cellular Phone Evidence

When cell phones were first introduced criminals wasted no time putting them to use for their criminal enterprises. A favorite tool of drug dealers, having a cell phone eliminated the need to find the neighborhood phone booth to make all their dope calls. Law enforcement would seize these early cell phones and manually go through the information available, which at that time were a phonebook and a call log if they were lucky.

As the years went by cell phones progressed to being able to store large contact lists including phone numbers, addresses, e-mail addresses and names, call logs that kept history of incoming, outgoing and missed calls, and special ring tones provided by the manufacturer. In many criminal cases investigators are interested in who the phone owner called, who called them and who their associates were. With cell phone forensics not available yet, most investigators would hand write all of the information from the phone, a slow yet effective way to get what was needed.

Speed up to 2008; cell phones are now nothing less than small personal computers. Cell phones have the ability to store contacts, call logs, music, pictures, videos, e-mails, text messages, documents, spreadsheets, ring tones and even have built-in color still and video cameras. The amount of evidence that can potentially reside in the memory of a cell phone is mind-boggling.

As cell phones continue to act more like computers, the days of the on-scene investigator “browsing” the contents of a phone is quickly coming to an end. If a police officer browses the contents of a phone in a non-forensic manner there is the potential of changing or destroying evidence, which could damage the case and certainly call the officer’s action into question in court.

With cellular phone forensic training and equipment available to law enforcement for the past few years, an investigator can send a cellular phone off to a forensic lab and generally get back a large amount of data. In our lab it is very common to recover pictures and videos taken by the cell phone, which clearly show criminal activity and can become crucial in a case. I can’t count the number of times I have examined cell phones for a narcotics case just to find pictures of the suspect possessing, manufacturing, or using drugs. I have also had several sex abuse cases where the suspect actually videotaped committing the sex crime with the cell phone.

Since there is no standard when it comes to how cell phones are manufactured, there is no “catch-all” forensic software suite or tools that will examine all phones. Forensic labs that do cell phone examinations often have several different software applications and dozens, if not hundreds of data cables to interface with all the phones on the market. Cell phone forensics is a quickly evolving field that can be expensive to stay in.

In addition to the internal phone memory, many cell phones are equipped with a SIM (Subscriber Identity Module) card. This SIM card, which is about the size of a postage stamp, contains information about the phone, which allows it to authenticate on the network, as well as other data. SIM cards can contain contact information, last numbers dialed, text messages, deleted text messages, and more.

Compiled with all the evidence located on the actual phone itself and a SIM card (if present), getting information from the cellular service provider can give investigators enormous insight into a case. After serving sufficient legal process on the cell provider information such as tower locations, call logs and subscriber information are made available to law enforcement. It is possible in many cases to use GPS coordinates and tower locations given by the provider to track the movements of a cell phone. In a case where police are trying to place a suspect at the scene of a crime, this can be invaluable.

background: #bd081c no-repeat scroll 3px 50% / 14px 14px; position: absolute; opacity: 1; z-index: 8675309; display: none; cursor: pointer; top: 516px; left: 20px;”>Save