New technology constantly provides new challenges and opportunities for evidence gathering. The forensics unit of your department handles all the electronic data recovery for computers and cellular phones. By working with them, you may be able to tap into a surprising new source of information that can give you an ace in the hole when confronting a suspect. The story below illustrates how a forensics unit processes both physical evidence from a handset and historical data from a cellular provider to aid in a crime investigation.
Samantha & Little T
In August 2006, a teenager named Samantha was killed by a 9mm bullet intended for someone else. It was apparent to investigators she was the innocent victim of a gang shooting, but no witness was willing to come forward for fear of retaliation. A break came when police heard of a subject bragging that “I was there with the shooter,” a fellow called Little T. But when they brought in Little T for an interview, all investigators got from him was his name, birth date, social security number, address, cell phone number and a request for a lawyer. When no one would place Little T on scene that night, it looked like a dead end.
But two cell phones had been seized from the scene that night. Police obtained a search warrant for the data on the phones, and the forensics unit analyzed each phone’s call history. Both listed several numbers that had been dialed before and after the shooting, including the cell phone number Little T had provided. This was enough to serve a search warrant on the cell phone carrier for Little T’s call history.
The records investigators obtained included the location of the cell phone towers that transmitted and received Little T’s calls, which allowed them to plot the tower locations and call times onto a map. The result: a series of points that connected like a dot-to-dot puzzle showing a path from Little T’s residence to the shooting location and back. When confronted with this evidence, Little T and his attorney settled out of court for a 30-year sentence.
Call Detail Records
Each cellular phone provider stores and maintains subscriber records. These records include not only subscriber information, such as name, address and birth date, but call-detail records, which contain data regarding incoming and outgoing phone numbers, and the towers that transmitted these calls. The telephone companies keep this information for their own billing needs and to track network usage and maintenance needs, but they can make this information available to law enforcement with the proper paperwork.
The providers don’t keep this information indefinitely due to the cost of storing this huge amount of raw data. A good rule of thumb: A carrier will likely hold records for 90 days. Because this may not be enough for you to compile the information needed for a court order, you must keep the potentially useful records from being purged.
A preservation order letter simply tells the phone company what cellular records you need preserved. It doesn’t require judiciary oversight or an attorney’s signature, and you can send it to the provider via fax. The records you request will typically be held for only 90 days from the date of receipt, unless you “refresh” the preservation request for an additional 90 days at a time. The provider will honor your request, but only for the data that was originally requested, not new calls.
Preservation order letters are extremely important if you need text messaging content; the providers store this information for only a short time, if at all, so you would need to move fast.
Once the investigators have gathered enough information, they compile an affidavit for a court order for the records. With judicial oversight in place, the court order for the cellular data can be faxed to the telephone company. You’ll need a search warrant to obtain location information (i.e., towers utilized) for incoming and outgoing calls, and for the content of text messages or email. You can obtain basic subscriber information with a subpoena duces tecum.
In addition to the basic subscriber information, call detail records allow an investigator to characterize any incoming and outgoing calls by their dates, times and duration, and the location of the transmission towers. As discussed above, this powerful information can be used to plot a suspect’s movements and corroborate or discredit their story.
This information is out there, and the cellular phone companies will share it with you. Why not work with your forensic unit and take advantage of this valuable tool?
1. Get a preservation order first. This will ensure the phone company holds onto the data for 90 days.
2. To obtain general subscriber records, you’ll need a subpoena or a search warrant.
3. To obtain cell tower information and message content, you’ll need a search warrant.
4. Get the current tower locations from the phone companies, which are always adding cell sites.
5. Cell phone records track the handset, not necessarily the suspect.
To access a law enforcement database with phone-company contact information, and to see sample subpoenas, search warrants and preservation orders, visit www.mfi-training.com. For training dates, speaking locations and MFI company information, visit www.mobileforensicstraining.com.