There are more mobile telephones in the UK then there are
people this pervasive technology impacts on almost all areas of industry and
life. Unsurprisingly, mobile communications have enabled old crime to be
effected in new ways and mobile telephones are increasingly forming a part of
criminal prosecutions, where linkages between individuals or evidence of being
at the scene of the crime is provided by an analysis of the digital evidence
available within the mobile phones.
At the heart of every mobile telephone is the Subscriber
Identity Module (SIM), a small fingernail sized chip, responsible for service
with a telecom network provider.
Digital Evidence From SIM Cards:
Despite limited memory capacity, the SIM contains a wealth
of information that, when considered in context, can greatly aid lawyers in
their case preparations:
¢ Stored telephone numbers/contacts.
¢ Listings of ˜Last Dialled Numbers”.
¢ Text messages received, sent, drafted or deleted.
¢ General location information from last use.
¢ References to overseas network providers that have been
used.
Common Questions:
Q: Could the SIM card have been cloned?
A: SIM cards produced after June 2002 employ the COMPv2
algorithm which provides a number of technical and security safeguards to
prevent unauthorised modification. Despite media reports, the cloning of modern
SIM cards is an extremely rare practice.
Q: Can my PIN code be cracked?
A: SIM card information can be locked using a four digit ˜Personal
Identification Number”. RIPA contains provisions to force disclosure of
passwords, however, it is usually easier to request a ˜Phone Unlock Key” (PUK),
enabling PIN settings to over- ridden, from the Data Protection Officer (DPO)
at the relevant network provider.
Q: PAYG SIMs are untraceable!
A: With ˜Pay As You Go” (PAYG) there is no formal contract
with a network provider (e.g. Orange) to enable a customer look-up, however, ˜Call
Data Records” (CDRs) are still available from the network provider, providing
information as to patterns of communication, calls to/from, time/dates etc. By
mapping this information to known acquaintances of the defendant, considering
the evidence in the context of other material (such as messages recovered from
the telephone handset) and undertaking Cell Site Analyses (CSAs) 3 it is
possible to prove/disprove ownership of a handset.
Q: Does the SIM reveal who I’ve been in touch with?
A: Even without the disclosure of Call Data Records (CDRs)
from the network provider, the SIM provides a plethora of useful information
relating to contacts in the form of ˜Last Numbers Dialled” (LND) and sections
of the ˜Contacts Directory”. Numbers that haven”t been saved may still show up
in the LND.
Q: Can a telephone handset be uniquely identified?
A: Mobile phone handsets are assigned unique 15-digit
numbers, known as the International Mobile Equipment Identifier (IMEI), which
is passed to the network provider before communication services can be
utilised. This serial number allows specific handsets that have been stolen or
blacklisted to be blocked from a network irrespective of what SIM card is
inserted. Defences suggesting that a given handset has been ˜found” and is not
owned by the suspect are unlikely to hold water if Call Data Records (CDRs) show
a pattern of usage that indicate the owners identity.
Q: What about sending anonymous texts?
A: They are not really that anonymous... If they are being
sent via an internet service, there is typically a log retained by the site
provider as to the computer IP address that sent the specific message this can
ultimately be tied by to an Internet Service Provider (ISP), and in turn a
specific subscriber. If anonymous texts have been sent from a mobile telephone typically
a PAYG handset/SIM the uniquely assigned International Mobile Subscriber
Identifier (IMSI) code embedded in the SIM can be used in concert with CDRs to
provide compelling evidence as to the sender identity.
Q: Can deleted text messages & numbers be recovered?
A: Data content (especially multimedia formats) is primarily
stored on the handset or on a removable memory stick. The general rule of thumb
is that any data that has been deleted can be recovered, however, if it has
been over-written it does make the process more complex and the chances of
success reduce with every over-write.
Q: Is possession of multiple SIM cards indicative of
wrongdoing?
A: Not at all - many individuals are discovering that they
can benefit greatly from the free text and talk allowances granted on mobile
phone contracts by having two or more SIMs (typically with different network
providers). Adapters are available to connect multiple SIMs to a handset
simultaneously.
Q: Where can lawyers find an expert in this field?
A: There are plenty of expert witness directories out there
- especially online. But if you are trying to find an expert witness make sure
that he or she has the necessary skills not only to analyse the equipment and
data and prepare an unbiased, objective report, but also has experience
delivering oral testimony, should that be required. A recommendation from a
fellow professional will help in making your choice.
Did you know?
The SIM card will often contain a reference to the last
network base station that it communicated with before being disconnected from
the telecoms network.
If the SIM card has been used overseas, it is possible to
retrieve a reference code from the card that will indicate which
national/regional network provider was used.
Language preferences can be stored on SIM cards useful
intelligence for investigators which can open up new avenues of enquiry.
0 comments:
Post a Comment