Quote:
Originally Posted by billw1032
Just curious what kind of smartphone you have. My Blackberry has a delete key that makes a text message go away. And, wouldn't you do this from a hobby phone anyway?
|
If you have one phone from which you send and receive text messages such as "Can I cum by today?" and "Same address?" or you receive one like "C'mon over baby I'm really WET!" then you're wife is my ideal client in a divorce action. See the following:
Such consumer products, known as synchronization tools, generally don’t meet all the needs of a forensic specialist, because they don’t protect the phone data from tampering, which means that the data might not be admissible in court. Tools developed specifically for the examination of evidence don’t make it impossible to tamper with the data, but they make it easy to prove that tampering did or didn’t happen.
They do this by means of a mathematical technique called hash functions. When the forensic software pulls the data from the phone into the computer, it automatically runs a set of mathematical operations on the data, using those operations to generate a series of numbers. Later, if attorneys or judges question the quality of the evidence, the software again runs the operations on the data file and generates a new series of numbers. If the two sets of numbers don’t match exactly, it’s likely the data changed along the way, which would mean its authenticity could be challenged in court.
The data we’ve been talking about so far comes from the phone’s active memory, stored in static RAM chips built into the phone. This active memory contains the user’s contacts, call history, text messages, images, videos, e-mail, and cached Web pages, as well as basic information about the phone needed to connect it to the network. Phones may also have removable memory cards, usually in the MicroSD format. Most forensic tools pull this data as part of the active memory; the card may also be removed from the phone later and read as if it were a flash-based hard drive. For some phones, that’s where the story ends.
But phones built to the Global System for Mobile Communications (GSM) standard have an additional storage area -- a removable smart card known as the subscriber identity module (SIM). GSM is the most common phone standard outside the United States and is also used by AT&T and T-Mobile USA inside the country. The SIM contains the phone number, along with other authentication and security information that allows the phone to connect to the network. It also acts as a secondary storage bin for contacts, text messages, call history, and other information that the user might want to take with him if he switches to another phone; it’s up to the user whether the phone sends that information to the built-in memory or to the SIM.
The SIM can be a great place to look for evidence, because deleting a text message or contact from the SIM doesn’t necessarily mean that the corresponding data is lost. Instead, it’s simply flagged as deleted, making it no longer accessible to the phone; it doesn’t really disappear until the number of stored messages exceeds the SIM’s capacity, which is typically 20 or 40 messages. Then only the oldest message is pushed out when a new message comes in.
Extracting these hidden messages from the SIM sometimes requires even more software tools. Ideally, a forensic lab would have enough different tools on hand to cover all the cellphone carriers and models sold in its region. But the typical forensics lab can afford only a small proportion of these tools; they’re just too expensive, with prices often in the tens of thousands of dollars. To make the situation even worse, these tools can handle only certain specific sets of data. For any one type of phone, the lab must purchase one piece of software to pull the contacts, call history, and text messages and a second software tool to pull the images, videos, and ringtones. And as a final blow to the lab budget, the tools must be updated frequently to handle new phone models, new versions of phone operating systems, and other technologies.