A case study on mobile victimology from #CACC2014

What is mobile victimology? The concept of “victimology” involves in-depth analysis of a victim’s life, including the normal and abnormal patterns of life over the days, weeks, even months leading up to a violent crime.

Mobile devices help this process because they are so intimately tied to an individual’s life that they often help to fill in incomplete or inaccurate witness statements, surveillance video footage, credit card receipts, and other information.

As this February 2014 article in Police Magazine noted:

Smartphones, GPS devices and other mobile media can be good starting points in any investigation, whether the victim is alive or deceased. The existing, deleted, and hidden data stored on them can help you develop leads to focus your investigation and move it forward. The data can also serve as corroborative or exculpatory evidence, along with mobile carrier data.

In a post-Riley world, of course, getting access to this degree of data requires proper legal authority: written consent, a search warrant, or a defensible exception to the search warrant requirement. Once you do identify the device as a nexus to a crime, however, its evidence can make all the difference.

Case study: mobile victimology in action

Last week at the Crimes Against Children Conference, Ronen Engler, senior manager of technology and innovation joined Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., to present how just this type of analysis helped prove how a rapist had premeditated the murder of his rape victim.

Their session was a corollary to a case study offered by the Dallas County District Attorney’s felony chief, Brandon Birmingham, together with Carrollton Police Det. Dena Williams and the DCDA’s special field bureau chief, Russell Wilson. Over that session, the three detailed how rapist-murderer Franklin Davis Googled the name and location of his victim, Shania Gray, as well as phrases like “Best way to get off a sexual assault charge” and “Gun shows in Mesquite,” after which point he purchased a gun and used social media to harass and intimidate Shania.

Davis also used a mobile app to spoof messages from Shania that appeared to recant her accusations against him, which he then used in his own defense. Our case study, published jointly with DriveSavers, shows how forensic examiners were able to prove definitively that not only had the messages come from his phone, not hers, but also the level of premeditation he engaged in. Davis was sentenced to death in November 2013.

Have a case study you’d like us to feature? Leave us a comment!

Join Cellebrite at these 4 August events!

Cellebrite will be present at four events in the United States during the month of August. Visit us in San Diego, Calif., Santa Clara, Calif., Dallas, Tex., and/or Austin, Tex., to see our latest products demonstrated and to hear our subject matter experts talk about the latest issues and trends in mobile forensics.

August 5-7, 2014: San Diego and Santa Clara

Cellebrite will be at two California-based shows this week: National Technical Investigators Association (NATIA) and the Flash Memory Summit.

At NATIA, held in San Diego, senior trainer Keith Daniels will instruct a hands-on lab, “Extracting and Decoding Mobile Device Evidence with UFED Technology,” on Thursday, August 7 from  3:00-5:00 PM. Here, learn about timeline, analytics, mapping, and other analytical capabilities of the Cellebrite UFED Series, along with how best to preserve the evidence.

We’ll be exhibiting the UFED Series at Booth #417. Stop by with your NATIA “Bingo” card and ask one of our booth staff to stamp our logo on your card.  Once you have collected stamps from all the exhibitors featured on your card, turn the card in to event managers to be eligible for special prizes. These include, among others, a 2015 paid conference fee package!

The same week will see us in Santa Clara for the Flash Memory Summit, being held at the Santa Clara Convention Center. There, Ronen Engler, senior manager of technology and innovation, will present “Micro Storage, Macro Crimes” on Wednesday, August 6 from 8:30-9:35 AM.

In this session, understand how developments in data protection, prepaid and unsupported devices, and app proliferation challenge investigators, and what workarounds are available. Learn not only what can be retrieved, but also how examiners analyze it once they have the raw data—and what it all means for criminal cases both now and into the future.

August 11-14, 2014: Dallas

The week following will see Cellebrite exhibiting at the Crimes Against Children Conference (CACC) in Dallas, Texas at Booth #5. Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., will join Ronen Engler to present a workshop on “Mobile Victimology: How Mobile Data Can Help Focus Investigations.”

The workshop will take place Tuesday, August 12 from 10:00-11:30. Hall will be bringing to bear a case study on how DriveSavers forensic examiners used UFED Physical Analyzer to help prosecutors build a capital murder case against a rape and murder suspect in Texas. The case demonstrates what mobile device usage can reveal about victims, suspects, and where their paths cross via carrier call detail records, social media graphs, and other data sources.

CACC is sponsoring a tablet giveaway! Participants in this workshop will receive one entry for a chance to win this giveaway. To win, you must be present Wednesday evening at the social event. See the CACC’s final program for more details.

August 25-27, 2014: Austin

Cellebrite is proud to be a Gold Sponsor of the High Tech Crime Investigation Association (HTCIA)’s annual conference, held this year in Austin, Texas. In addition to exhibiting at Booth #201, we’re pleased to offer all conference participants the opportunity to attend our five lectures and hands-on labs.

Tuesday at 3:30PM, we’ll present a lecture, “Mobile Devices: Extraction Methods and Advanced Decoding,” covering forensic workarounds for recent advancements in mobile device hardware and operating systems, developments in data protection, prepaid and unsupported devices, and app proliferation. Learn not only what can be retrieved, but how to analyze it once you have the raw data.

Each hands-on lab, “Basic Mobile Device Extraction with Cellebrite UFED4PC” and “Introduction to UFED Physical Analyzer,” will be presented twice on Wednesday for a total of four sessions that day. Join Cellebrite Forensic Training staff to learn how to get the most from UFED extraction and analysis software.

Whether you’re new to Cellebrite or a long-time customer, we look forward to seeing you and hearing about your mobile forensics experiences!