A case study on mobile victimology from #CACC2014

What is mobile victimology? The concept of “victimology” involves in-depth analysis of a victim’s life, including the normal and abnormal patterns of life over the days, weeks, even months leading up to a violent crime.

Mobile devices help this process because they are so intimately tied to an individual’s life that they often help to fill in incomplete or inaccurate witness statements, surveillance video footage, credit card receipts, and other information.

As this February 2014 article in Police Magazine noted:

Smartphones, GPS devices and other mobile media can be good starting points in any investigation, whether the victim is alive or deceased. The existing, deleted, and hidden data stored on them can help you develop leads to focus your investigation and move it forward. The data can also serve as corroborative or exculpatory evidence, along with mobile carrier data.

In a post-Riley world, of course, getting access to this degree of data requires proper legal authority: written consent, a search warrant, or a defensible exception to the search warrant requirement. Once you do identify the device as a nexus to a crime, however, its evidence can make all the difference.

Case study: mobile victimology in action

Last week at the Crimes Against Children Conference, Ronen Engler, senior manager of technology and innovation joined Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., to present how just this type of analysis helped prove how a rapist had premeditated the murder of his rape victim.

Their session was a corollary to a case study offered by the Dallas County District Attorney’s felony chief, Brandon Birmingham, together with Carrollton Police Det. Dena Williams and the DCDA’s special field bureau chief, Russell Wilson. Over that session, the three detailed how rapist-murderer Franklin Davis Googled the name and location of his victim, Shania Gray, as well as phrases like “Best way to get off a sexual assault charge” and “Gun shows in Mesquite,” after which point he purchased a gun and used social media to harass and intimidate Shania.

Davis also used a mobile app to spoof messages from Shania that appeared to recant her accusations against him, which he then used in his own defense. Our case study, published jointly with DriveSavers, shows how forensic examiners were able to prove definitively that not only had the messages come from his phone, not hers, but also the level of premeditation he engaged in. Davis was sentenced to death in November 2013.

Have a case study you’d like us to feature? Leave us a comment!

Visit with Cellebrite at upcoming events this July

July will be a busy month for us, as we present at four shows in the United States and Brazil. Read on for details about our talks regarding best practices for effective mobile forensics, data analytics, mobile forensics and school safety, and our latest contributions to the mobile forensics workflow:

July 9-10: SANS DFIR Summit

SANSlogoJoin us tomorrow and Wednesday at the Omni Austin Hotel Downtown for the 2013 SANS DFIR Summit. Tomorrow from 12:30pm – 1:45pm we’ll be holding a Lunch & Learn in the Lone Star room – Ballroom Level. There, forensic engineering product manager Ronen Engler will discuss “Using Data Analytics to Focus and Streamline Forensic Exams.”

Both Tuesday and Wednesday we’ll be available at our booth in the Capital Ballroom Foyer – Ballroom Level. Join us there as well!

July 14-16: NASRO

JOSS Conference BannerCurrent case law supports searches of student mobile devices when school officials have a reasonable suspicion that the student has violated school policy, or the law. At the National Association of School Resource Officers (NASRO) Conference, we’re offering an exhibitor demo on best practices, data analytics and the documentation SROs need to communicate their methods to school administrators, parents and students.

Join us on July 16 from 11:20am – 12:00pm on L4 – Level 1 of the Rosen Shingle Creek Hotel in Orlando, Florida, where sales engineer Lee Papathanasiou will detail what data might support or disprove allegations of bullying, assault, drug abuse, dating violence, property crimes and even school violence. We’ll also be available to talk at Booth #11 in the Panzacola F Ballroom – Level 1.

July 16-18: NATIA

memphis_small_natiaThe National Technical Investigators’ Association (NATIA) gives exhibitors three days in their week-long conference, and we’ll be at the Memphis Cook Convention Center (Memphis, Tennessee) in Booth 344 offering demos of UFED Link Analysis, UFED Touch and other products.

We’re also presenting a 2-hour lecture session on two days: July 16 from 5-7pm, and July 17 from 10am – 12pm. In “Secure, Extract, Analyze, Act – Best Practices to Seize, Process and Follow the Data Where It Leads,” forensic sales director Keith Daniels and forensic engineering product manager Ronen Engler will help you understand the best practices that help you build stronger cases and better credibility, as well as how to get more meaningful leads that you can put to work right away in an investigation.

July 23-25: ISS World LATAM

ISS WORLD Latin America 2013ISS (Intelligence Support Systems) World Latin America is the world’s largest gathering of Latin American law enforcement, intelligence and homeland security professionals. At this conference, Cellebrite LATAM’s Nicolas Mauricio Wernicke will be presenting on the latest ways we are “Revolutionizing Mobile Forensics.”

Are you attending any of the above events? Be sure to visit with us once you’re there!