A case study on mobile victimology from #CACC2014

What is mobile victimology? The concept of “victimology” involves in-depth analysis of a victim’s life, including the normal and abnormal patterns of life over the days, weeks, even months leading up to a violent crime.

Mobile devices help this process because they are so intimately tied to an individual’s life that they often help to fill in incomplete or inaccurate witness statements, surveillance video footage, credit card receipts, and other information.

As this February 2014 article in Police Magazine noted:

Smartphones, GPS devices and other mobile media can be good starting points in any investigation, whether the victim is alive or deceased. The existing, deleted, and hidden data stored on them can help you develop leads to focus your investigation and move it forward. The data can also serve as corroborative or exculpatory evidence, along with mobile carrier data.

In a post-Riley world, of course, getting access to this degree of data requires proper legal authority: written consent, a search warrant, or a defensible exception to the search warrant requirement. Once you do identify the device as a nexus to a crime, however, its evidence can make all the difference.

Case study: mobile victimology in action

Last week at the Crimes Against Children Conference, Ronen Engler, senior manager of technology and innovation joined Michael Hall, chief information security officer at DriveSavers Data Recovery, Inc., to present how just this type of analysis helped prove how a rapist had premeditated the murder of his rape victim.

Their session was a corollary to a case study offered by the Dallas County District Attorney’s felony chief, Brandon Birmingham, together with Carrollton Police Det. Dena Williams and the DCDA’s special field bureau chief, Russell Wilson. Over that session, the three detailed how rapist-murderer Franklin Davis Googled the name and location of his victim, Shania Gray, as well as phrases like “Best way to get off a sexual assault charge” and “Gun shows in Mesquite,” after which point he purchased a gun and used social media to harass and intimidate Shania.

Davis also used a mobile app to spoof messages from Shania that appeared to recant her accusations against him, which he then used in his own defense. Our case study, published jointly with DriveSavers, shows how forensic examiners were able to prove definitively that not only had the messages come from his phone, not hers, but also the level of premeditation he engaged in. Davis was sentenced to death in November 2013.

Have a case study you’d like us to feature? Leave us a comment!

Join us one month from today at Mobile Forensics World!

Techno Security Conference   Computer Security ConferenceThe agenda is set and we’re hoping to see you a month from now! As the Host Sponsor of Mobile Forensics World 2013 at Myrtle Beach, SC, Cellebrite has obtained unlimited FREE VIP registrations* — a $1395 value — for this year’s conference being held on June 2 – 5, 2013. Why should you grab one?

Technical education

During MFW, plan to learn how to:

  • Explain probative smartphone and tablet evidence to attorneys as John Carney, CTO of Carney Forensics, describes issues with mobile security and forensics.
  • Decode unsupported iOS apps as Joe Church, Founder/Owner of Digital Shield, discuss the apps’ different data structures and methods.
  • Analyze gang members’ and terrorists’ communications towards curbing violence. Sgt. Dan Morrissey, of the Sacramento County (CA) Sheriff’s Office, will describe how his team applies link analysis.
  • Understand how terrorists communicate via mobile device and social media apps. Majid Hassan, Director of CAPIT, will go in-depth on how mobile devices are more than IED triggers.
  • Verify commercial tools’ malware scanning utilities via Linux Ubuntu’s free built-in capability Carlos Cajigas and Pete McGovern of EPYX Forensics will provide a step by step process.
  • Recover and analyze PC backups as Gilad Sahar, Cellebrite’s Decoding Research Team Leader, compares this type of data with data from a full physical extraction.
  • Access valuable data on locked Android devices that have been subjected to zero-day attacks with Nadav Horesh, Cellebrite Extraction Research Team Leader.

Finally, don’t miss this year’s panel. Six months after the release of the “Mobile Forensic Trends for 2013” white paper, join industry subject matter experts as they talk live about the predictions they made and the latest trends they see in “Trends in Mobile Forensics: Midyear Review.”

Cellebrite presentations

In our company track, we’ll cover how Cellebrite’s UFED Series supports mobile forensics in the lab, on the battlefield, or anywhere in between. We’ll also present how to use automated link analysis tools like UFED Link Analysis to get more actionable leads in an investigation; forensic support for name-brand and knock-off smartphones manufactured with Chinese chipsets; an in-depth demo of UFED Touch extracting and decoding smartphone and tablet evidence; and finally, how Cellebrite engineers develop password bypass solutions beyond the bootloader.

Monday’s Night at the Arcade!

Monday evening, we’re co-hosting a party out on the veranda. Together with Techno Security Host Sponsor Nuix, we’re offering food, an open bar, games including air hockey and an X-Box tournament (with prizes), and raffles. Come to network and win!

Also be sure to register for our two-part lunch & learn, “Collect with Cellebrite – Process with Nuix.”

Pre-Conference Certification Training

We’re also pleased to offer pre- and post-conference training. From Friday, May 31st through Sunday, June 2nd, Digital Shield Inc. will hold Cellebrite’s 3-Day Ultimate Certification Course. Click here to register for this class.

Starting Wednesday, June 5th and ending Thursday, June 6th, H11 Digital Forensics presents Cellebrite Certified CHINEX Training.  Click here to register for this training.

Register using our FREE conference passes!

To register for one of the free VIP passes, visit the following online registration:


Select the Sponsor/VIP Pass – NO IPAD option, enter “0” for amount paid and enter “Cellebrite-VIP” in the Promotional Code section of the form.

The full agenda for Mobile Forensics World and Techno Security is available at http://www.thetrainingco.com/agenda/agenda.cgi?c=TS-2013 For any attendees who hold a CISSP, CISA or CISM certification, this conference also provides 32 CEU credits.

We look forward to seeing you in Myrtle Beach this June!

*Travel and hotel expenses will be your responsibility. The conference hotel fills quickly each year, and you must be registered for the conference to reserve rooms at the hotel.