The witness in your pocket

The witness in your pocket

The witness in your pocket

Smartphones are a part of everyday life, and they can tell investigators a lot about the actions of both suspects and victims, leading up to the event being investigated. Simply having the details of an individual in the contact list may be enough to disprove the claim that “I never knew them”, and having the number in the call records or the texting data is proof that contact has been made between two individuals.

Conveniently, these artefacts are time-stamped, and may be cross-referenced to cell tower records, allowing an investigator to determine the area where a communication took place. Other data on smartphones may be even more precise – for example, photos are geotagged, pinpointing the time and the place at which the phone was used and destroying alibis.

Aware of these facts, those who wish to hide certain data, for example, text messages that threaten violence which might be used as evidence of intent in a criminal trial, or compromising text messages to a co-respondent in divorce proceedings, will often delete these artefacts, assuming that their secrets are now lost for ever.

This, unhappily for them, is not the case. Just as files that have been supposedly deleted from a computer can often be reconstructed and read by investigators, so can the data from mobile phones. Using specialist tools, the contents of a phone’s memory, including those items supposedly safe from prying eyes, can be easily examined.

Even the contents of phones which are believed to be unreadable, having been dropped in water, smashed with hammers, and so on, can sometimes be extracted, much to the discomfiture of those involved.

First Response offers a service to clients where mobile device data is to be extracted and analysed prior to a court-ready report being provided. Whether the case involves criminal activity, including indecent images or fraud and embezzlement, or a family case such as divorce or custody, our specialists are able to act promptly on court orders to seize suspect devices. In defence cases, thanks to our long experience in such matters, we are often able to produce evidence that the prosecution may have failed to consider when bringing the case, sometimes dismissing the case altogether.


About the author
John brings over 20 years of computer experience and programming skills to the cases he works on. His ability to reverse engineer malicious code used to compromise computer networks to determine what intellectual property has been ex-filtrated, who is responsible and how exactly they got in has been central to several cases involving computer misuse...