Crime Scene Investigation (CSI) and the Hollywood Effect

We all know that CSI New York / Miami / Vegas are dramas and that they are works of Fiction….

On a subliminal level, maybe not?

The detectives on these shows basically create a world whereby they can guess any password using their, “Intuition”. They can wave a light around and instantly see a microscopic sized flake of skin and always with at least three people in front of a computer screen they can, “….zoom in, stop, enhance, zoom in, pan right, zoom out, enhance, rotate 180, Zoom in”, to reveal the reflection of the perp’s face on the side of a beer can…

For sure, technological advances mean that searching for and collating information can be dramatically improved, but, please keep the usefulness of any technology and its application in its correct place.

To take an example, It is possible to enable on the I phone an application that reveals the whereabouts of a spouse or partner if they also have a related, “App” enabled, this currently happens with the full consent and knowledge of all the parties involved, mainly because party, “A” has to actually access the mobile phone of party, “B”, to enable the software. Perhaps with the rise in TV dramas showing illicit software and, “work arounds”, we should be pushing for a shut down in this sort of tracking technology altogether, before the fiction of the media becomes a reality…..in effect the media can introduce mischief and promote law breaking without being aware that it is actually happening.

As private investigators and professional witnesses our evidence is used in Courts throughout the land. We get involved in civil crime investigations, complex crime investigations, criminal prosecutions, defense and prosecution work. The evidence we present can decide the outcome of the case being heard. The point that I am trying to make is that in trials that have a jury, the jury are often “Underwhelmed”, by the traditional evidence presented (reports, statements, photographs, etc.) and seem to want to see a, “Hollywood type”, presentation of evidence, instead (Enhance, Zoom, Pan….). Some jurors have researched the “Hollywood” crime scene relating to a particular case as they are underway and have introduced an unnecessary dimension to the proceedings that sometimes means the entire jury has had to be dismissed at vast expense to the public purse.

6 Comments

  1. Your point here is well made. There are many technical solutions out there for data recovery from computer and mobile phone devices, but there is little understanding of the information and the methods and types of information extraction available.

    I have sent you a reply article to this post, which if you wish I will followup with further technically light, in detail posts to help shine a little clarity on the subject.

  2. Hi Kevin,

    I thought I would write to help support the point you made in a recent blog post about the misconceptions that are out there regarding the ability and the time required to undertake some technical forensic tasks. Additional considerations that any forensic examiner should have present in their mind when undertaking a mobile device analysis is the Data Protection Act and the implications it may have with regard to the data stored on the device. There are also requirements that any examiner must qualify to, such as: Who the device belongs to and to be clear on the remit they are being asked to undertake. Whilst this is not “Phone hacking” in the popular press definition, it is potentially more dangerous and so the provenance of any request must be established before work is undertaken.

    My company, Midland investigation Services offer many technical solutions to private individuals and companies and we are frequently met with some of the misconceptions that you highlighted. Covering all of the silver screen shortcuts is beyond the scope of one post but I thought it would be useful to concentrate on the most popular areas, the mobile phone.

    The figures vary, but in the UK the mobile phone industry is widely known to be at saturation point and mobile operators only grow by tempting customers away from other network providers. This means that it is a fairly safe bet that almost everyone has a mobile phone in his or her pocket. With technology ever evolving it is also a fairly safe bet that anyone with a mobile phone will have a long list of contact names stored in it, along with text messages and quite possibly a long call history. This is essentially the basic information any mobile phone purchased within the last ten years will have stored within it. The more up to date a mobile phone is, well we can all sight what they can do and the thousands of apps out there to build upon a mobile devices basic capability.

    For the avoidance of doubt and to get rid of the commonly asked question: ”The phone is screen locked can you unlock it?” The answer is yes. Andriod pattern locks, pin numbers, gesture wipes etc. all fall away once the device is connected to forensic interrogation/extraction software.

    Anyhow, the most popular misconceptions with regard to mobile device forensics are.

    Misconseption#1 – Extraction Time

    In the films we frequently see forensic technicians dealing with suspects phones, plugging them in or dropping them on data pads and the detailed information being instantly accessible.

    The only explanation for this is, as Apple commercials frequently say, “Sequences may be shortened.”

    There are two different types of mobile device data extraction, Logical and physical. I will go into more detail in another post if you wish or interested readers can Google the subject further, but the main difference is that a Logical extraction is faster than a Physical extraction. But deleted data may not available in a logical extraction. A logical extraction will provide information such as:

    • Contact details
    • Call history
    • Any sent text messages
    • Any photographs still on the device
    • Lists of applications stored on the device
    • Depending on the device application database information may be available to look through.

    Whilst not an exhaustive list, this is pretty representative, and in most cases all that is required to produce evidence information from a device.

    The important thing to note is the processing time. There is no magic button or way to pull the information off the device in the time scale you see in the movie or on TV. The thing that limits this is the device itself. It can only send data to the computer it is being interrogated by as fast as its communication interface allows it to and as fast as its processes can retrieve the raw data to send. The interrogating computer is essentially hovering data off the device in order to slice and dice it in a meaningful way when it has downloaded it. In simple older handsets such as the Nokia 3100 a data download takes around 5min. For the averagely used 12 month old Android or IPhone, the data extract may take up to 3 hours. The difference is the memory store. A few megabytes of information in the older phone plays potentially 16,32,64GB +

    Misconseption#2 – GPS data

    Yes some phones log your GPS location even when you are not using a GPS enabled application.
    Yes this data can be extracted in many cases.
    No, unless control software has been previously loaded onto the phone, no one but the mobile phone company can track the phone via cell towers or retrieve this information remotely. The only way mobile phone company will do this is if presented with a court order.

    Misconseption#3 – Factory resetting a mobile device

    With regard wiping your data, factory resetting the device is absolutely no guarantee your data is inaccessible. Consider this before selling your device and perhaps invest in secure wipe software.

    Misconseption#4 – Smashed devices

    Depending upon who you are and how highly valued the information on your device may be, there are specialist companies that will remove the memory chips from your device and extract their data. This takes time and very highly skilled people with unique equipment. It does not happen within a few hours in the geek room of the local CSI hangout.

    Misconseption#5 – Sorting the data

    No software can undertake this task in a fully automated manner. It always needs a skilled human using the tools within the software to analyze the data that has been extracted. The software tools available for this task are evolving all the time and the analysis power they provide is simply stunning. Application data needs to be studied to provide interaction information and depending on the extraction method, deleted data (contacts, texts, call history logs, application data etc.) needs to be examined. As you can imagine, this is no trivial task and can take from a few hours to many days depending on the volume of information extracted. However this time can be cut down if there are known data items to locate such as all data relating to a known individual or group.

  3. Hello Rob,

    Thank you for putting the extraction of data from mobile devices into its true perspective.

    I have a quick question: In Coronation Street the other night, Kirsty deleted the pictures on a mobile phone in front of Tyrone – can those pictures (In theory) be recovered?

    Once again, thanks for your post and can we have some more!

  4. Hi Kevin, sorry to be slow in replying, a few odd jobs got in the way.

    But the answer to your question is a definite YES. They would be easy to recover if they took the phone to a specialist as soon as they could.

    I have a couple of handsets in for data extraction at the moment. If you want I will document some of the findings (giving anonymity to the data subjects) and send you a post and a few pictures with the type of thing that is achievable.

    • Hello Rob,

      Thank you for your time and patience in continuing to educate us and demystifying a lot of the science around forensics. Please let us have more information and let us see the screenshots.

      best regards,

      Kevin.

  5. Avatar Mansfield Private Investigators May 24, 2013 at 1:53 pm

    Hi Kevin

    I have on a numerous occasions recovered; videos and pictures from mobile phones, cameras and computers.

    If the phone has an additional SD card where they are saved this is extremely easy and software’s can be found all over the net. I would recommend you to use paid software as the free ones do get the results sometimes but the quality of the recovered files are poor.

    Kind Regards

    Dom
    Dukeries Detective Agency Ltd

Leave a comment

Your email address will not be published.


*