A cell site is a low power transmitter with an antenna capable of transmitting radio waves to mobile phones. The reason why the antennas have to be positioned so high on tall masts is because radio waves travel in straight lines and can be deflected or interrupted by buildings or terrain. The antenna transmits radio frequencies allowing us to make calls on a network with our mobile phone – which is also fundamentally a radio transmitter. Macrocells provide additional coverage in areas with a higher number of users such as urban and suburban areas. These Macrocells are usually mounted at street level and are more subtle looking than the larger “mast” cell sites.
Computer Forensic Analysis – Formatted Hard Drive
Many people believe that when a hard drive is formatted the data on the drive is somehow wiped or irretrievable from the disk. This is certainly not the case. The process of formatting a hard drive simply re-organises the computer’s file structure. If you format a disk you are only changing the file structure not erasing the data on it. In order to bring formatted data back, computer forensic experts would look for “flags” in the raw data that would suggest the start and end of a block of data and then piece this data back together to form a single file. This method is known as “data carving” and proves very successful in recovering data from formatted hard drives.
X-act Forensics CCTV enhancement clarifies case!
X-act Forensics recently assisted in a case where footage from a van involved in a robbery was taken. The van pulled up outside a warehouse in the dark to commit the robbery but night vision CCTV cameras managed to captured the van’s registration plate. However, the light from the van’s rear lights made the letters on the registration plate unidentifiable. X-act Forensics used a variety of techniques to change the image contrast and further “zoom in” to capture the identity of the vehicle and the suspects.
Computer Forensic Imaging
Imaging is the first step in acquiring digital evidence in any computer forensic investigation. It is highly important that this process is carried out in the first instance, as questions regarding the methodology of a digital investigation can be raised later should the case go to court.
The image itself is an exact copy of the original computer and is created using a combination of hardware and software. The hardware that is involved is known as a “write-blocker”, and the purpose of this device is so that information can only be read and not written to the hard drive when acquired or analysed. Finally, the imaged is verified using an algorithm know as “MD5 Hash” to confirm that the copy is indeed the same as the original.
Imaging is important so that the data is secured and preserved in it’s original format.
Deleted Text Messages
X-act Forensics recently recovered some vital text messages from a mobile phone that a client thought they had deleted. As Managing Director Toby Andrews explains, every mobile phone model is different regarding the outcome of recovering deleted messages. “It does depend on the make and model of the mobile phone as to what can be recovered. In a lot of cases we have managed to recover deleted texts as well as pictures and audio recordings. Unlike computers which usually run on either a windows based operating system or Mac OS, mobile phones generally run on a wider variety of software platforms and therefore produce different results. The best way to truely determine what is recoverable from each handset is to examine the device(s) under mobile phone forensic analysis.”
Cell Site Analysis – What is it?
Whenever a mobile phone is on it scans radio frequencies assigned to it by the network provider and finds the best cell site to link to. A “cell site” is a transmitting and receiving station that allows for what most of us commonly refer to as “mobile phone coverage”. You can often see these cell sites as you are driving down the motorway positioned just to left or right of the road.
As a person travels from A to B, his or her mobile phone will scan for the best coverage. The network provider records these specific “handovers” every time a chargeable call or text message is made. This information is then recorded in the form of historic call data records or CDR’s. Utilising these call data records and maps provided by the network operator, it is possible to build up a geographical picture of where a user might have been. This allows for a cell site analysis investigation.
Mobile Phone Forensics Dry Out
We have received some interesting conditions of exhibits over the last year.
One example was a water drenched mobile phone. At first glance it looked unlikely, (to say the least) that we would be able to power on the handset, let alone perform a forensic examination of it. However persistent as we are the phone was duly taken out of its royal mail delivery bag (which resembled a soggy chip wrapper). After much technical deliberation the phone was secured in the laboratory next to a radiator. Twelve hours later the phone sprang to life and impressively the client got the text messages he was looking for!
Welcome to our news page
Reply
Welcome to our brand new digital forensics news page! We hope to share interesting posts on computer forensics, cell site analysis, mobile phone forensics, cctv enhancement and anything fun or interesting in the world of digital forensics….