“[The suspect] was sending messages to another party detailing the crime and also where the homicide actually occurred. More in-depth forensic work was needed, without which this information would have remained hidden,” Reiber adds. There is a limit to what an automated tool can do. That’s where the training of the forensic experts really matter.
One technique often used is exposing the motherboard of the phone and soldering wires to a machine that runs on software to extract more data, a process requiring more than just the everyday mobile forensics tool, and usually conducted in a lab.
In his former career, Reiber was a law enforcement officer in Boise, Idaho, where he also conducted mobile forensic investigations. He says there was one case where a suspect freely turned in his phone, thinking his deleted text messages could not be viewed. But the forensic lab was able to retrieve incriminating texts that put him at the scene of the home burglary he was suspected of carrying out. The texts included statements such as one where he said that the police were looking for him and another where he said where he hid the stolen goods. That led to recovery of the items, which, combined with his admissions in the other texts, was enough to convict him.
And it’s not just the suspects’ mobile devices that are being examined to confirm or disprove events under investigation. “We’re able to process victims’ phones now to help corroborate their statements and things that they’re telling us,” says Dave Anderson, a detective with the Washington County Sheriff’s office (WCSO) in Oregon, who works in mobile forensics. “So maybe we’re not able to get the damning evidence off the suspect’s phone, but just that corroboration through a victim’s phone can be just as valuable, and [that] wouldn’t be something we would have normally sent off to a computer lab in the past.”
WCSO has been at the forefront of digital forensics efforts in the law enforcement community, especially in the northwest United States. In 2005, it joined with the FBI and several local agencies to start the Northwest Regional Computer Forensics Laboratory (NWRCFL), where any law enforcement agency with jurisdiction in Oregon and southwest Washington State may submit digital evidence to be processed. The first FBI regional computer forensics lab was established in San Diego in 1999. “NWRCFL are the big guns when it comes to digital evidence,” says Anderson. “They receive an incredible amount of training and have state-of-the-art equipment to recover and carve data from digital devices.”