Digital Forensics

Are There Really Flaws in Cell Phone Location Evidence?

07 oktober 2019

The amount of cell phone record location information being admitted as evidence in the trial is occurring at an unprecedented rate. Juries across the U.S. and globally are being presented with call detail record analysis as evidence of a person's location. This type of evidence is often used to corroborate or contradict an alibi location or an incident location and can strongly influence a jury's decision. But are there flaws associated with how some people are collecting this evidence today? Our cell site analysts weighed in.

Call Detail Record Analysis

Call detail records are produced by cellular network providers and contain details about the calls, text messages, and data usage of a cellular network subscriber. These records can provide dates, times, phone numbers in contact with one another, and cell site location information (cell tower information). Cell site location information (CSLI) can assist in determining the approximate location of a cell phone during a call or text message by providing the location of the tower that was used during those transactions.

Many law enforcement agencies and private companies have dedicated resources to analyze and process this data and there is a growing market for software tools that assist and expedite the analysis of call detail records. Current commercial software tools allow for anyone to import the call detail records and produce complex maps, that are then presented to juries. These software tools exponentially speed up the mapping process and are often used as an "easy button" when analyzing call detail records.

It is important to understand that a user of this software may only know how to use the software, and to do so does not in fact require them to also know how to properly analyze call detail records.

Major issues arise when the automated software analysis of call detail records is not verified by a qualified expert and when critical validation methods are not employed. Validation techniques are best practices to ensure that the analysis of call detail records is accurate and complete. This practice is performed by conducting a forensic radio survey often called a "drive test."

Cell Phone Location Tracking Under Investigation

More and more stories all over the media are highlighting the errors coming to light with cell phone location evidence. For example, an article in The New York Times, states that over 10,000 court verdicts are under review in Denmark due to the improper analysis of cellular call detail records by Danish authorities. The article goes on to say, "The first error was found in an IT system that converts phone companies' raw data into evidence that the police and prosecutors can use to place a person at the scene of a crime. During the conversions, the system omitted some data, creating a less-detailed image of a cellphone's whereabouts. The error was fixed in March [2019] after the national police discovered it. In a second problem, some cellphone tracking data linked phones to the wrong cellphone towers, potentially connecting innocent people to crime scenes."1

The Guardian further discusses this issue in a recent article, stating "The system has also linked phones to the wrong masts, connected them to several towers at once, sometimes hundreds of kilometres apart, recorded the origins of text messages incorrectly and got the location of specific towers wrong."2

Verifying Evidence

The errors reported by The New York Times and The Guardian are actually quite common when automated software is used to analyze cellular call detail records without being verified or validated.

It is imperative that a qualified expert verify and validate any map created by the analysis of call detail records whether or not automated software systems were used in the process.

Important Steps Conducted by Experts for Evidence Verification:

  1. Ensures the software system used did in fact map each specific transaction correctly.
  2. Validates those mapped results by conducting a forensic radio survey.
  3. Further validates the survey results, and all analysis efforts, through a peer-review process.

Flaws and Common Missteps of Cell Tower Evidence

Cellular towers use radio frequency signals that are capable of covering large geographical areas. Cellular network providers do not publish coverage areas for cellular towers in their networks. This becomes problematic when an expert attempts to prove the location of a person simply based on the location of a tower that was used to make or receive a phone call. This is because the signal of cellular towers is affected by many factors including the type of antenna being used, buildings near the tower, wooded areas, bodies of water, and topography.

It is important to understand that due to these factors the nearest cellular tower is not always used to connect to the cellular network.

A cell phone will select the tower that provides the best signal when connecting to the network, which is not always the nearest network tower.

Cellular network providers design their networks to contain towers that have overlapping coverage. The coverage area for cellular towers varies based on the specific needs of the location that it services. This means that there is no standard coverage area for any cellular tower.

Forensic radio surveys or drive tests provide proof of the actual coverage area of a cellular tower. Forensic radio surveys are accomplished using specialized equipment, which measures radio signals in specific areas. The collection of that data and Global Position System (GPS) data, allows for examiners to map the radio signals for a better understanding of how the towers provide service in a particular area.

Since forensic radio surveys can prove that particular cell towers provide coverage within specific locations, they can therefore indicate whether it is possible for a phone to have been in a certain area. If a phone call was made, and it used a certain cell tower, it could, in fact, have been at or near a particular location when the call was made.3 This form of validation provides examiners with empirical data to confirm the analysis of call detail records. Validation of signal strength and coverage can be critical in supporting opinions established by the examiner from the analysis of calls outlined in call detail records.

Where do we go from here?

Call detail records can be a compelling piece of evidence in any case. However today, some of the processes involved with this practice, when outside the hands of experts, are flawed. But, through the use of best practices, thorough analysis, verification of results, and validation techniques, call detail records can be a reliable source of evidence to establish timelines, locations, and communication when used appropriately.

1Henley, J. (2019, September 12). Denmark frees 32 inmates over flaws in phone geolocation evidence. Retrieved from https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelations.

2Sorensen, M. S. (2019, August 20). Flaws in Cellphone Evidence Prompt Review of 10,000 Verdicts in Denmark. Retrieved from https://www.nytimes.com/2019/08/20/world/europe/denmark-cellphone-data-courts.html.

3Hoy, J. (2015).Forensic radio survey techniques for cell site analysis. Chichester: Wiley.

Har din virksomhed været udsat for skade?

Vores eksperter kan hjælpe dig!

Om forfatteren
Larry Daniel
Larry Daniel, EnCE, DFCP, BCE, CTNS, CWA, CTA, CCO, CCPA, CASA
Technical Director
Digital Forensics

Larry Daniel is an industry leader in computer forensics, cell phone forensics, cellular data analysis and plotting, and GPS forensics. He holds eight certifications, and has testified as an expert over fifty times in state and federal courts, and on numerous complex, and high-profile cases. He is the author of two books, Digital Forensics for Legal Professionals and Cell Phone Location Evidence for Legal Professionals.

Spencer McInvaille
Spencer McInvaille, CWA, CTNS, CCO, CCPA
Technical Lead
Digital Forensics

Mr. Spencer McInvaille is a Technical Lead of Digital Forensics specializing in geolocation analysis at Envista Forensics. He holds certifications in telecommunications and mobile device forensics, such as Cellebrite Certified Operator, Cellebrite Physical Analyst, Certified Wireless Analyst, and Certified Telecommunications Network Specialist. Mr. McInvaille is also a leading expert in the area of Google Location History and Geofence warrants.

Eric Grabski
Eric Grabski
Senior Digital Forensics Examiner
Digital Forensics

Mr. Eric Grabski is a Digital Forensics Analyst specializing in cellular location analysis at Envista Forensics. He has qualified and testified as an expert witness in the area of cellular location analysis and has over 160 hours of training in cellular location analysis, wireless communications theory, and Pen Register Trap & Trace collection analysis.

Hvordan kan vi hjælpe dig?

Vi har eksperter i mange tekniske discipliner fordelt over hele verden. Kontakt os, så vi kan finde den rigtige ekspert til opgaven.

 Envista Forensics Logo
Udforsk vores hjemmeside

Vores job er at løse komplekse udfordringer for vores kunder ved skadehændelser. Vi servicerer virksomhedsejere, små som store og uanset, hvor det er henne i verden og uagtet af, hvilket problem de står overfor.