Wednesday, December 16, 2009

Evidence - Spooks BBC1 - Did you watch?

Evidence - Spooks BBC1 - Did you watch?
.
Did any of you watch Spooks tonight (BBC1, 9pm)?
.
The Muslim character said that his fanatic friends were logged under "Football".
.
The Spook took out the SIM Card from the phone and copied it using a SIM reader memory device.
.
Questions:
.
1) Would it be obvious that names/numbers and groups are only recorded on SIM Card?
.
2) What about the mobile phone used by the character playing the Muslim; would the mobile phone store relevant names/numbers under groups?
.
3) Does that mean that nothing is recorded under "groups" in the handset phonebook?
.
The programme sets a challenging puzzle for mobile telephone examiners.
.
What if the character was a European? Would that really make any difference?
.
How good are you as a mobile telephone examiner, really?

Thursday, December 10, 2009

UK MTEB Mobile Forensics Conference 2010

UK MTEB Mobile Forensics
.
Conference - September 2010
.
Conference Centre - TBA
.
Practitioners - Exhibition - Business
.
.
Britain is a World leader in GSM and 3G mobile telephones, forensics, examination and evidence; GB remains the international centre for commerce, business and manufacturing, designers, software & programming and technology services. Forensics should be Stock Exchange commodity for the future.
.
On the strength of Britain's position we hosted the first UK MTEB Mobile Forensics Conference on the 25th and 26th November 2009 and following the success of that conference there is to be a second Conference in September 2010.
.
Grow your mobile and telecommunication business, manufacturing and forensic services in GB plc.

Thursday, December 03, 2009

First case using wireless communications - history

First case using wireless communications - history
.
Photo courtesy of executedtoday.com
.
At the first UK MTEB Mobile Forensics Conference 2009, last week (25th/26th Nov), the speaker Adam Gersch (Barrister 23 Essex Street) provided the audience with a refreshing reminder of the first case in the UK that made use of wireless telegraphy communication evidence in criminal proceedings noted in the landmark case of Dr (Hawley Harvey) Crippen. Dr Crippen was caught whilst escaping onboard a ship crossing the Atlantic Ocean by the eagle-eyed Ship's Captain who suspected two passengers travelling under the name of 'John Robinson' to be Crippen and his girlfriend (dressed as a boy) as the ‘cellar-murder fugitive and his friend’ wanted by the Police and on the run.
.
In the nick of time the Ship's Captain sent a wireless telegram to the authorities before the ship would be out of radio range for ship-to-shore wireless communications to let them know of their presence on board his ship. Dr Crippen was found guilty at trial and was executed at Pentonville Prison on the 23rd November 1910.
.
Links to background of Dr Crippen Case:
.
As an analogy, perhaps a wireless telegram back then would most probably equate today as a wireless telegraphy SMS text message (in terms of mobile telephones). This case is a useful reminder of the importance radio provided back then and still today mobile communications new and exciting evolution continues to provide important communication services, infrastructure and networks, nationally and internationally.
.
Mobile Communications Science History:
Of course, the mobile telephone's use of wireless telegraphy has its roots in scientific history long before the hybrid computer was even dreamt about:
.
- 1868: James Clerk Maxwell postulates EM wave phenomenon ethereal wind theory
- 1886: Heinrich Rudolf Hertz establishes proof of EM wave (Hertz cycle)
- 1893:Gugliemo Marconi first use of wireless and first patent of wireless communications
- 1905: Reginald Fessenden first transmission of speech and music via a wireless link
- 1908: Nathan B. Stubblefield invented and patented the first mobile telephone over 100-years ago
- etc
.

Tuesday, November 24, 2009

TimeTable - UK MTEB Mobile Forensics Conference 2009

Conference Timetable
.
25/11/09
.
REGISTRATION: 8.45am
.
Conference Opens: 9.15am
.
Speaker 1: 9.30am - 10.00am
Greg Smith TrewMTE
Looking at the way forward
.
Speaker 2: 10.00am - 10.50am
Peter Jones Zentek Forensics
Issues and Difficulties of a Mobile Phone Practitioner
.
Tea/Coffee 10.50am - 11.00am
.
Speaker 3: 11.00am - 11.50am
Adam Gersch Barrister 23 Essex Street
s129 CJA2003 and Obtaining Evidence
.
Speaker 4: 12.00 - 12.50pm
Barrister
.
Lunch 1.00pm -2.00pm
.
Speaker 5: 2.00pm - 2.50pm
Mike Dickinson XRY MicroSystemation
(ex-Detective Inspector Hampshire)
Issues when dealing with Seizure Procedure
.
Speaker 6: 3.00pm - 3.50pm
Greg Smith TrewMTE
Mobiles as Dangerous Weapons
.
Tea/Coffee 4.00pm - 4.50am
.
Speaker 7: 5.00pm - 5.30pm
Peter Jones Zentek Forensics
Summary points for the first day's events
.
26/11/09
.
Conference Opens: 8.45am
.
Speaker 8: 9.00am - 9.50am
Vinny Parmar Digital Evidence Examiner
Mobile Telephone Examination Best Practice Model
.
Speaker 9: 10.00am - 10.50am
Jan Collie DigitalDetective
How to Investigate Evidence
.
Tea/Coffee 10.50am - 11.00am
.
Speaker 11: 11.00am - 11.50am
Samantha Raincock SRC
Call Records and Mobile Data Correlations
.
Speaker 12: 12.00 - 12.50pm
Roger Wilkins FMS
Cell Site Analysis Methodology
.
Lunch 1.00pm - 2.00pm
.
Speaker 13: 2.00pm - 2.50pm
Terry Wise Independent Expert
RIPA, CPIA, DPA etc
.
Speaker 14: 3.00pm - 3.50pm
David Sullivan Specialist Recuitment
Mobile Forensics Recruitment
.
Tea/Coffee 4.00pm - 4.50am
.
Speaker 15: 5.00pm - 5.30pm
Greg Smith TrewMTE/ Peter Jones Zentek Forensics
Summary points for the second day's events
.
26/11/09
.
Break Out Training Sessions (BOTS)
.
Morning Sessions
.
BOTS1 - 11.00am to 12.50pm
Mike Dickinson
Mobile Handset Device Examination and Hex Dumping
.
BOTS2 - 11.00am to 12.50pm
Amir Bashir Digital Evidence Examiner
Mobile Telephone Examination Techniques
.
Afternoon Sessions
.
BOTS3 - 2.00pm to 3.50pm
Sean Desmond Anite Nemo Handy
Radio Testing and Cell Site Analysis
.
BOTS4 - 2.00pm to 3.50pm
Samantha Raincock SRC
Call Records and Mobile Data Correlations

Friday, November 20, 2009

Chipping, flashing, jailbreaking

Chipping, flashing, jailbreaking
.
Past discussion here and at Forensic Focus have highlighted that when examining mobile phones avoid causing damage etc to them and about ownership of seized mobile phones.
.
A seized mobile phone remains the property of the owner until the owner is found guilty (then particular legal mechanisms come into play) or the owner has conducted certain activity or until an Order has been made to permenantly confiscate and dispose of the item.
.

I note the issues of those who might say but when we are IMEI checking on the street, confiscating and desposing of mobile phones is not a problem, that is not a blanket legal approach to be applied to everything but to deal with specific matters.
.

A further example of the police confirming they do not own seized goods and they may have to be returned to their rightful owner can be seen below.
.
http://www.policeprofessional.com/news.aspx?id=9537
"In an interview with The Register, Deputy Assistant Commissioner Janet Williams said work was being done to try to resolve the problem............problematic to people waiting for property to be returned."
.

The same applies to returning mobile phones. If you damage or break the mobile phone or alter it to make it irrepairably or lose/delete important data (say an email that constitutes a contract and may lead to economic loss) - these matters can be proceeded against in tort and/or contract law apart from other matters.

Thursday, November 19, 2009

Unlawful - Iphone Jailbreaking

Unlawful - Iphone Jailbreaking
.
The information below was reproduced from Sean Morrissey's website. It clearly has a significant impact how mobile telephone and computer examiners conduct examination and the methods they adopt to extract and harvest data.
.
iPhone Forensic Issues & Ethics
2. Jailbreaking the iPhone OS X. However, this method is not forensic and hasn’t been accepted in a court of law in the United States. In fact, this method violates US Copyright Laws:
.
§ 506 · Criminal Offenses
Criminal Infringement.— (1) In general.—Any person who willfully infringes a copyright shall be punished as provided under section 2319 of title 18
.
§ 2319. Criminal infringement of a copyright
Any person who violates section 506 (a) (relating to criminal offenses) of title 17 shall be punished as provided in subsections (b), (c), and (d) and such penalties shall be in addition to any other provisions of title 17 or any other law.
.
First offense 5 years, and every subsequent offense 10 years.
.
Scroll down to bottom of page:
From my own research, the UK has its own approach and legal remedies to deal with these matters. Some years back Nokia made a presentation to APIGS about IP and DRM over issues on infringement.

Tuesday, November 17, 2009

Eavesdropping on Bluetooth Headsets

Eavesdropping on Bluetooth Headsets
.
Make sure to change the Bluetooth pin setting from its default setting of 0000 to one you choose.
.

Monday, November 16, 2009

Googling Jurors

Googling Jurors
.
There is an interesting article by Ralph Losey online which is worth reading:
.
Jurors Rebel, Defy Judges, and Google Their Own Truth
.
http://ralphlosey.wordpress.com/2009/11/15/jurors-rebel-defy-judges-and-google-their-own-truth/

Solid State Drives will Ruin Forensics

Solid State Drives will Ruin Forensics

Part 5/5 presentation on YouTube from the series about Solid State Drives (SDD) -v- Hard Disc Drives (HDD) is worth viewing if you haven't seen it yet. At the same time you can catch up with the other parts if you have missed those too!

http://www.youtube.com/watch?v=2Xn-f7tmsOU&feature=youtube_gdata

Sunday, November 15, 2009

Iphone jailbreak hack

Iphone jailbreak hack
.
Just in case some are unaware.
.

http://blog.intego.com/2009/11/11/intego-security-memo-hacker-tool-copies-personal-info-from-iphones/
.
and also at
.

http://www.theregister.co.uk/2009/11/11/iphone_hacking_tool/
.
Perhaps a point examiners may consider useful and that is what polices, practices and procedures do you have in place where:
.

a) you jailbreak and breach the digital signature of the handset to get inside?
b) the handset is already jailbroken (so to speak)?
c) the handset is already jailbroken and carries the hack code?

Friday, November 13, 2009

Mobile Phones, Security, Economy and Employment

Mobile Phones, Security, Economy and Employment
.
An article in the Telegraph on the 6th November 2009 caught my eye, titled "Inventor of mobile phones says they have become 'too complicated" are the thoughts of Martin Cooper who was th lead engineer at Motorola and made the first mobile phone call in 1973.
.
.
Echos of how complicated mobile phones can be are common views heard from many users. However, we need to make the distinction that complicated doesn't mean they are "functionally unused". As usage and personal data populates many memory areas in mobiles it is because of that "functional use" it is so important to mobile telephone examination.
.
The places where user information proliferates are places in smart phones memory that are simply not being examined by practitioners as they are being led to place too much reliance upon the machinery (reading devices) where the output is being presented parrot fashion. The machinery does not contain the high level of competence necessary to cope with all the aspects associated mobile telephone evidence. Neither, for that matter, does the machinery examine all areas of memory. The current round up of forensic readers on the market simply surf certain quarters where certain information resides in memory. Data recovered can also vary dependent upon the machinery and the machinery recovering data from some makes, models and firmware versions. It is great having tools but they really do not supercede in any shape, manner or form the ability of the knowledge and skills needed by the practitioner.
.
The above are some issues that are influencing the need for a common mobile telephone forensics standard in the UK. Other factors that require change:
.
-No longer have unnecessary separated areas between law enforcement and the independent sector.
-No longer have poorly considered policies, practices and procedures regarding mobile telephone examination and evidence because they are not fully considered by all
-No longer have various public agencies promulgating confused and diametrically opposed procedures
.
Another reason why it is important to have a single common standard approach (and a second reason why I started the mobile forensics and evidence Pathfinder Approach) is the misrespresentation regarding the status of 'mobile phone'. Inspite of a hugh array of information about wireless, radio, radio signals and their role in the creation of a mobile phone, there still remains a persistence in the forensic and evidential system in indulging the notion that mobile phones are computers. That is rather ashame because whether it is done for cheap-labelling or getting bigger budgets (more than likely) it is largely unnecessarily and willful. Computer forensics in the area of data recovery from mobile phones has made an enormous contribution to our field. But after data recovery has been performed what else does computer forensics do for mobile phone wireless, radio, radio signals etc? Nothing. That is because computer forensics is not a discipline needed to embrace wireless; computing is rather a subset of wireless communications.
.
A mobile phone is a wireless device at first instance and designed for that purpose. It has a history, decades before the hybrid (computer) was created. Mobile phones allow for instantaneous radio telecommunications to place and to enable voice and data to be communicated. The device also allows for a memory area to record exchange of information. Overall this makes wireless devices useful to the user and gives them an appeal of user-friendliness.
.
Memory, code and data can be found in many systems and devices and code and data may be subjected to computation, but in their finite existence they are not a computer. These elements are storage, protocol and information. The only area where mobile telephones are connected with computer, per se, is that they have a CPU to enable computation. But mobile phones could operate without a CPU albeit currently the experience would no doubt not be too pleasureable, and in the future where the commonly understood CPU is dispensed with.
.
Yet a further reason why practitioners tacitly admit, through their conduct, that a mobile phone is a wireless device and not a computer is through the use of radio isolation (faraday rooms, tents or bags). Faraday rooms can cost £70K of tax payers money. So why would practitioners use radio isolation if the device under test was simply a computer? Moreover, how could cell site analysis be conducted if mobile telephones were simply a computer?
.
Moreover, wireless and mobile telephones have their own legalisation, directive, standards and guidelines - none of these designate them, technically or otherwise, as computers. Indeed there is a huge number of mobile telephone departments and labs in the public sector - none of them are labelled computer.
.
Two further reasons for a common standard created by all practitioners to underpin integrity:
.
- to give courts of law guarantee about the relability of mobile telephone evidence and opinion and to allow the legal system to it jobs as opposed to trying to hoodiwink the legal system or dictate to it; the current position is high% of evidence is being pushed through on the nod without any appropriate or independent assessment or scrutiny. This is occurring because many claiming themselves to be experts the basis for which is that they have had several mobile phones or owned mobile phones or visited forums or bought a piece of equipment that reads mobile phones. This area potentially opens the door to a huge range of appeal cases costing tax payers many millions of pounds which society can ill-afford given the economic pressures on the UK for the next 6 years.
.
- there is no single coherent standard for mobile telephone examination in the UK, despite the fact that up until 2003/4 Britain led the world in mobile telephone examination and evidence which was underpinned with alot of my work that begun the programme to help law enforcement understand the technological evidence with which they were dealing. When the public sector changes took place, experience was through out of the window in favour for opening pandora's box; anyone with relatively limited experience could give mobile evidence or had a desire to train others in mobile phone evidence, they could do so; Britain's international standing has been allowed to plummet and has been dropping further ever since. This is what awaits the Olympic Games in 2012 in this country and it is important to rectify this.
.
Lastly, I point out to Government Ministers looking at this matter, you will have seen the UK MTEB Mobile Forensics Conference 25th and 26th November 2009. The point of the Pathfinder Approach is to ensure Governement has the experience available to it, not simply from Law Enforcement, but from the independent sector where 90% of knowledge and skills are developed for mobile phone examination and evidence.
.
However, there is some disappointing news that many of the Constabularies are not even sending one representative to the Conference because we are told they have no money (even where everyone knows the Conference charge is extremely low and is a not-for-profits Conference). Also, that apparently it would impact for the attending person to justify how s/he will do their work to catch up after 2-days away from the office; this is on the basis that delegation of work doesn't exist. On the back of that, numerous outsources to those Constabulary not attending, have not signed up either. This is not a case of forcing them to attend, but it highlights the glaring obvious gaps across the UK and the regional educated pot-holed thinking in the country.
.
A list of delegates of those attending Conference and speakers supporting the Pathfinder Approach can be provided to Ministers. I can confirm there are some law enforcement and public agencies attending.
.
The Economy and Employment
Maybe the NAO and/or the Competition Commissioner might start to look and to see whether the way the forensic system is divvied up stilfes proper competition in the UK and impacts on town and urban regeneration to help develop small businesses, leading to employment. For instance, what is the point of a Constabulary throwing £1-million or more at one firm when a contract for 3 years @ £100,000.00p.a. to one small firm could enable eg one-person business to take on, say, one secretary and one assistance for 3 years:
.
- £50,000.00 Principal
- £27,0000 Secretary/Assistant
- £5,000.00 for equipment
- £1800.00 for compliance training and checking
- £16,200 for office rent/business rates/phone etc etc
.
Using the £1-million as the financial basis, multiply the above idea by 10 new small businesses, 20 people newly employed, rejuvernation of local funding to locals councils and suddenly spread across the country the grass roots of growth can start without the Governement having to increase current funding levels. Certainly, if I were offered a deal like this and with my understanding of the forensics arena I could have turned one of these businesses in two years providing employment for 10 people and in 3 years employ 25 people and teach other businesses how to do it as well. I have been in this business for over 20 years. The Police have never offered me a £1 million or £500K pa contract for that matter but still seek out my advice. So why can we not put my skills to help others.
.
To assist I have a plan that can keep those new businesses up to common standard for 3 years under their contracts. Also I have a team I have identified that along with myself could spear head this project to lift it off the ground.
.
How will this help Parliament. MPs from all parties can now go back to their constituencies and offer some hope of rejuvenation and employment.
.
Hmmm....I wonder if "Dragons' Den" might be interested in this.

Wednesday, November 04, 2009

3G Dongle CSA sample measurements

3G Dongle CSA sample measurements
.
Since the UK MTEB Mobile Forensics Conference 2009 is being held in Dorking, a short drive from Box Hill Point (an area of outstanding natural beauty that is situated in the National Trust Park) I thought I would go out and conduct some 3G radio test measurements. I was interested to comprehend, given the terrain and forest area, the quality and type of coverage was like along the road from Box Hill Point. I viewed the operator coverage maps for this area and found that the operators offered fringe coverage in the area.
.
I recorded sample measurments for the Orange mobile network as their Mast in Dorking is approximately 3.5Km from Box Hill. The screen prints of the measurements are set out below. The sample measurements were taken over a 45-minutes period.
.
Image 1:
illustrates the route driven from Dorking to Box Hill (a) to (b) and
(b) was the approximate location point for tests.
.

Image 2:
illustrates the OFCOM basestation database details for the
Orange Mast (3G) at Dorking High Street dteected at Box Hill location (b)
.
Image 3:
illustrates the terrain path from Dorking to Box Hill (a) to (b) and
(b) was the approximate location point for tests. Box Hill is 687-metres above sea level

. Image 4:
illustrates the mobile network operator, signal strength (RSSI), registration to
Circuit Switched (CS) and/or Packet Switched (PS) and which registration is
attached. Note from all the images below the variations in RSSI, the registrations
and to the network attachments
.
Image 5
.

Image 6
.
Image 7
.

Image 8
.
Image 9
.

Image 10
.

Image 11
.
Image 12
.

Image 13
.
Image 14
.

Image 15
.
Image 16
.

More on Cell Site Analysis: http://cellsiteanalysis.blogspot.com

Sunday, November 01, 2009

Obama mobile phone aid programme

Obama mobile phone aid programme
.

.
Nicknamed "Obama phones" (after the President of the United States) it would appear that a US initiative to provide free mobile phones in an aid programme to benefit those who are determined to have income-eligibility status. Some critics have suggested that it means providing "welfare drug dealers cell phones". That being the case, it would hardly look credible in a criminal court of law to find the Welfare State enabled a defendant to go "tooled up", so to speak.
.
However, there could be elements of Mr Obama's programme that could usefully be used in Britain, perhaps to generate, for instance, a programme to help vulnerable people.
.
To see more about the US programme look here:
.
.
How to QualifyThe process to qualify for Lifeline Service depends on the State you live in. In general, you may qualify if...
.
1. You already participate in other State or Federal assistance program such as Federal Public Housing Assistance, Food Stamps and Medicaid.
.
OR
.
2. Your total household income is at or below 135% of the poverty guidelines set by your State and/or the Federal Government.
.
AND
.
3. No one in your household currently receives Lifeline Service through another phone carrier.
.
4. You have a valid United States Postal Address. In order for us to ship you your free phone you must live at a residence that can receive mail from the US Post Office. Sorry, but P.O. Boxes cannot be accepted.
.
In addition to meeting the guidelines above you will also be required to provide proof of your participation in an assistance program, or proof of your income level.
.
Lifeline Benefits
.
Lifeline Assistance is part of a program that was created by the government to provide discounted or free telephone service to income-eligible consumers. To help bring you this important benefit, SafeLink Wireless is proud to offer Lifeline Service. Through our Lifeline Service you will receive FREE cellular service, a FREE cell phone, and FREE Minutes every month! SafeLink Wireless Service does not cost anything – there are no contracts, no recurring fees and no monthly charges.
.
Any Minutes you do not use will roll-over. Features such as caller ID, call waiting and voicemail are all also included with your service. If you need additional Minutes, you can buy TracFone Airtime Cards at any TracFone retailer Walmart, Walgreens, Family Dollar, etc). SafeLink Airtime Cards will be available soon.
.
Your exact benefits, including the number of free Minutes you will receive, depend on the state you live in. Please enter your ZIP code to get the details for your state.

Monday, October 26, 2009

100,000 reach trewmte blogspot

100,000 reach trewmte blogspot
.
Three years after trewmte.blogspot was launched and today it has reached over 100,000 visitors. For a small, but hopefully helpful and informative blog on mobile telephone evidence and forensics, amongst a sea of websites and blogs on the world wide web, it reminds us all of what is possible from being on the web, but also the amazing library of information that is out there available by of web.
.
Thanks to everyone who stopped by to see what is going on here.

Friday, October 23, 2009

Booking Form Mobile Forensics Conference UK

25-26 Nov 2009 UK MTEB Mobile Forensics Conference UK
.
The Booking Forms are now available. A massive email mailshot was sent out yesterday in the hope that I sent the Form to those who had requested it. Just in case I missed anyone (sorry), can you please send an email to me titled:
.
"MTE - Conference Booking Application Form" to request a Form being emailed to you.
.
.
Security vetting is in place due to some topics such as 'Mobiles as Dangerous Weapons' and 'Interception' etc etc are being covered in the Conference.
.
There is a good selection of speakers and training sessions delivered by experienced people. Remember this is a learning conference, not a selling conference/exhibition. Due to timings - speakers -v- training sessions - these streams happen, in some instances, at the same time. It would be within your interests to book at least two people to attend the conference. One to listen to the Conference Speakers and the other to attend the Training Sessions. The attendance fee covers the training also - so there is nothing extra to pay for attending training.
.
If there is uncertainty about the cost of one delegate @ £150.00 attendance fee, it is worth refreshing on the point that the common standard examination fee is £240.00 per handset; so attendance is less than the cost of one handset. Two people attending, then the cost of examining two handsets would be applicable.
.
Certificates of Attendance for Continuing Professional Development (CPD) will be issued to each delegate attending - so please make sure the name is clear on the Booking Form.
.
FAQs
.
Security Vetting - This is what is meant by security vetting.
Because of the content to be covered at the conference such as 'Mobiles as Dangerous Weapons' and 'Interception' etc etc, security vetting is in place and only those who have pre-booked will have a pass issued when attending conference. There is no checking into peoples' history or the need for them to justify who they are with extra documentation.
.
Booking Form
Please email back your booking form after you have paid, so that we have it confirmed you are attending and attendance certificate can be arranged. Booking forms should be returned no later than:
.
Thursday 12th November 2009
.
Payment
Please email confirmation with BACS payment reference number or copy of payment counterfoil at bank, so that a paid Invoice can be issued.
..............
FAQs
.
Attendance Bookings
There was eventually 307 who registered interest to attend the conference.To be fair to everyone the confirmed attendance system is based upon first come first serve. This was deemed to be the fairest approach given that those who originally registered in advance: some have yet to make a firm commitment; others have been diverted by work matters so cannot attend; and some we simply haven't received any further communication.The deadline for booking is:
.
Thursday 12th November 2009
.
Whilst we are doing very well at this stage for confirmed bookings I shall confirm that as soon as 150 delegates have confirmed their bookings I shall annouce it straightaway. In the meantime, please do not have any concern about over bookings or you being unable to attend.
.
Attendance Costs
A few people who want to attend have mentioned their boss / company accountant needed to understand what costs were involved. I could well understand if there was concern over £500.00 per ticket conference plus additional expenses but the costs here are exceedingly well placed to avoid any concern:
.
1) Delegate Fee is £150.00 + VAT
2) Travelodge is £19 per night
3) Advanced booking for travel train using online train ticket companies is as low as £24.00 from the North to Dorking
4) By National Express Coaches special deal savers can be obtained for as little as £1.50 one way and £11.00 return ticket.
.
Confirmed Bookings
For those that have booked your confirmation will be sent next week along with a paid invoice.The make up of attendance looks very good also. Not only do we have criminal evidence examiners but there is a good mix from the civil contingency too. The conference will also play host to experts and examiners flying in from the US, Australia, Europe etc.
.
SPEAKERS
- Greg Smith’s presentation sets out the agenda for the two days conference
- Peter Jones’s presentation set outs issues and difficulties a practitioner can face
- Solicitor’s presentation identifies evidential requirements under s129 CJA 2003
- Barrister’s presentation identifies evidential requirements at court
- Practice Manager’s presentation sets out the service expected from a practitioner
- Seizing Officer’s presentation illustrates events when seizing target phones
- Vinny Parmar’s presentation illustrates requirements when conducting examinations
- Jan Collie’s presentation looks at skills needed when investigating evidence
- Samantha Raincock’s presentation illustrates how to compare handset and call record data
- Roger Wilkins’ presentation illustrate how cell site analysis arises following examination
- Terry Wise’s presentation deals with the impacts of RIPA, DPA and PACE
- David Sullivan’s presentation sets out the skillsets employers seek for forensic work
.
2-HOUR TRAINING SESSION MODULES
- Session 1 Seizure Procedure
- Session 2 Dangerous Weapons
- Session 3 Examination procedure
- Session 4 Examining phones
- Session 5 Hex Dumping
- Session 6 U/SIM Card Examination
- Session 7 Analysing data
- Session 8 Interception

Sunday, October 11, 2009

Extra-Statutory

Extra-Statutory
.
Where, for illustrative purposes only, a Home Office circular regulates e.g. the use of listening devices and aural and visual procedures, the standards set by that document may be the same as those under a Stature (say RIPA or, previously, IOCA) but that Home Office circular does not mean by following its guidance it makes any acts or omissions compliant with the statutory provisions; conduct arising from following the circulars regulation, and not the statute, could be "wholly extra-statutory" and would probably contravene the European Convention on Human Rights - see Malone v Metropolitan Police Commissioner [1979] Ch 344; cf Malone v United Kingdom (1984) 7 EHRR 14.
.
The above represents past history events and matters have or should have moved on since then. When RIPA was introduced it was made clear that "no" extra-statutory conduct or operations were possible arising out of that new legislation. That any acts outside of that may amount to contravention and be unlawful.
.
Having illustrated a simplistic model about "extra-statutory" activity by public authority and public bodies or their personnel to avoid giving advice, direction or guidance which would/could probably mean such acts may operate in parallel to the statutory provisions instead of being enshrined within them, the same principle of extra-statutory can apply across many other areas covered by other statutes, too.
.
Advice, direction and guidance given to facilitate the transmission of sensitive and/or unlawfuly material over public systems to aid extraction and harvesting of data from device/s might probably be "wholly extra-statutory" conduct or operations. That is even where it is a one-off case. Where advice is given to do acts which appear to go against previously stated authority in dealing with certain types of materials, the expert/examiner should record all dealings with those acts that have been instructed.
.
I picked up on this whilst reading books and papers dealing with judicial review of administrative action, Blackstones Criminal Practice, Archbold, telecommunications law and practice and the laws of the internet etc etc. I also noted that ACPO Guidelines and other provisions in public sector procurement documents appear not to cover any examiner/expert who enters into extra-statutory acts.
.
These are only my observations based upon what I read, which may assist other examiners/experts. I am not giving legal advice and I do hold out to be a lawyer. It could be from what I have read that my observations may be wrong and therefore it is always recommended to seek legal advice about instructions given or past instructions acted upon, under the belief those instructing were authorised to give such directions to do such acts in the first place.

Extra-Statutory

Extra-Statutory
.
Where, for illustrative purposes only, a Home Office circular regulates e.g. the use of listening devices and aural and visual procedures, the standards set by that document may be the same as those under a Stature (say RIPA or, previously, IOCA) but that Home Office circular does not mean by following its guidance it makes any acts or omissions compliant with the statutory provisions; conduct arising from following the circulars regulation, and not the statute, could be "wholly extra-statutory" and would probably contravene the European Convention on Human Rights - see Malone v Metropolitan Police Commissioner [1979] Ch 344; cf Malone v United Kingdom (1984) 7 EHRR 14.
.
The above represents past history events and matters have or should have moved on since then. When RIPA was introduced it was made clear that "no" extra-statutory conduct or operations were possible arising out of that new legislation. That any acts outside of that may amount to contravention and be unlawful.
.
Having illustrated a simplistic model about "extra-statutory" activity by public authority and public bodies or their personnel to avoid giving advice, direction or guidance which would/could probably mean such acts may operate in parallel to the statutory provisions instead of being enshrined within them, the same principle of extra-statutory can apply across many other areas covered by other statutes, too.
.
Advice, direction and guidance given to facilitate the transmission of sensitive and/or unlawfuly material over public systems to aid extraction and harvesting of data from device/s might probably be "wholly extra-statutory" conduct or operations. That is even where it is a one-off case. Where advice is given to do acts which appear to go against previously stated authority in dealing with certain types of materials, the expert/examiner should record all dealings with those acts that have been instructed.
.
I picked up on this whilst reading books and papers dealing with judicial review of administrative action, Blackstones Criminal Practice, Archbold, telecommunications law and practice and the laws of the internet etc etc. I also noted that ACPO Guidelines and other provisions in public sector procurement documents appear not to cover any examiner/expert who enters into extra-statutory acts.
.
These are only my observations based upon what I read, which may assist other examiners/experts. I am not giving legal advice and I do hold out to be a lawyer. It could be from what I have read that my observations may be wrong and therefore it is always recommended to seek legal advice about instructions given or past instructions acted upon, under the belief those instructing were authorised to give such directions to do such acts in the first place.

Monday, September 21, 2009

SMS Text Messages - Hearsay Evidence

SMS Text Messages - Hearsay Evidence
.
C2247 / R v Leonard 2009
YEAR OF CASE: 2009
CITATION: [2009] EWCA Crim 1251
COURT: Court of Appeal
.
SUMMARY:
Large quantities of various types of Class A drugs and cash were found in L's bedsit and on his person during a search by police.
.
At trial for possession of class A drugs with intent to supply, the prosecution argued that L was a street dealer and those drugs found had been his 'stock pile'. The defence argued that the drugs were for his personal use and that he was not a dealer but he had the large amount that was found because he intended to share them with his girlfriend.
.
The prosecution wished to admit two text messages as evidence to support its case. Both were from different people, one to compliment the 'gear', the other to complain about it. The defence argued that the text messages were inadmissible hearsay. The judge rejected the argument and admitted them as evidence of bad character as opposed to hearsay.
.
L was convicted and appealed arguing that the judge had been wrong in law.
.
Held:
Appeal dismissed. Convictions upheld. The text messages were hearsay evidence and not evidence of bad character. They fell in the scope of section 114 and 115 of the Criminal Justice Act 2003 and had to for the following reasons;
.
(i) they had not been made in oral evidence,
(ii) they were statements of fact or opinion within the meaning of section 115(2) of the 2003 Act,
(iii) the reason for the evidence being admitted was to establish the matters stated in the texts to try to prove that L had supplied the drugs to the senders of the texts, and
(iv) each message was designed to make the person in receipt of them believe the matters stated in them as required by section 115(3).
.
Once it is established that the texts are hearsay they then fall to be analysed as to whether they meet the statutory requirements regarding admission. The only basis upon which they could be admitted would be under section 114(1)(d); that it was in the interests of justice to do so. To ascertain whether that is the case, regard must then be had to the 9 propositions in section 114(2) and as they fail to meet some or all of those criteria, they may be hearsay, but they are inadmissible hearsay evidence. Despite this there was still a very strong case against L without them and their admission had not tainted the rest of the trial.
.
Note:
In this instance the senders of the text messages were never identified. If the authors can be identified then the text messages may become admissible where the authors can be potential witnesses. Thus allowing the evidence to be tested by way of cross-examination with any requisite measures in place, for example special measures under the Youth Justice and Criminal Evidence Act 1999 to alleviate such issues as fear.
.

SMS Text Messages - Hearsay Evidence

SMS Text Messages - Hearsay Evidence
.
C2247 / R v Leonard 2009
YEAR OF CASE: 2009
CITATION: [2009] EWCA Crim 1251
COURT: Court of Appeal
.
SUMMARY:
Large quantities of various types of Class A drugs and cash were found in L's bedsit and on his person during a search by police.
.
At trial for possession of class A drugs with intent to supply, the prosecution argued that L was a street dealer and those drugs found had been his 'stock pile'. The defence argued that the drugs were for his personal use and that he was not a dealer but he had the large amount that was found because he intended to share them with his girlfriend.
.
The prosecution wished to admit two text messages as evidence to support its case. Both were from different people, one to compliment the 'gear', the other to complain about it. The defence argued that the text messages were inadmissible hearsay. The judge rejected the argument and admitted them as evidence of bad character as opposed to hearsay.
.
L was convicted and appealed arguing that the judge had been wrong in law.
.
Held:
Appeal dismissed. Convictions upheld. The text messages were hearsay evidence and not evidence of bad character. They fell in the scope of section 114 and 115 of the Criminal Justice Act 2003 and had to for the following reasons;
.
(i) they had not been made in oral evidence,
(ii) they were statements of fact or opinion within the meaning of section 115(2) of the 2003 Act,
(iii) the reason for the evidence being admitted was to establish the matters stated in the texts to try to prove that L had supplied the drugs to the senders of the texts, and
(iv) each message was designed to make the person in receipt of them believe the matters stated in them as required by section 115(3).
.
Once it is established that the texts are hearsay they then fall to be analysed as to whether they meet the statutory requirements regarding admission. The only basis upon which they could be admitted would be under section 114(1)(d); that it was in the interests of justice to do so. To ascertain whether that is the case, regard must then be had to the 9 propositions in section 114(2) and as they fail to meet some or all of those criteria, they may be hearsay, but they are inadmissible hearsay evidence. Despite this there was still a very strong case against L without them and their admission had not tainted the rest of the trial.
.
Note:
In this instance the senders of the text messages were never identified. If the authors can be identified then the text messages may become admissible where the authors can be potential witnesses. Thus allowing the evidence to be tested by way of cross-examination with any requisite measures in place, for example special measures under the Youth Justice and Criminal Evidence Act 1999 to alleviate such issues as fear.
.

Mobile Market Stats

Mobile Market Stats

Useful OFCOM mobile market statistics collated from the UK mobile network operators.







Sunday, September 13, 2009

BCCH data uncovered

BCCH data uncovered
.
The data found in the elementary file broadcast control channel (EFBCCH) 7F20:6F74 / 7F21:6F74 can provide useful data relating to a geographical radio area when combined with location area information data.

.
Method for translating BCCH information data. The question is, is the translation below to find the BCCH frequencies correct and what have I not mentioned below? You will need copies of GSM11.11, GSM03.03, GSM04.08 as well as understanding coding schemes.
.
FIGURE 1 What the Standard states:
.
FIGURE 2 What that means:
.

.
FIGURE 3 Harvested data from a Orange SIM Card read:
.


.
FIGURE 4 Translating the hex output to binary:
.


.
FIGURE 5 Converting to decimal digits which translates again and corresponds to GSM assigned uplink/downlink frequencies:
.
BCCH Frequencies (ARFCN)
761 765 766 774 781 782 786 787 789 790 797 799 801 803 806 813 816 825 828 829 838 846 847 849 869
.
FIGURE 6 Corroborating the conversion using another tool:
.
.
More on Cell Site Analysis: http://cellsiteanalysis.blogspot.com

BCCH data uncovered

BCCH data uncovered
.
The data found in the elementary file broadcast control channel (EFBCCH) 7F20:6F74 / 7F21:6F74 can provide useful data relating to a geographical radio area when combined with location area information data.

.
Method for translating BCCH information data. The question is, is the translation below to find the BCCH frequencies correct and what have I not mentioned below? You will need copies of GSM11.11, GSM03.03, GSM04.08 as well as understanding coding schemes.
.
FIGURE 1 What the Standard states:
.
FIGURE 2 What that means:
.

.
FIGURE 3 Harvested data from a Orange SIM Card read:
.


.
FIGURE 4 Translating the hex output to binary:
.


.
FIGURE 5 Converting to decimal digits which translates again and corresponds to GSM assigned uplink/downlink frequencies:
.
BCCH Frequencies (ARFCN)
761 765 766 774 781 782 786 787 789 790 797 799 801 803 806 813 816 825 828 829 838 846 847 849 869
.
FIGURE 6 Corroborating the conversion using another tool:
.
.
More on Cell Site Analysis: http://cellsiteanalysis.blogspot.com

Tuesday, September 08, 2009

Mobile Phone Identity Theft

Mobile Phone Identity Theft
.
With a title like that you could be forgiven if you thought that someone had taken your mobile phone, stolen the name off it and just chucked the hardware back at you. Not interested in the phone, only want the name. Oh yes, call me Nokia N70 from now on.
.
The latest scare of Mobile Phone ID Theft as reported by Matt Cole Newsbeat Report for BBC online service Newsbeat can be found here:
.
.
Crimes like these create scepticism because the logistics encumbent upon the perpetrators to ensure that the enterprise of this crime succeeds are so long winded, bearing in mind that the mobile phone isn't being stolen, just a filing cabinet of personal information collated from various sources; and for what, so someone can run up a mobile phone bill. A solution to this part of the Identity Theft conundrum is to get a prepaid mobile phone and stick £5.00 on it. Now the matter is no longer ID theft, but call theft - £5 worth.
.
As for obtaining the filing cabinet of personal information about you? The only easier way that the perpetrators could speed up that process is if they were getting hold of information obtained from others who are themselves engaged in the business of selling and trading in people's personal details.