Understanding cellphone tower communication
Every mobile device that uses a cellular signal for communication or data / internet, needs to connect to a cellular tower or BTS (Base Transceiver Station). When the mobile device connects to a tower to conduct an outgoing call or receive an incoming call, the cellular provider (Sprint, AT&T, Verizon, etc..) maintains a record of that event in the Call Detail Records (CDR). Some carriers will maintain CDRs of these events up to 7 years (AT&T). Some carriers will only maintain the CDRs for 6 months. It is important to make the forensic analysis request as soon as possible, due to the volatility of the data. A preservation letter can be sent to the carrier to hold the data.
The CDRs can contain the following:
- Historical Tower Location Information of sites used
- Data Connections
- Call and Text Message Connections, except in the case of iMessages, or messages from an iPhone to another iPhone. The body of the Text Message is not kept within the CDR, only the sender and receiver phone numbers.
- Ping Data (Sprint only) The network sends a message to the phones internal GPS receiver to report its location.
- Distance between the mobile device and the Tower used
The Call Detail Records can only be acquired by a Court Order or Search Warrant provided to the cellular provider. Location data is considered protected information and Cellular providers will not release it with a subpoena. A subpoena will only get the basic data such as subscriber and payment information.
Call Detail Records Assisting your case
Through a forensic analysis of the CDRs you can determine where, when and how, a mobile device was used. Depending on the type of case you have, you can answer the following questions.
- Was the mobile device in the area, when the event took place? How close or how far?
- Historically, what locations does this mobile device frequent?
- Who was called or were text messages being used?
- Was the mobile device actively being used at the time of the accident / event?
- Was the group of mobile devices moving together to a location?
- What numbers does this mobile device connect with most?
These questions can be answered by just using the CDR. You do not need physical access to the actual mobile device.
The Benefits of forensic analysis of the CDR
Calls, text messages and data connections can be erased off of a mobile device. The cellular provider holds this information, even if it is erased from the cellphone or the cellphone no longer exists. The body of the text message will not be saved, but the connection event is. You do not physically need to possess the mobile device to acquire this information. Connections between groups of mobile devices and locations can be established or disestablished.
Vestige has the experience of working and testifying on information from multiple Call Detail Record cases. Contact Vestige to learn more about Mobile Device Communication and Cell Towers.
By Chris Mammarella, EnCE
Senior Forensic Analyst, Colorado Office
Vestige Digital Investigations