Blog

Mobile About Slide

How Cell Site Analysis Defence Works

30.11.15

Cell Site Analysis in action

Initial review of prosecution’s Cell Site Analysis

The defence team will instruct an expert in Cell Site Analysis, to review the prosecution’s Cell Site report. This review will;

  • Verify the accuracy of maps and field strength survey charts.
  • Check for errors in any documentation submitted.
  • Authenticate the examination methodology.
  • Endorse the equipment used in the analysis.

Once the Cell Site Review has been undertaken, in order to fulfil the obligations of the defence counsel, it will be necessary to re-examine some or all of the cell site analysis work. This is done to ensure that the original readings are accurate as an incorrect reading could mean that the suspect has been attributed to a place that he or she wasn’t. The examination aspect is conducted utilising the same methodology used for a full re-examination (see below).

Cell Site Analysis Re-Examination/Examination

The analysis is generally conducted in one of two ways:

One.
Travelling to each location of interest highlighted by the prosecution and taking measurements to determine the best serving cell or cells with respect to each specific location. This is known as a Spot Report.

Two.
Travelling in and around the area covered by a particular cell to determine the overall coverage. This is known as a Full Coverage Report. The Full Coverage Report frequently involves numerous hours of cell site readings, depending on the geographic area covered by the cell. It should be noted that cells located in city centres generally will cover a smaller area than those located in rural areas.

Both Spot Report and Full Coverage Reporting methods provide a validated indication to the coverage of the cell, however, a Full Coverage Report can geographically be represented on a map to show the extent of coverage with the most probable areas or locations where the call is most likely to have been connected.

Spot Reports will only show the coverage measured at specific locations and does not represent other areas where a call may have connected. Each case has to be determined as to which is the appropriate examination is to be used.

The specialist network equipment used to conduct these measurements is essentially a mobile phone enabled with specialised software and a GPS system which is installed within a vehicle. This bespoke equipment will allow the user to monitor, or if necessary adapt, the way in which a mobile phone responds to the network. This bespoke equipment is also connected to a GPS system which can record the precise location where each measurement is taken.

All the measurements recorded by the Cell Site Analysis Expert are then compiled into log files, which are then analysed back at the laboratory. The analysis of this data is manually undertaken and is often very time-consuming. The data is then plotted onto ordinance survey maps to show which cells provide coverage with respect to a single location, or the full coverage plots.

The results of the readings are used to compile a new report. The new report is then analysed against those from the prosecution’s report, to ascertain if there are any discrepancies. If any discrepancies are found, they assist in the defence by discrediting the prosecution’s evidence or if its inaccurate, the prosecution’s evidence/case is likely to be thrown out.

All findings are compiled in a clear and concise report with associated ordinance survey maps of varying scales, to visually represent locations of interest and cell coverage.

Cell Site Analysis defence: Why do we need this?

Cell Site Analysis is predominantly used by the prosecution to prove the whereabouts of a mobile phone at a particular date and time.

It is important to note that Cell Site Analysis only proves where the phone was, not the user. Further analysis is required to ascertain if the phone was in the possession of the suspect by examining activity such as texting, phone calls, browsing and app usage.

Disklabs has a team of Cell Site Analysis experts ready to support you. Our commitment to all-in pricing, wherever possible, means that we avoid hidden extras as the trial process continues.

Call us on +44(0)1827 50000 or use our contact form to let us know your requirements today.

Disklabs – comprehensive cell site analysis for defence counsels

Application of Sat Nav Forensics

20.11.15

Satellite Navigation

Satellite Navigation, often known as Sat-Nav, Sat Nav, SatNav, GPS Nav, GPS-Nav, or GPS nav is used commonly as a route finder on all forms of transport.

Standard Sat Nav is used in vehicles to give drivers directions and provide accurate route analysis, and by people who walk, run or orienteer. Marine Sat Nav is used to help ship steer accurately while Aircraft GPS is the form of Sat Nav used to accurately pinpoint the position and direction of aircraft.

Originally developed for military use Sat Nav devices are now commonly used by the general public and available in a wide range of devices and applications.  The use of Satellite Navigation systems in cars (either as a standard item of equipment or a portable device) naturally provides the greatest opportunity for accessing userful data.

Most Satellite Navigation systems have  management software and a variety of logs and configuration files that can be examined and broken down into readable and understandable data. Examination and interpretation of this data enables Disklabs’ Sat Nav Forensics experts to identify requested destinations, directions given to drivers and journey times. This information is naturally of great interest to law enforcement officers, defence lawyers, or employers for instance. Importantly it can be treated as admissible evidence in criminal and civil cases, provided appropriate evidence-gathering rules have been followed.

Benefits of Sat Nav forensics

Law Enforcement Officers.

The police, or other law enforcement agencies, may be able to exactly pinpoint the position of an accused person if that person used a Satellite Navigation system. If an accused person states that he was in one place, but his car Satellite Navigation system states that at the time that the vehicle was 200 miles away, the information given adds to the intelligence that the law enforcement agency has against the accused, or is even enough to charge the said accused person.

Prosecutors.

The prosecutors often work alongside the law enforcement agencies, and as such will use the information gained in Satellite Navigation forensics in the same way.

Defence Lawyers.

Defence lawyers are there to examine any and all evidence and try and pick flaws in it. If a law enforcement agency has not yet examined the Satellite Navigation system, the evidence produced may well be enough to have the accused proved innocent or cast doubt over his guilt. It is this reason that the more and more defence lawyers are turning to Satellite Navigation Forensics.

Employers.

Subject to the company handbook, the employees contract, and the company acceptable usage policy, (AUP), the employer may have the right to examine the Satellite Navigation systems of its mobile employees. This service is being used as employees want to know that their staff are indeed using their working hours efficiently. They may also use this service if they believe that the employee is not being as honest with their work details as they perhaps should.

Disklabs has a team of digital forensics experts who can analyse a wide variety of electronic devices, including Satellite Navigation systems, for criminal, civil and corporate investigations.

Call us on +44(0)1827 50000 or use our contact form to let us know your requirements.

How Mobile Phone Masts Work

19.11.15

Masts, antennae and base stations

Strictly speaking a mast is just that, a tower or pole that sticks up into the air – usually 15m. The parts that actually enable us to send and receive calls are separate elements; antennas and radio base stations. The mast itself simply lifts the antennae to the height where they can transmit and receive radio waves.

When you make a call your phone converts voice or data into radio waves that are transmitted to the nearest base station. The base station determines if the call is to another mobile phone or to a landline and routes the call accordingly. If it is to someone on the same network then the call can be directed via base stations to the site closest to the recipient and transmitted via the antennae.

The role of Cells
The mobile phone network operates on the cell principle. The network operators divide a territory up into thousands (in the case of the UK) of discrete areas – cells – that contain a base station and antennae, plus a mast if required.  Each cell provides coverage for a specific area and because their coverage overlaps calls can be passed between cells as people move around.

Cell density and positioning are driven by population distribution and topography. There are more cells in the urban area to cater for higher traffic levels and, sometimes, to mitigate interference caused by tall buildings. Low power cells called “picocells” can also be deployed inside buildings such as airports where there is a high concentration of users.

Cell Site Analysis
How mobile networks work and the way in which they are configured is extremely important to Disklabs. We need to understand the coverage of the mobile networks in precise detail when conducting Cell Site Analysis, a technique for identifying the movement and use of mobile phones and communications devices. Details about the height of masts, local geography and cell types can mean the difference between a guilty or not guilty verdict, or whether a suspect is apprehended.

Visit the website for more information on Disklabs range of digital forensics and data recovery services or contact us today.

Call us on +44(0)1827 50000 or use our contact form to let us know your requirements.

 

 

Protect your passwords

13.11.15

 A point of vulnerability

Talk Talk, Experian and Ashley Madison are high profile victims of cybercrime but the hackers target individuals directly too. One major area of vulnerability is the reliance for security on a simple collection of letters, numbers and symbols: the password.

Those in the know use the phrase “password cracking” to describe the penetration of a computer, network or system to unlock a resource that has been locked with a password. People using password cracking are sometimes defined as being in one of two groups, hackers or attackers.

A hacker is any person with an inherent interest in computer technology. Hackers are not necessarily someone who wants to do harm, just someone who wants to ‘beat a system’.  They have been known to gain access to a website simply to post a picture of a cat but in gaining access they may damage an individual or organisation by, for instance, making confidential data visible.

Attackers, on the other hand, gain access to cause damage. Motivations for Attackers can range from disgruntled employees trying to get revenge on a former company, a student simply trying to exploit large organisations with their computer systems, or simply a criminal attempt to gain financially by accessing confidential data or through blackmail.

Whether they are hackers or attackers the initial attention is on finding a vulnerability in the computer system they are targetting, corporate or domestic. And the most vulnerable point is the password.

So how do the attackers attack?

There are many ways of attacking a network including:

1. Bin, (or dumpster), diving“ literally going through the rubbish to find possible information that could be a password.

2. Finding a Post-It note on a monitor or underneath a keyboard.

3. Looking at Social Media profiles for details like birth dates, schools, children’s names that are often used in log-in processes.

4. Contacting an IT or customer service department, using relevant facts gained from the above, to fool staff into providing extra details or password resets.

5. Direct contact via email or phone asking people for details or getting them to log-on to a site (a dummy site) which means they expose their details.

6. A “dictionary attack” where a dictionary file of common words is loaded into a password cracking application, such as PRTK or LC4. The applications then attempt multiple logins at very high speed exploiting the fact that most common passwords are simplistic.

7. A “hybrid attack”combining the dictionary attack with the use of numbers to simulate common password set-up.

8. A “brute force attack”, which abandons the subtlety of the dictionary to target a massive number of short password.

What can you do to prevent password attacks

1.Shred office paper waste and consider doing the same for official documents, receipts etc. at home.

2. Check that passwords or ancillary information is not displayed anywhere.

3. Change passwords frequently.  At work change passwords when employees leave.

4. Use difficult to guess passwords – At least 8 characters including numbers, symbols, uppercase and lowercase characters.

5. Consider using free password generator software such as LastPass.

6. Don’t use the same password for more multiple accounts.

7. Enable two step verification where offered on websites.

8. Be aware that there are people out there who want your passwords and never give details away to callers, email contacts or on social media sites…ever.

9. Use dummy accounts rather than administrator accounts for computer systems and websites.

Disklabs has an experienced team of consultants who can advise you on improving your digital security.  We also run one of the UK’s leading digital forensics laboratories that can help you track down the perpetrators of malicious password attacks and bring them to justice.

Call us today on +44(0)1827 50000 or use our contact form to discuss your digital security requirements.

 

Disklabs - Experts in the extraction and analysis of mobile phone data

Computer Forensics IP Theft

02.11.15

Have you been a victim of IP theft?

The theft of intellectual property right (IP) can be hard to prove and even harder to prosecute. Realistically it will take services of a computer forensics company such as Disklabs to provide the victim of IP theft with the skills and resources to gather hard evidence to support their accusations.

IP theft is a complex subject to approach as laws can differ significantly between jurisdictions. Disklabs can provide advice and guidance upon the best way to pursue the investigation into the theft of your intellectual property. Computer forensics techniques such as those perfected by Disklabs are being used more and more as a way to acquire sufficient evidence to support a claim of intellectual property theft.

There are as many reasons for somebody committing IP theft as there are forms of IP theft, regardless of the reason the crime was committed, every instance of IP theft can represent a major financial loss for the victim. Disgruntled employees will often perform malicious acts of IP theft such as e-mailing a customer list to a competing company or deleting mission-critical data such as invoices and other accounting data. At its most serious IP theft sees a member of the executive management team stealing an entire business model to use as a basis for a new commercial venture.

If you suspect that you have been a victim of IP theft you should instantly turn off the computer which was the tool used during the crime, not simply by shutting it down but by physically unplugging it from the mains. You should then take measures to secure the entire machine; it should be locked in a safe place where nobody can gain access to it. Once these initial measures have been taken you should try to make a note of or list any suspicious activities that you have witnessed or any data or documents you think may have been stolen. Then you should contact a computer forensics provider and arrange for the suspected IP theft to be investigated. The result of this forensic analysis will provide you with a technical document in proving or disapproving your suspicions, and arming you with the tools to take your accusations further.

In many cases, once the crime of IP theft can be proven by the documented technical fact the perpetrator will return what was stolen. If they do not, then the victim company is already in possession of the relevant proof and can begin to instruct their legal representatives to take proceedings.

If you believe you have been a victim of IP theft then call us today on +44(0)1827 50000 or use our contact form – Disklabs can help.

Disklabs – Investigating and preventing computer misuse for UK business.