In today’s digital age, smartphones contain a wealth of personal information about their owners. From text messages and call logs to photos, videos, Internet browsing history, apps downloaded, and location data, phones hold many details that police can use as evidence in investigations. When police legally seize a suspect’s phone, there are several types of data they can extract.
Call History and Text Messages
One of the most basic things police can pull from a seized phone is the call and text message logs. This provides them with a record of who the person has been in contact with and when. While the content of texts may be encrypted and inaccessible without the passcode, the SMS logs show all incoming and outgoing texts with phone numbers and timestamps.
Similarly, call logs reveal all dialed, received, and missed calls with the phone numbers and duration of conversations. By compiling call and text records spanning days, weeks, or months, investigators can map out a suspect’s digital footprint and social connections for analysis.
Photos and Videos
The photos and videos stored on a phone can provide police with visual evidence to assist investigations. Date and timestamp metadata on images and footage can help establish timelines of events, corroborate witness accounts, and place suspects at crime scenes. The data may also help identify potential accomplices and co-conspirators.
Moreover, graphic images and videos can depict criminal behavior such as assault, theft, drug use, possession of illegal weapons, or distribution of child sexual abuse material. However, valid search warrants granted by judges are generally required for police to access phone photo and video content.
Internet Browsing History
Browser history on a mobile phone presents a chronological record of websites visited in apps like Chrome, Firefox, and Safari. This data allows police to see the type of content a suspect has viewed online.
For instance, frequent visits to websites selling firearms or explosives could indicate plans for a bombing or mass shooting. Similarly, regular access to dark web drug marketplaces may imply intention to buy or sell narcotics.
While browser history does not prove criminal acts, it can provide circumstantial evidence of intent, access to information, or conspiracy.
Emails and Messaging Apps
In addition to native text messaging apps, many users connect email accounts and third-party messaging platforms like WhatsApp, Facebook Messenger, and Snapchat to mobile devices. Police can view any unencrypted messages and email exchanges on seized phones as authorized by judges.
This may include criminal communications about drug transactions, threats of violence, distribution of child exploitation materials, or discussions about committing fraud or cybercrimes. Encrypted data requires entering the app with the user’s credentials or cracking encryption protections.
Installed Apps
The apps downloaded on a phone also offer clues about interests and habits. For example, a suspect arrested for soliciting minors may have dating apps and anonymous messaging platforms installed. Someone accused of financial crimes could have various cryptocurrency, stock trading, or money transfer apps.
Certain specialized apps like encryption/anonymizing tools, hacking platforms, or secret communication apps may relate to more sophisticated criminal activity. While legal apps do not imply guilt, they can contextualize other evidence or suggest motives.
Location Data
Mobile phones constantly track and record location data unless a user opts out. This includes GPS coordinates, WiFi network connections, and connections to cellphone towers. From this data, police can construct physical timelines and maps of a phone owner’s movements down to precise times and places.
This geolocation information offers important temporal and spatial context for investigations. It may link suspects to crime scenes, known associates, stash houses, or other relevant venues. However, lengthy location tracking by police requires a warrant.
Digital Footprint and Pattern Analysis
In addition to extracting discrete data types like messages, files, or GPS logs, police use seized phones to analyze the suspect’s digital footprint as a whole. Call records, texts, browser histories, app usage, and location patterns may demonstrate habits, interests, relationships, and activities.
Advanced data mining tools can also identify linked accounts, aliases, behavioral anomalies, and other insights. In essence, investigators reconstruct a detailed picture of a suspect’s digital life and compare it to criminal allegations or theories.
Third-Party Cloud Backups
Smartphones often automatically sync data to affiliated cloud servers operated by Google, Apple, and app vendors. Police can request access to these third-party backups by obtaining the proper warrants or subpoenas to compel tech companies to share their contents.
Cloud-synced evidence may include messages, photos, videos, contacts, notes, app data, and phone backups that are end-to-end encrypted or recently deleted on the device. This provides access to information that may be unrecoverable from the phone alone without passcodes.
Extracting Data Without Passcodes
With physical access to a seized phone, police have several options to extract data without passcodes or biometrics to unlock the device:
- They can perform a logical extraction to recover all accessible data on the phone storage, including unencrypted files.
- Jailbreaking or rooting phones allows more data copying, depending on security patches.
- Cellbrite and other mobile forensics tools automate high-speed data extraction.
- Chips-off forensics involves removing flash memory chips from phones and copying their raw data.
- Pattern lock systems can sometimes be bypassed by examining fingerprint smudges for the pattern.
However, full disk encryption without backdoors increasingly protects device data from these techniques. Police then require the passcode or credential entry by the suspect to decrypt information.
Cracking Passcode or Biometric Protection
If police cannot extract enough data from a locked phone, they may attempt to crack the passcode or biometrics protecting it. This can be done by:
- Using brute force to try all possible passcode permutations.
- Exploiting security flaws and bypassing limits on failed passcode attempts.
- Trying fingerprints or face biometrics seized under warrant from suspects.
- Employing vendors who specialize in breaking mobile encryption.
However, courts may restrict these options to uphold the Fifth Amendment against self-incrimination. Physically forcing suspects to provide access is also illegal. Cracking encryption remains difficult if complex passcodes are used.
Weakening Encryption
Governments argue that impenetrable encryption hinders law enforcement and national security investigations. Some advocate for encryption backdoors and weaker algorithms that allow lawful data access with warrants. However, most security experts oppose this, citing risks of criminal exploitation and undermining cybersecurity and privacy.
Tech companies also resist building encryption vulnerabilities, fearing consumer distrust. They increased phone encryption strength after Edward Snowden’s 2013 NSA surveillance revelations. For now, Apple, Google, and others maintain that they cannot decrypt data for police even under warrant.
Conclusion
Smartphones offer police a treasure trove of investigative data. Call logs, messages, photos, browsing history, installed apps, location records, and more can offer both direct evidence and contextual insights for building cases. Police use warrants, digital forensics, and encryption cracking to extract as much data as possible from seized phones. However, growing encryption continues to pose barriers to accessing all content.