Download   Report
  1. technology and computing
  2. consumer electronics
  3. telephones
  4. mobile phones

CELLULAR DATA ANALYSIS Presented by Bill McGirk CTF

CELLULAR DATA
ANALYSIS
Presented by Bill McGirk CTF
CELLULAR SOLUTIONS, LLC
This presentation is the Intellectual property of Cellular Solutions, LLC and may not be reproduced in whole or part
without the expressed written consent of Cellular Solutions, LLC. January 2012
What is
Cellular Data Analysis?
• Cellular Data Analysis is the process of using a mobile phone’s
Communication Data Records, supplied by the mobile phone
company, to trace the historic geographical movement of the phone
as it moved from place to place.
• Most Communication Data Records will include voice, text, and
data usage with cell tower locations. These records will indicate
who called, who was called, time, and length of usage. Direction
and movement can be applied.
• When the phone is attributed to an individual, it can be a powerful
tool in criminal and civil investigations.
What Can Cellular Data Analysis
Do For You?
•
1. Confirm the whereabouts of the insured/claimant at the time of the loss.
Were they where they said they were?
•
2. Determine if the insured/claimant was ever at the site of a loss. Were they
at or near the site where a loss occurred or where a risk vehicle was
recovered?
•
3. Determine the associates of an insured/claimant. Who were they in
contact with prior to or after a loss?
•
4. Determine the routine of an insured/claimant. Was their activity around
the time of the loss normal for them?
What Can Cellular Data Analysis
Do For You?
•
5. Did they stop using their personal phone during the loss period,
suggesting an attempt not to be tracked?
•
6. In the event of a burglary or arson were they away from the home as
stated?
•
7. Were passengers actually at the accident site or added as “jump-ins”
later?
•
8. Confirm the whereabouts and activities of a injured worker. Were they
in “course and scope”. Was there “deviation” in their assignment?
•
9. Claims in litigation will greatly benefit from a Call Data Analysis if
they’re not to old.
BASIC CELL PHONE TECHNOLOGY
Cell structure
Cell Tower Structure
• The tower is not in the center of the hexagon, it is
between three hexagons. Cellular towers are placed to
support each other and the cellular traffic.
Cell Structure - City
Notice the tower layout.
Cell Structure - Rural
Cellular Tower Sector Layout
The Tower
0,120,240
30 Degree Offset
The Tower – By the Azimuth
The Tower – By the Azimuth
The key to remember when reviewing CDRs is to identify sector
orientation, anomalies, patterns of use and other subscriber data
which may be relevant. In addition, since sectors are not positioned
the same direction in degrees, environmental surveys may also be
keys to a successful case. As part of a certified review process, an
in-field environmental survey may be necessary to plot a relevant
tower.
The Tower
Passing through the tower/cell site
MULTIPLE ARRAY TOWER
MULTIPLE PROVIDER TOWER
ARRAYS ON A WATER TOWER
TOWER PALM TREE
TOWER SHORT MAST
COWS – Cellular On Wheels
WHERE’S THE CELL TOWER ?
The System
• GSM – AT&T, T-MOBILE
• CDMA – VERIZON, SPRINT
• IDEN – NEXTEL
WHEN CELL COMPANIES MERGE
Basic Cell Phone
• Your basic cell phone is nothing more than a radio, a
complicated radio, but it still follows the same basic
principles. Your three forms of transmission are:
• SIMPLEX – think of your TV or car radio.
•
½ DUPLEX – think of a walkie-talkie or the push to talk
function. (IDEN)
•
FULL DUPLEX – the cell phone we know and use
everyday.
What Does The “G” Mean?
GENERATION
• 1G (THE BRICK, BAG PHONE, CAR PHONE,
ANAOLOG)
• 2G (DIGITAL, FIRST FLIP)
• 3G (SMART PHONE, INTERNET, SMS, MMS)
• 4G (LIVE TRANSMISSION)
Vocabulary Of The Cell Phone Industry
• CDR - COMMUNICATION DATA RECORDS
• CDA - CELLULAR DATA ANALYSIS
• MMS - MULTIPLE MEDIA SERVICE (Pictures & video)
• PTN – PRIVATE TELEPHONE NUMBER (Target Number)
• SIM CHIP - SUBSCRIBER IDENTITY MODULE = GSM
(Global Systems Mobile)
• IDEN - PUSH TO TALK (it’s track-able)
• SMS - SHORT MESSAGE SERVICE (Text Messages)
SMS - SHORT MESSAGE SERVICE
(Text Messages)
Vocabulary Of The Cell Phone Industry
• LAC, REPOLL, NETWORK ELEMENT- ALL USED TO
DESCRIBE A CLUSTER OF TOWERS
• EDGE, EDVO, H+ - DATA TRANSMISSION TERMS
• “PINGING” – WHEN A PTN IS MAKING CONTACT WITH A
CELL SITE
• LIVE DATA vs. HISTORICAL DATA
• AIRPLANE MODE – THE DEVICE IS NO LONGER
“PINGING”
• IExif DATA– CELLULAR PHONE PHOTOS
IExif DATA – CELLULAR PHONE PHOTOS
•
METADATA – CELLULAR PHONE PHOTOS
DATA ABOUT DATA
What makes a cell phone choose a
certain cell site?
•
First, you should separate the concepts of distance and signal strength. You
could be in the balance point of signal strength between towers,
theoretically...but not in practice. You could also be physically equidistant from
the towers, which has little or nothing to do with the tower that would be used.
Remember that your phone will pick the strongest signal, not the closest
tower. This happens in reality all the time...because of line of sight (primarily).
•
Second, tower traffic (load) and signal strength are the two primary
determinants on which tower is selected. Additionally, latency (hanging on to
last tower piloted) has significance in determining which tower a call may be
connected on. There are also differences in tower selection by the equipment on
each tower (sectorized v. omnidirectional) and the amount of arrays dedicated to
each sector per tower (traffic load capacity).
•
Equidistance and equal power, however, can only be theoretical, because traffic
load and signal strength may change with the same physical location of the
handset...so there will be changes to the tower connections based upon those,
and other, factors even though the handset has not moved.
Good Things To Know
1.
TOWER SKIP- THIS CAN OCCURR BUT IT IS LIMITED
2.
SIGNAL STRENGTH - CLOSEST vs. STRONGEST- OR BOTH
3.
TOPOGRAPHY
4.
TOWER HEIGHT
5.
TOWER PLACEMENT
6.
TOWER SPECTRUM
7.
LINE OF SITE
8.
PINGING – LIVE TRANSMISSION- THE DEVICE HAS TO BE IN USE
9.
MICRO CELLS
Billing Records vs. Communication
Data Records
BILLING /TOLL RECORDS
• Billing records are only used to
establish call usage, they
cannot distinguish between
towers called. Verizon makes
available a record that list “city
called from” or “network
element”. This is actually a
“switch station” and one
switch station can control
hundreds of towers.
COMMUNICATION DATA
RECORDS
• Communication Data Records
or CDRs on the other hand are
the heart of Cellular Data
Analysis. CDRs will include a
longitude and latitude, tower
azimuth, the number called
and calling, identification of
originating and terminating
cell towers.
• When this data is properly
analyzed it can give you the
location and direction of a
target number.
Verizon Billing Records
Billing Records vs. Communication
Data Records
BILLING RECORDS
• These records are becoming
less and less available to
customers who have a “prepaid” account OR an
“unlimited use” contract.
• The cellular companies see no
reason to maintain records on
these types of accounts. When
the Insured advises you his
billing records are unavailable
he’s telling you the truth.
COMMUNICATION DATA
RECORDS
• Call data records or CDRs are
maintained AND available
through the designated legal
process. Cellular providers
consider their CDRs and cell
sites to be proprietary and they
will only produce them with
either a subpoena or court
order dependent on the
provider and the records
requested.
Verizon Billing Records
Network Element Name
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
Saltlake_City
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
West_Jordan
Mobile Directory
Dialed
Number
Digit Number
Call Direction Seizure Dt Tm
Seizure Duration Calling Party Number
############ ########### F
8/1/2011 8:31
76 ############
############ ########### F
8/1/2011 10:14
3 ############
############ *86
3
8/1/2011 11:38
85 ############
############ ########### F
8/1/2011 11:38
84 ############
############ ###########
3
8/1/2011 12:01
90 ############
############ ###########
6
8/1/2011 12:55
24 ############
############ ########### F
8/1/2011 12:55
4 ############
############ ###########
6
8/1/2011 13:01
41 ############
############ ########### F
8/1/2011 13:15
80 ############
############ ########### F
8/1/2011 13:30
202 ############
############ *86
3
8/1/2011 13:35
49 ############
############ ########### F
8/1/2011 13:35
49 ############
############ ###########
3
8/1/2011 15:14
34 ############
############ ###########
3
8/1/2011 15:32
34 ############
############ ###########
3
8/1/2011 15:43
34 ############
############ ########### F
8/1/2011 16:05
4 ############
############ ########### F
8/1/2011 17:40
32 ############
############ *86
3
8/1/2011 17:56
25 ############
############ ########### F
8/1/2011 17:56
24 ############
############ ###########
6
8/1/2011 18:20
220 ############
############ ###########
3
8/1/2011 18:25
31 ############
############ ########### F
8/2/2011 9:33
4 ############
############ ###########
6
8/2/2011 11:36
156 ############
Verizon CDRs w/Cell Sites
Obtaining The Records
1st DETERMINE TARGET PHONE SERVICE PROVIDER
• MAJOR PROVIDERS (MNOs)
• SECONDARY SELLERS (MVNOs)
• MOM & POP PROVIDERS
• ROAMING PARTNERS
PRE-PAID PHONES
• MATCHING TO MAJOR PROVIDERS
DIFFFERENCE IN CDR REPORTING (pre-paids report differently)
METHODS FOR DETERMING THE PROVIDER PTN
• SEARCH-BUG.com
• PHONE FINDER.com
• CELLULAR SOLUTIONS, LLC
MVNO vs. MNO
An MVNO is a secondary seller of airtime/minutes. They buy them in bulk
from the MNO. An MVNO does not own any towers, cell sites, or switching
equipment.
MVNO-Virgin, TracFone, Net10, SafeLink, Consumer Cellular
MNO-AT&T, Verizon, T-Mobile, Sprint/Nextel
How can I be sure if it’s an MVNO or an MNO? ASK THE ACCOUNT
HOLDER TO LOOK AT HIS BILL OR RECEIPT!!
On your subpoena, court order, or search warrant list BOTH the MNO and the
MVNO as your respondent.
An MNO can have a prepaid division within their company.
Pre-Paid Phones
They ALL produce CDRs
•
BOOST - SPRINT
•
VIRGIN MOBILE – SPRINT
•
KAJEET – SPRINT
•
QUEST – VERIZON
•
ALLTEL – VERIZON
•
SIMPLEMOBILE – WAS T-MOBILE NOW IT’S TRACFONE
•
JITTERBUG – VERIZON
•
INPULSE – VERIZON
•
GO PHONE – AT&T
•
ONSTAR - VERIZON
Records Retention
Just how long are the CDRs Kept?
•
AT&T – From March of 2009 is my latest experience
• SPRINT/NEXTEL/BOOST/VIRGIN – 18 MONTHS
• T-MOBILE – 6 MONTHS
• VERIZON – 365 DAYS
• METRO PCS – 9 MONTHS
• CRICKET – 6 MONTHS
• So What Do We Do If We Are Getting Close To The Cut Off Date?
The Preservation Letter
•
•
•
•
•
Metro PCS Custodian of Records
Corporate Security
2250 Lakeside Blvd.
Richardson, TX 75082
Office 1-800-571-1265 Fax 972-860-2635
•
VIA FAX to (972) 860-2635
•
Re:
18 USC 2703(f) Preservation Request – Subject #XXXXXXXXXX
•
Dear Madam/Sir:
•
I am writing to make a formal request for the preservation of records and other evidence pursuant to 18 U.S.C.
pending further legal process.
•
You are hereby requested to preserve, for a period of 90 days, the records described below currently in your possession,
including records stored on backup media, in a form that includes the complete record. You also are requested not to
disclose the existence of this request to the subscriber or any other person, other than as necessary to comply with this
request. If compliance with this request may result in a permanent or temporary termination of service to the accounts
described below, or otherwise alert the subscriber or user of these accounts as to your actions to preserve the referenced
files and records, please contact me before taking such actions.
•
This request applies only retrospectively. It does not in any way obligate you to capture and preserve new information that
arises after the date of this request.
•
This preservation request applies to the following records and evidence:
•
A.
All stored communications and other files reflecting communications to or from user account/user name Subject
#XXXXXXXXXX between the creation of the account and the present;
B.
All files that have been accessed by user account/user name or Subject #XXXXXXXXXX or are controlled by user
accounts associated with Subject between the XXXXXXXXXX creation of the account and the present;
C.
All connection logs and records of user activity for user account/user name or Subject between the #XXXXXXXXXX
creation of the account and the present, including;
•
•
2703(f)
The Preservation Letter
•
•
•
•
•
•
1.
2.
3.
•
D.
All records and other evidence relating to the user account/user name Subject # XXXXXXXXXX between the creation of
the account and the present, including, without limitation, subscriber names, user names, screen names or other identities, mailing
addresses, residential addresses, business addresses, e-mail addresses and other contact information, telephone numbers or other
subscriber number or identifier number, billing records, information about the length of service and the types of services the
subscriber or customer utilized, and any other identifying information, whether such records or other evidence are in electronic or
other form.
E.
Any other records and other evidence relating to user account/user name or Subject # XXXXXXXXXX between the
creation of the account and the present. Such records and other evidence include, without limitation, correspondence and other
records of contact by any person or entity about the above-referenced account, the content and connection logs associated with
or relating to postings, communications and any other activities to or through user account/user name or Subject # XXXXXXXXXX,
whether such records or other evidence are in electronic or other form.
•
4.
5.
Connection date and time;
SMS and MMS communications (both incoming and outgoing);
User name associated with the connection and other connection information, including the Internet Protocol
address of the source of the connection;
Telephone caller identification records;
Records of files or system attributes accessed, modified, or added by the user;
•
Sincerely,
•
•
•
•
•
Bill McGirk CFE, CTF
Cellular Solutions, LLC
1-928-277-1178 office
1-928-925-8690 cell
1-877-570-2212 fax
•
[email protected]
Consent By Subscriber Why?
•
It is helpful in the legal proceedings to show we have the “consent” of
the Insured to obtain their CDRs! The courts & the cellular providers feel this way
also. It saves time AND money!! No notification involved.
•
Why can’t I use my companies consent? It’s not cellular provider specific and
they are generally VERY broad in scope.
•
What if they refuse to sign it? In CA you must have consent or a court
order is required. In other states you can proceed it will take a little longer due to
notifications by the court and the cellular provider.
•
Can I deny the claim if they don’t sign the consent? That’s up to your
Company, obtain a legal opinion.
•
What if they withdraw their claim? Just because they walk away doesn’t mean you
should too, the statute will run longer than the life of the CDRs, if they reopen their claim you
will have lost your evidence. At the very least get out a preservation letter.
The Consent
•
CONSENT TO DISCLOSE AND RELEASE FORM TO
•
SPRINT/NEXTEL/BOOST MOBILE
•
The undersigned hereby consent(s) to the release and transmittal to ________________
•
and it’s representative Cellular Solutions, LLC (hereinafter referred to as "the
•
Company") any information related to the cellular call detail, text message detail and tower
•
•
cellular site information relating to my cellular and residential phone numbers ____________for
the time period of _________to ____________.
•
•
The undersigned further authorize(s) and direct(s) any person who is presented a copy of this
form to promptly deliver to the Company any of the information upon the Company's request.
•
•
"ANY PERSON WHO KNOWINGLY PRESENTS A FALSE OR FRAUDULENT
CLAIM FOR THE PAYMENT OF A LOSS IS GUILTY OF A CRIME AND MAY
•
BE SUBJECT TO FINES AND CONFINEMENT IN STATE PRISON"
•
(Subscriber Name)___________________
•
(Subscriber Signature)________________
•
(Billing Address)_____________________
•
(Claim No.)__________________________
The Consent
(Must now be notarized)
•
•
•
•
STATE OF _________________
•
•
•
•
•
On this ___ day of____________ ,2012, before me,__________________________________ ,
a notary public in and for the County of _____________________, State of ____________, residing
therein, duly commissioned and sworn, personally appeared________________________________
known to me to be the person whose name is subscribed to the within instrument, and acknowledged
to me that he executed the same.
•
•
IN WITNESS WHEREOF, I have hereunto set my hand and affixed my official seal the
date and year in this Certificate first above written.
•
•
Notary Public
•
(Subscriber Name)____________________________
•
(Subscriber Signature)_________________________
•
(Address)____________________________________
•
(Claim No.)__________________________________
)
)
)
COUNTY OF _________________
ss.
_______________________________
Establishing Foundation
Questions to establish “foundation” during the initial recorded statement for a future Cell Phone
investigation.
They should be asked in addition to the normal questions you would ask in your recorded statement or
EUO.
•
What is your cell phone number with area code? (Do not ask “do you have a cell
phone”? Assume they do until they tell you they do not).
•
Is this your only cell phone? (Many people have more than one cell phone.)
•
If no, What are the other cell phone numbers with area code for the other cell phones?
•
Is the cell phone number you have now the same cell phone number you had on the
date of this loss?
•
If no, What was the cell phone number with area code you had on the date the loss
occurred?
•
Is this cell phone(s) a personal cell phone or a business cell phone? Is this cell phone in a
name other than your own?
Foundation Questions
Continued
•
What is the billing address for this cellular phone account?
•
Who is your provider? Ask them to look at their bill they could be using an MVNO, we
can determine who their MNO is by just the PTN, but not the MVNO.
•
When this loss occurred did you have your cell phone with you? (If they answered that
they have more than one phone, which phone did they have with them)?
•
Besides your cell phone are there other cell phones in the household? (If so what are
their cell numbers)?
•
Do you ever lend your phone to family or friends? (If yes, did you lend your phone on
the date of this loss?)
•
Are you willing to sign a voluntary consent so we may obtain your cell phone’s Call
Data Records? (We are not asking for their billing records.)
The Process - Costs $$$
1. Attorney – This varies depending on use of staff counsel,
approved counsel, or by recommendation.
2. Court Fees – In your state they are $????
3. Cellular provider records release fees – varies based on the
provider and the amount of records requested, $50 to $175.
4. Cellular Data Analysis – $100 per hour, average CDA is
about $500 per PTN, multiple PTNs or research is extra.
• Call, discuss the wants and needs, and get an estimate.
The Process – Time Frames
• CDR TIMEFRAMES vary to obtain the CDRs from the cell phone
provider. My most recent experiences are that once legally served
they will take…………
• Verizon- 1 to 2 weeks with the required “judge signed” court order,
a subpoena will not work with Verizon for cell site locations
• Sprint & T-Mobile - 21 days if the correct process is followed, a
subpoena is sufficient
• AT&T- 4 to 6 weeks (they’re a little backed up), a subpoena is
sufficient IF the verbage is correct
• Metro PCS & Cricket - 3 to 4 weeks
The Steps Again
1. Determine the file is a candidate for Cellular Data Analysis (exposure, prior
losses, bad statement, EUO.) Please keep the timeframes in mind!
2. Establish the foundation. (verify that the target PTN device is in their
possession at the time of the loss.)
3. Verify the target number’s Provider.
4. Get a Consent for that Provider and get it signed and notarized.
5. Place that Consent with an Atty. and instruct them to start a motion to perpetuate
testimony action (if this is a litigated file go straight to the Judge for a Court Order, no
consent is required.)
6. If this is a file involving Law Enforcement see if they will assist. CLEAR THIS
WITH YOUR COMPANY AND IT’S POLICIES IN THIS AREA.
7. Get the subpoena or Court Order and consent to the cellular carrier’s subpoena
compliance division.
8. With the CDRs in hand complete the Cellular Data Analysis.
QUESTIONS ????????????
If you think of a question later later call me @
928-277-1178
or
928-925-8690
or
[email protected]
Websites Of The Cell Phone Industry
•
•
Find Cell Phone Providers for a particular region by Zip Code
Find and research all the cell phone companies licensed to serve your area. Enter
your ZIP code to start your search. http://www.wirelessadvisor.com/
•
•
Understanding Cell Phone Providers – Cnet
A comprehensive source of information with details about each of the major
providers. http://reviews.cnet.com/2719-3504_7-389-1.html?tag=page;page
•
•
Locate Cell Towers
Find cell towers and the associated providers in a given area.
http://www.cellreception.com/towers/
•
•
Glossary of Cellular Phone Terms
A comprehensive list of terminology associated with cellular telephone related
technology. List of providers in a given Zip Code.
http://www.wirelessadvisor.com/resources/glossary
•
•
•
•
•
Phone Scoop
A resource with instructions to help navigate through various menus on a
particular cell phone model to access address books,
recent call history, features, options, accessories, etc.
http://www.phonescoop.com/
Wireless Communications for Low Altitude Aircrafts

Wireless Communications for Low Altitude Aircrafts

Document 168327

Document 168327

IFITM3 Peptide PRODUCT DATA SHEET Bioworld Technology CO., Ltd.

IFITM3 Peptide PRODUCT DATA SHEET Bioworld Technology CO., Ltd.

BLOCKS…JUST BLOCKS

BLOCKS…JUST BLOCKS

Letter of Parental Consent for Minor Children to Travel

Letter of Parental Consent for Minor Children to Travel

Document 119088

Document 119088

- 3978 -

- 3978 -

Document 65526

Document 65526

Document 89415

Document 89415

Talk Tower Newsletter

Talk Tower Newsletter

8

8

Document 55230

Document 55230

Youth, Technology and Career (YTC) Project Summary

Youth, Technology and Career (YTC) Project Summary

● Information Technology City of Menasha ● Supervisor of IT Support

● Information Technology City of Menasha ● Supervisor of IT Support

NOTICE TO MARINERS No.5 – 2014 RIVER MERSEY AND PORT OF LIVERPOOL

NOTICE TO MARINERS No.5 – 2014 RIVER MERSEY AND PORT OF LIVERPOOL

19907 Journal 31/7/07 16:41 Page 30

19907 Journal 31/7/07 16:41 Page 30

CELLULAR RESPIRATION Harvesting Chemical Energy

CELLULAR RESPIRATION Harvesting Chemical Energy

How to simulate Turing machines by invertible one-dimensional cellular automata

How to simulate Turing machines by invertible one-dimensional cellular automata

Chemical vs. Non-chemical Cooling Water Treatments – a Side-by-Side Comparison

Chemical vs. Non-chemical Cooling Water Treatments – a Side-by-Side Comparison

Introduction Overview

Introduction Overview

2 Big Idea Cellular Processes:

2 Big Idea Cellular Processes:

How to design multi-target drugs : target search options Review

How to design multi-target drugs : target search options Review

abcdocz.com

© Copyright 2024