Mobile forensics takes a leap forward
Susteen’s affordable hand-held device enables a rapid response to threats in the field
Sponsored by Susteen
By Laura Neitzel for Police1 BrandFocus
A child goes missing. A teenager dies in an auto crash. An active shooter targets concertgoers. An armed robber flees a scene. A terrorist attempts to evade authorities.
These are some of the scenarios in which law enforcement might need to gather cell phone data from citizens, victims and suspects.
A string of text messages can indicate whether the driver was paying attention to the road or texting. Bystander video may have caught a glimpse of the child being forced into a vehicle or the armed robber fleeing a scene. Video and sound captured during the active shooter incident can help identify the shooter’s location and movements. Texts, phone calls and browsing history can leave clues to a bomber’s accomplices and possible motives.
In any one of these scenarios, time is of the essence. When someone’s life is on the line, you don’t have time to go back to the lab to extract evidence off a cell phone.
With Susteen’s DataPilot 10, you don’t have to.
Designed to be different
It can take four to eight hours to take cell phone evidence to a lab and have the data extracted and made available to investigators. By that time, a kidnapped child could be in another state.
The urgency to get actionable intelligence that can save lives is why Susteen developed the DataPilot 10. Wanting to take a fresh approach to mobile device forensics, Susteen assembled a new production team, new product engineers and even a new Chief Technical Officer to design an intuitive field acquisition device that would enable law enforcement officers to extract evidence in the field and quickly report evidence for others to access. Susteen also took the device to crimes against children conferences for testing and feedback on its use for human trafficking cases.
To keep the cost of the device low enough for law enforcement agencies to equip multiple officers, the team designed the DataPilot 10 field acquisition device to leverage Susteen’s NIST-reviewed Secure View lab forensic software and be compatible with forensic lab tools from other manufacturers.
Cell data acquisition methods
The DataPilot 10 is a hand-held, easy-to-operate touch screen device that allows law enforcement officers to acquire cell phone data in criminal investigations, probation and parole, border protection, military use, correctional facilities, and situations where citizens may want to share their data.
The device can acquire data from any cell phone or tablet, whether iOS or Android-based. There are three ways data can be acquired from a target device.
Using one of the included cables to connect the DataPilot 10 to an Android or iOS device, the user can touch the prominent “acquire” icon to acquire all data on the cell phone or restrict it to specific data from a specific time:
- The Fast Acquisition method quickly gathers contacts, call history and text messages from the target phone within minutes.
- The robust Complete Acquisition method acquires contacts, call history, text messages, calendars, files, apps, images and deleted files.
- The Real-Time Acquisition method allows the user to capture and store a narrow subset of information by date or time frame, such as data from the last 30 minutes or 24 hours. This method is used for live situations where investigators need immediate access to the most pertinent evidence.
2. Optical Capture:
If the port on the target phone is not in working order, or a burner phone with only a charging port, an officer can capture screen shots off the phone using the camera embedded in the DataPilot 10. Using built-in optical character recognition (OCR), the device can then convert images of text on the screen into an editable text file that can be quickly searched for data that reveals certain keywords or names. The camera feature can also be used to document the scene where the cell phone was found or accessed.
3. Linked Screen Capture:
Like the acquisition method, the linked screen capture method requires a connection between the DataPilot 10 and the target device. However, linked screen capture can interact with the phone’s apps to access relevant conversations that are stored in a cloud-based encrypted messaging app rather than on the phone itself. Once the conversation is accessed and surfaced on the phone screen, the field acquisition device mirrors evidence directly from the target device in real time. The user can then capture the screen images directly to the Data Pilot 10 device. Those images can be translated by the OCR into a PDF with searchable text. Even if the phone’s battery is dead, if the port on the cell phone is working, the DataPilot 10 can be connected directly to the phone to charge it while acquiring evidence from it.
In a warrant situation, the officer can capture data off a person’s phone before the suspect can discard or turn off the phone. Once the cell phone data has been acquired, the user can offload the data to the lab wirelessly, via USB or Ethernet.
Hashed for data integrity
Built on the same technology as Susteen’s Secure View, the DataPilot 10 has a reporting feature that allows users to fully export and report on all information found on the phone, including pictures, videos, texts, calls and deleted data. Once acquired, the digital evidence is forensically “hashed” to provide an evidentiary chain of custody so any evidence presented in court can be identified, verified and authenticated as being tamper-proofed.
Housed in a rugged, water-resistant chassis, the DataPilot 10 is built to stand up to extreme weather conditions. It comes equipped with 3 different types of ports and cables for all three major types of phones, a power cord, 256 GB storage and 5000 milliamp battery.
An optional Techno Power Kit comes with a docking station with two USB ports and an Ethernet port, as well as a spare 5000 milliamp battery. If desired, device communications can also be locked so that updates are only made when the device is in the docking station.
Susteen’s goal with the DataPilot 10 is to make cell phone data acquisition easier, faster and more affordable. Because its intuitive design requires very little training, a law enforcement agency can avoid the high cost of training associated with other data acquisition technologies.
Its portability, affordability, powerful software and compatibility with any mobile device and forensic lab tools make the DataPilot 10 a robust addition to any agency’s forensic lab toolkit.