Cops love iPhone data trail

EVIDENCE NEVER DELETED!
Criminals, who use device,
may be left without alibi.


Chicago Sun-Times
August 1, 2010
By Amber Hunt
Gannett News Service with
Sun-Times reporter Dan Rozek


iPhones can help police learn, where you've been, what you
were doing there and whether you've got something to hide.
(Getty)

Detective Josh Fazio of the Will County Sheriff's Department loves it, when an iPhone turns up as evidence in a criminal case. The sophisticated cell phone and mobile computer is becoming as popular with police, as it is with consumers, because it can provide investigators with so much information, that can help in solving crimes.

"When someone tells me, they have an iPhone in a case, I say, 'Yeah!' I can do tons with an iPhone", said Fazio, who works in the sheriff's department high-tech crimes unit. The iPhones generally store more data, than other high-end phones — and investigators, such as Fazio, frequently can tap into that information for evidence.

And while some phone users routinely delete information from their devices, that step is seldom as final as it seems. "When you hit the delete button, it's never really deleted", Fazio said. The devices can help police learn, where you've been, what you were doing there and whether you've got something to hide.

Former hacker Jonathan Zdziarski, author of iPhone Forensics (O'Reilly Media) for law enforcement, said the devices "are people's companions today. They organize people's lives." And if you're doing something criminal, something about it is probably going to go through that phone:

  • Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law enforcement agents armed with search warrants can use those snapshots to see, if a suspect is lying about whereabouts during a crime.
  • iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone, that took it.
  • Even more information is stored by the applications themselves, including the user's browser history. That data is meant in part to direct custom-tailored advertisements to the user, but experts said, some of it could be useful to police.

Clearing out user histories isn't enough to clean the device of that data, said John B. Minor, a member of the International Society of Forensic Computer Examiners. Just as users can take and store a picture of their iPhone's screen, the phone itself automatically shoots and stores hundreds of such images, as people close out one application to use another. "Those screen snapshots can contain images of e-mails or proof of activities, that might be inculpatory or exculpatory", Minor said.

The keyboard cache logs everything, that you type in, to learn autocorrect, so that it can correct a user's typing mistakes. Apple doesn't store that cache very securely, Zdziarski contended, so someone with know-how could recover months of typing in the order, in which it was typed, even if the e-mail or text, it was part of, has long since been deleted.

Sometimes, the phones can help even, if the case isn't a matter of life or death. In Kane County the sheriff's department used GPS information from one of the phones, to help reunite a worried father with his runaway daughter, who was staying at a friend's house. "His daughter felt comfortable at the house, because she did not think, her parents knew, where she was and she actually answered the door. She was a bit surprised as to the fact, that [her] dad found her", said Lt. Pat Gengler, a spokesman for the sheriff's department.