 |
| Sam Raincock from SRC is an IT and telecommunications expert witness specialising in the evaluation of digital evidence. She also provides training and IT security consultancy. |
Within the UK, details of past telephone connections are stored by the network providers. The minimum storage is advised by the Data Retention (EC Directive) Regulations [1][2]. However, each network provider is able to disclose different types of information about past connection activity and this availability also changes over time. As a result, it is important to be familiar with what connection record information may be available to your case so you can make appropriate requests to obtain access to it. Perhaps a useful strategy for companies undertaking connection record evaluation work would be to compile a procedure where your organisation will contact the network providers every 6 months to determine if anything has changed.
It is also important to note that the network providers will provide a ‘standard’ format of connection records if they are not directed regarding the information you require. My philosophy with network records is that if you don’t ask, you won’t get it!
Examining Connection Records
Most often the instructions received in connection charting matters are to compile charts of connection patterns of the telephones of interest in a case. This is generally over a certain time period and may also include a frequency analysis to determine how many connections have occurred with particularly numbers of interest. It may (especially in defence cases) also include questions about the meaning of connections and the possible circumstances of the calls/SMS messages.
Where connection records specialists are lucky, they are provided with the records in electronic format. Where they are ill-fated they obtain a file of 500+ pages in paper format and the electronic records are unavailable (very common in older cases).
With paper records, you have two options: transfer the records into electronic format (however, you are going to have to thoroughly validate that this has occurred correctly) or you will need to examine them by eye. Actually, dealing with paper connection records is a lot easier than it sounds as you become used to looking for patterns over time.
With electronic records, if you are using pivot tables to assist you in performing a frequency analysis of the connection behaviour to establish how many connections have been made with certain telephone number of interest, remember that a telephone number may be provided in the records in various formats. For example, 07777 111111 may also be provided as 447777 111111.
Also with electronic records – make sure you don’t suffer from sorting issues. Firstly, if you haven’t set your data to be the correct type (which can be an annoying activity in itself), sorting can produce unexpected results. And of course, there is also the old Excel sorting problem where you sort by column and don’t expand the selection to the other data values too, resulting in shuffling your original connection records table.
Although all these points may seem very basic, in my experience mistakes do occur in this type of processing. Another area for error is overlooking the obvious – the date being in the wrong format or the wrong number is searched for etc. Hence, the key when performing connection charting/analysis is to validate, validate, validate and assume nothing...
Read more at http://www.forensicfocus.com/sam-raincock
No comments:
Post a Comment