How police can find your deleted text messages
LAS VEGAS (CNNMoney) – Think that a secure password and erasing your phone’s memory will protect sensitive information on your smartphone? Think again.
Smartphone forensics experts can retrieve just about anything from any phone. Police will often seize and analyze phones for evidence of things such as indecent photos and videos, what calls were placed when and to whom, browser history, calendar events and explanations of a suicide or murder.
All of that can be uncovered whether or not a user deleted it from their phone.
“It makes it much, much harder, but wiping a phone doesn’t always mean you can’t get the data,” said Courtney Lancaster, forensic analyst with IT consulting company TCS, at the CTIA wireless industry trade show in Las Vegas.
Forensic analysts have dozens of tools that allow them to access many layers of data on a device.
A so-called “physical” analysis can typically retrieve deleted information that is hidden deep within a smartphone’s memory. When a photo is saved, for example, the device’s operating system will typically store variations of that image in several different locations — a thumbnail view may still be available even if the original isn’t.
Media can be recovered with a physical analysis even if they have been delivered by Snapchat, a controversial app that sends photos or videos to a device for just seconds.
It takes a long time, Lancaster says, but scouring a smartphone’s file system bit by bit is usually worth the effort.
Realizing their smartphones could potentially serve as smoking guns in court, criminals will often attempt to destroy their phones. That can make a forensics expert’s job more difficult — but not impossible. Memory chips can often be retrieved and analyzed.
“Physical damage is not always the deal-breaker that it used to be,” said Lancaster. “Data is stored where data is stored, so we don’t care so much about the outer casing. Even water is not always a problem.”
Those are extreme circumstances, however. Usually, retrieving information from smartphones is a cinch.
With tools like Cellebrite’s forensic computer, law enforcement can simply plug in a phone and download the device’s memory to a flash drive in a matter of seconds. Passwords make the job take a bit longer, but forensic computers can crack codes or bypass them relatively quickly.
It’s not just law enforcement that uses Cellebrite: Best Buy relies on the tools to transfer data from customers’ old phones to new ones. There are also dozens of Cellebrite devices available on eBay, many of which are selling for less than $1,000. When new, Cellebrite tools can cost upwards of $10,000.