Monday, September 12, 2016

Digital Evidence in Distracted Driving Cases: Text Messages & Beyond



September 12, 2016

Digital Evidence in Distracted Driving Cases: Text Messages & Beyond

Texting-while-driving (TWD) is a problem, but it’s more than just texting – the problem encompasses distractions of all sorts related to mobile devices and more.  One might go so far as to say it is the traffic safety problem of the modern era.  With mobile devices increasing in connectivity, capability and features, they have also socially engineered us to know everything, right now, all the time.  According to distraction.gov, in 2014, 3,179 people were killed, and 431,000 were injured in motor vehicle crashes involving distracted drivers.  Numbers from 2015 and 2016 will undoubtedly be higher.  This means we have more criminal charges and civil claims with regard to distracted driving both currently in the court system and on the horizon than at any other time.   And it’s not going to end.

But how do prosecutors & civil litigators prove or refute these claims?  The wonderful thing about on-the-go connectivity is that it virtually always connects us!  That means there’s a data trail somewhere that is accessible to investigators and mobile forensic examiners in cases such as these that perhaps the attorneys who litigate these cases don’t even realize is available.  We’ll explore a few of them here:

Potential Evidence #1: The Mobile Device

It’s somewhat of a “no-brainer” that the mobile device itself can be a valuable piece of evidence in proving or disproving distracted driving claims.  However, while it’s simplistic to say “just get the mobile device”, it really goes far beyond that.  Different types of evidence are available on different types of devices (i.e., Apple, Android, Windows, etc. phones).  For instance, on an iPhone under the current iOS version, if an encrypted backup extraction is performed on the iPhone via Cellebrite or another capable mobile forensic tool, certain data on the device can tell us what app used cellular data most recently, up to the second.  This can be particularly useful if someone is suspected of very distracted driving, such as watching a YouTube video or taking a selfie while behind the wheel. 

Other more obvious data such as text message date & time stamps, read receipts, social media postings postings and so forth can also prove valuable in proving distracted driving claims.  Just because someone wasn’t texting at the time of an accident doesn’t mean that they weren’t distracted.  When the device logs a read time down to the second, it evolves into even better evidence for your case.

Of course data such as this depends on the mobile forensic expert in the case getting ahold of the mobile device as soon as possible after the incident, which is sometimes problematic, especially in civil cases.  Data like this doesn’t last forever, so incorporating a policy of getting ahold of the device and getting it to your examiner as soon as possible is best.  But even if you can’t, the available data doesn’t end there…

http://www.drivesmartva.org/blog/vcu-pd-text-later-live-longer



Potential Evidence #2: Cellular Call Detail Records

Call detail records can often be a goldmine of evidence.  But it’s helpful to know what is and is not available from certain carriers.  Some of the data is not reliable as you might think, so a trained analyst is a necessary asset when call detail record analysis is required or requested in your case.  While you may think cellular providers keep uniform sets of records across the provider spectrum, unfortunately, they do not.

For example, AT&T will provide (under appropriate subpoena or warrant) the cellular tower data for starting, ending and all towers in between for calls made by a subscriber.  Think about how useful that data can be… It essentially provides a map of where the call started, how it progressed and where & when it ended.  However, data usage (i.e., internet connection) records from AT&T are not deemed accurate and AT&T doesn’t store any text messages in their system. 

AT&T is just one example of the varying types of available data.  At a minimum, each of the 5 U.S.-based cellular providers can give us call time, sending/receiving numbers, starting & ending cell towers & subscriber information.   Most or all of them can also provide cell tower sector information, which can help us map out which side of a cell tower the user was “pinging” off.  Put all of this information together with data contained on the device and we start to put the pieces of the mobile puzzle together to help prove or disprove any theories about what happened in the distracted driving case.


Potential Evidence #3: Online Service Provider Records

In every mobile or wireless transaction, there needs to be three elements:  The sender (the device), the relay (cellular provider) and the receiver.  This may be in the form of another user’s mobile device, but can also involve the online service provider, such as Instagram, Facebook, Snapchat, etc.  All of these providers keep records about which subscriber connected, the IP address from which they connected and even how long the connection session may have been.  Additionally, they may even provide content if your warrant or court order requests it.  Some of these providers may not honor civil orders, so it warrants checking with their legal compliance teams to verify.  A simple query of the Internet Service Provider (ISP) listing on the website search.org usually provides up-to-date legal contact information for providers for services including email, commercial & domestic internet service, cellular carriers and social media service providers.

Special care and attention should be put into the language of your warrant or court order (see our previous blog with tips here).  Most providers will only give you the information you ask for and will not assume that you are seeking a piece of information or some data that is not explicitly stated in the warrant or court order.



One More Thing…

Not only are the phones “smart” these days, but the cars are too.  With nearly every new vehicle sold on the market today equipped with an “infotainment” system, the potential for increased distraction is even higher.  Infotainment systems are nothing more than pared down computers, more like mobile devices permanently installed in vehicles.  As such, they store data of all types and in a similar way.  While Pro Digital does not currently offer vehicle infotainment data extraction and analysis, this data and it’s growing importance in distracted driving cases cannot be over stated.  However, the mobile device (smart phone) that connects to the infotainment system can be a great place to start!  That data may tell us when it was connected and even have details about text messages and other forms of data, depending on the capabilities of the system.  So get the mobile device first and preserve the infotainment system as potential evidence.
 
Wrapping it up

Distracted driving has become the newest bugaboo in traffic safety.  It’s a problem that crosses the legal spectrum for both law enforcement and civil litigators.  Much like DUI awareness and enforcement saw a marked increase since the 1980’s, distracted driving will see the same focus as it continues to have serious injuries and fatalities associated with it.  Further, it is arguably harder to proactively enforce than DUI, making it a much more reactionary problem.

But the constant connectivity of mobile devices is an asset in these investigations.  By combining (at least) these three suggested sets of data, the chronology and circumstances of the incident become clearer, which only serves justice in the end. 


Author:
Patrick J. Siewert
Principal Consultant
Professional Digital Forensic Consulting, LLC
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Globally


We Find the Truth for a Living!
Computer Forensics -- Mobile Forensics -- Specialized Investigation

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation investigations in Virginia court history.  A graduate of SCERS, BCERT, the Reid School of Interview & Interrogation and multiple online investigation schools (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6