September 12,
2016
Digital Evidence in Distracted Driving Cases: Text Messages & Beyond
Texting-while-driving (TWD) is a
problem, but it’s more than just texting – the problem encompasses distractions
of all sorts related to mobile devices and more. One might go so far as to say it is the
traffic safety problem of the modern era.
With mobile devices increasing in connectivity, capability and features,
they have also socially engineered us to know everything, right now, all the
time. According to distraction.gov,
in 2014, 3,179 people were killed, and 431,000 were injured in motor
vehicle crashes involving distracted drivers.
Numbers from 2015 and 2016 will undoubtedly be higher. This means we have more criminal charges and
civil claims with regard to distracted driving both currently in the court
system and on the horizon than at any other time. And it’s not going to end.
But how do
prosecutors & civil litigators prove or refute these claims? The wonderful thing about on-the-go
connectivity is that it virtually always connects us! That means there’s a data trail somewhere
that is accessible to investigators and mobile forensic examiners in cases such
as these that perhaps the attorneys who litigate these cases don’t even realize
is available. We’ll explore a few of
them here:
Potential Evidence #1:
The Mobile Device
It’s
somewhat of a “no-brainer” that the mobile device itself can be a valuable
piece of evidence in proving or disproving distracted driving claims. However, while it’s simplistic to say “just
get the mobile device”, it really goes far beyond that. Different types of evidence are available on
different types of devices (i.e., Apple, Android, Windows, etc. phones). For instance, on an iPhone under the current
iOS version, if an encrypted backup extraction is performed on the iPhone via
Cellebrite or another capable mobile forensic tool, certain data on the device
can tell us what app used cellular data most recently, up to the second. This can be particularly useful if someone is
suspected of very distracted driving, such as watching a YouTube video or
taking a selfie while behind the wheel.
Other more
obvious data such as text message date & time stamps, read receipts, social
media postings postings and so forth can also prove valuable in proving
distracted driving claims. Just because
someone wasn’t texting at the time of an accident doesn’t mean that they weren’t
distracted. When the device logs a read
time down to the second, it evolves into even better evidence for your case.
Of course
data such as this depends on the mobile forensic expert in the case getting
ahold of the mobile device as soon as possible after the incident, which is
sometimes problematic, especially in civil cases. Data like this doesn’t last forever, so
incorporating a policy of getting ahold of the device and getting it to your
examiner as soon as possible is best.
But even if you can’t, the available data doesn’t end there…
Potential Evidence #2:
Cellular Call Detail Records
Call detail records can often be a
goldmine of evidence. But it’s helpful
to know what is and is not available from certain carriers. Some of the data is not reliable as you might
think, so a trained analyst is a necessary asset when call detail record
analysis is required or requested in your case.
While you may think cellular providers keep uniform sets of records
across the provider spectrum, unfortunately, they do not.
For example, AT&T will provide
(under appropriate subpoena or warrant) the cellular tower data for starting,
ending and all towers in between for calls made by a subscriber. Think about how useful that data can be… It
essentially provides a map of where the call started, how it progressed and
where & when it ended. However, data
usage (i.e., internet connection) records from AT&T are not deemed accurate
and AT&T doesn’t store any text messages in their system.
AT&T is just one example of the
varying types of available data. At a
minimum, each of the 5 U.S.-based cellular providers can give us call time,
sending/receiving numbers, starting & ending cell towers & subscriber
information. Most or all of them can
also provide cell tower sector information, which can help us map out which
side of a cell tower the user was “pinging” off. Put all of this information together with
data contained on the device and we start to put the pieces of the mobile
puzzle together to help prove or disprove any theories about what happened in
the distracted driving case.
Potential Evidence #3:
Online Service Provider Records
In every mobile or wireless
transaction, there needs to be three elements:
The sender (the device), the relay (cellular provider) and the
receiver. This may be in the form of
another user’s mobile device, but can also involve the online service provider,
such as Instagram, Facebook, Snapchat, etc.
All of these providers keep records about which subscriber connected,
the IP address from which they connected and even how long the connection
session may have been. Additionally,
they may even provide content if your warrant or court order requests it. Some of these providers may not honor civil
orders, so it warrants checking with their legal compliance teams to
verify. A simple query of the Internet
Service Provider (ISP) listing on the website search.org
usually provides up-to-date legal contact information for providers for
services including email, commercial & domestic internet service, cellular
carriers and social media service providers.
Special care and attention should be
put into the language of your warrant or court order (see our previous blog
with tips
here). Most providers will only give
you the information you ask for and will not assume that you are seeking a
piece of information or some data that is not explicitly stated in the warrant
or court order.
One More Thing…
Not only are
the phones “smart” these days, but the cars are too. With nearly every new vehicle sold on the
market today equipped with an “infotainment” system, the potential for increased
distraction is even higher. Infotainment
systems are nothing more than pared down computers, more like mobile devices
permanently installed in vehicles. As
such, they store data of all types and in a similar way. While Pro Digital does not currently offer
vehicle infotainment data extraction and analysis, this data and it’s growing
importance in distracted driving cases cannot be over stated. However, the mobile device (smart phone) that
connects to the infotainment system can be a great place to start! That data may tell us when it was connected
and even have details about text messages and other forms of data, depending on
the capabilities of the system. So get
the mobile device first and preserve the infotainment system as potential
evidence.
Wrapping it up
Distracted
driving has become the newest bugaboo in traffic safety. It’s a problem that crosses the legal
spectrum for both law enforcement and civil litigators. Much like DUI awareness and enforcement saw a
marked increase since the 1980’s, distracted driving will see the same focus as
it continues to have serious injuries and fatalities associated with it. Further, it is arguably harder to proactively
enforce than DUI, making it a much more reactionary problem.
But the
constant connectivity of mobile devices is an asset in these
investigations. By combining (at least)
these three suggested sets of data, the chronology and circumstances of the
incident become clearer, which only serves justice in the end.
Author:
Patrick J.
Siewert
Principal
Consultant
Professional
Digital Forensic Consulting, LLC
Virginia
DCJS #11-14869
Based in
Richmond, Virginia
Available
Globally
We Find the Truth for a
Living!
Computer Forensics -- Mobile Forensics -- Specialized
Investigation
About the Author:
Patrick Siewert is the Principal
Consultant of Pro Digital Forensic Consulting, based in Richmond,
Virginia. In 15 years of law
enforcement, he investigated hundreds of high-tech crimes, incorporating
digital forensics into the investigations, and was responsible for
investigating some of the highest jury and plea bargain child exploitation
investigations in Virginia court history.
A graduate of SCERS, BCERT, the Reid School of Interview &
Interrogation and multiple online investigation schools (among others), Siewert
continues to hone his digital forensic expertise in the private sector while
growing his consulting & investigation business marketed toward litigators,
professional investigators and corporations.
