Cell Phone Forensics

Carney Forensics began recovering cell phone text messages and contacts from old flip phones back in 2008. Over a decade has passed and hundreds of cell phones in our lab have given up their secrets. New powerful cell phone forensics tools have delivered breakthrough capabilities for evidence recovery from smartphones using iPhone and Android forensics services.

Cell Phones are Our Specialty

Our expert forensic examiners use cell phone forensics tools to recover evidence from over 39,000 makes and models of mobile devices. We also decode text messages, chat, and other evidence from over 731 unique mobile apps from your client’s iPhone or Android smartphone. We recover deleted and hidden evidence on every phone we examine. As a result, we have become experts at spoliation and fraud cases involving willful, intentional destruction of evidence.

We have learned to avoid reliance on just one mobile forensics tool to recover evidence. One tool is never, ever enough! So we use the four best cell phone forensics tools on the planet. We use all four with their different strengths to examine each cell phone that enters our lab to recover and decode absolutely all the mobile evidence on which your case may turn. If one tool, can’t find it, another will.

What Evidence Can Cell Phone Forensics Recover?

Our expert forensic examiners recover, examine, and produce evidence of many types including these categories:

Four Types of Cell Phone Evidence Explained

Cell phone evidence is digital evidence recovered forensically from smartphones and tablets.  Think Apple’s iPhones and iPads, also Android smartphones and tablets from manufacturers like Samsung, Motorola, and LG.  The phone book of contacts is basic mobile evidence.  A decade ago feature phones, sometimes called flip phones, contained a trivial amount of contact evidence. Those contacts contained a person’s name, a cell phone number, and usually nothing else.

Today’s smartphones are a cornucopia of rich information about the phone user’s contacts. They can be complex containing a person’s name, but also aliases, credentials, many phone numbers, email addresses, website addresses, social media accounts, street addresses, employment information, and so on.  The phone book of contacts becomes a directory of actors and players for use by the lawyer and his or her cell phone forensic examiner during the pendency of the case.

Call log evidence is a record of phone call metadata, not a voice audio recording of the call. It contains phone numbers to and from the smartphone often with a user’s name matching the phone number taken from the phone book of contacts.  It also contains a date and time stamp and the duration of the phone call in minutes and seconds.

When a phone user checks his or her voice messages those messages are downloaded to the smartphone from the cell phone service provider.  They are stored in the smartphone’s file system as live evidence, and when deleted by the phone user, they are often still recoverable. Sometimes the smartphone transcribes voice message recordings accurately and produces a textual record. When cases go to trial, we find recovered, admitted voice message audio is often persuasive in the courtroom, especially if deleted.

Device locations are important metadata taken from GPS evidence sourced from navigation satellites and stored in the smartphone.  Examiners find them in photographs, videos, navigation apps, also Wi-Fi networks, and other mobile apps like Facebook and Foursquare. One of our best mobile device forensic tools enriches device location metadata by inspecting Wi-Fi networks and cell tower sites stored in the smartphone and returning device locations for them too.

We Offer Advanced iPhone Forensics

America’s most popular iPhone smartphone has become a materially important source of best evidence for civil and criminal litigation. But the effectiveness of iPhone forensics to recover probative evidence was declining for a decade until a major, transformational advance introduced in 2020 marked the return of iPhone forensics.  This new forensic capability enables the recovery of vastly greater quantities of live and deleted iPhone evidence. It includes new forms of deeply probative evidence we now understand and are applying successfully in court cases.  Carney Forensics has invested heavily in several cell phone forensics tools to extract iOS evidence from the broadest range of iPhone and iPad models. Imagine how you might use breakthrough iPhone forensics to discover messages, email, documents, media, fitness and health, searches, Screen Time, and pattern of life evidence for advocacy on your next case?

We Offer Advanced Android Forensics

What about Android smartphones? 2020 and 2021 have also brought meaningful innovations to Google’s mobile platform available since 2005. We can now bypass many passwords and defeat encryption to get deeply probative extractions instead of relying on disappointing Android backups. And, like iPhones, we can recover abundant, deleted evidence and new databases which expose pattern of life and digital wellbeing evidence for judicial review. Carney Forensics has invested heavily in cell phone forensics tools to extract Android evidence from the broadest range of Samsung, LG, Motorola, OnePlus, and Google Pixel models. How might you take advantage of cutting edge Android forensics to recover messages, email, documents, media, fitness and health, searches, and more evidence for winning your next case?

We Can Handle Your Cell Phone, Glitches and All 

Whatever cell phone your client or opposing counsel may present, we can handle it. If it’s damaged, even waterlogged, we can repair it before examination. We can recover or bypass most passcodes that lock smartphones using bootloaders or more advanced techniques like JTAG, chip-off, and ISP. Our Android forensics services can often defeat an encrypted smartphone. And if the phone disappears, we have a long list of alternative evidence sources to discuss with you as we work together to develop a plan “B” for proving your case.


Cell Phone Forensics FAQs

What can be determined from digital evidence?

Digital evidence on a cell phone can help an attorney develop an evidence strategy that may determine his or her theory of the case and identify persuasive arguments. Producing the digital evidence in court and litigating it successfully can prove the client’s claims and defenses and win or advantageously settle the case.

How much does it cost to recover, examine, and produce evidence from a cell phone?

In the majority of legal cases, the examiner can recover and analyze the cell phone’s evidence and generate forensic tool reports for the legal team’s review for an average cost of $3,000 to $5,000. Each smartphone takes approximately 8 to 12 hours of lab time. Factors that go to cost include how much storage or memory capacity is built into the smartphone. How accessible the smartphone’s evidence is given possible damage, missing or incorrect passcodes, or data encryption. And how many hours of analysis are needed. Last, a critical factor is how many cell phone forensic tools are required to recover and analyze the material evidence upon which the dispute will turn, especially deleted or hidden evidence.

Where is evidence in mobile phones?

Most of the evidence will be found in the smartphone’s handset memory. Information related to the carrier and its cell tower network will be found in the SIM (Subscriber Identity Module) card. And media evidence like photographs and videos will be found on the microSD card for Android devices. But often the phone evidence is synchronized or backed up to online, cloud accounts like Apple iCloud and Google and can be recovered there.

Can you recover or bypass a cell phone’s passcode?

Often yes. Advanced capabilities are available for unlocking most iPhones except for late-model devices. The news is even better for Android smartphones. Cell phone forensics tools for Android models use bootloaders which can often bypass passcodes and extract the phone’s memory. The tools enable examiners to recover or even remove passcodes from many Android models. And examiners use advanced electronic acquisition techniques like JTAG, chip-off, and ISP extractions of phone memory to bypass passcode protection.

Can you recover deleted evidence from cell phones?

Generally yes. The type and amount of deleted evidence recovered from a cell phone depend on several factors including the make and model of the phone, how the cell phone was used, and the length of time since the evidence was deleted.

Can you recover evidence from mobile apps?

App evidence recovery from cell phones depends on the make and model of the cell phone and the particular app which is the target of the goal of the examination. Every third-party app records the user’s data in different ways. It is difficult to know whether deleted information can or cannot be recovered from an app without first analyzing the device and the app in question. The more popular the app, the better the chances to recover the evidence because of better support by more cell phone forensic tools.

How long does cell phone forensics take?

Usually just overnight to recover the evidence. If picked up locally, most examiners can usually return it the next day. If it is delivered to the lab by an overnight carrier, it usually takes a day or two. Please make sure all passcodes are available to the examiner and report any cell phone damage.

What is the first thing a forensic examiner should do in cell phone investigations?

Talk to the attorney or phone user to identify the device and then develop a plan of action for recovering its evidence. The attorney usually needs a deeply probative phone extraction to reveal deleted and hidden evidence. The phone user usually needs a quick and cost-effective recovery.

How do I send in the cell phone to the forensics lab?

Packaging the phone:
Put the phone into flight or airplane mode.
Power the cell phone off.
Wrap the device with 3 layers of aluminum foil to block it from talking to the network or cell towers.
Bubble wrap or foam wrap the phone to protect it during shipping.
What else to include in the box:
If you have the data cable and power charger, send them along with the phone.
Document any passcode or pattern lock for the phone.
Document any damage or missing parts such as a SIM card or a microSD card.
How to ship the phone:
Ship overnight with a signature required upon delivery to start the Chain of Custody.
Ship with a tracking number so the lab can locate the package in case of delay.