Cell Phone Forensics and What It Can Mean For Your Case

Carney Forensics’ cell phone experts began recovering text messages and contacts from old flip phones back in 2008. Over a decade has passed and hundreds of cell phones in our lab have given up their secrets. New powerful cell phone forensics tools have delivered breakthrough capabilities for evidence recovery from smartphones using iPhone and Android forensics services. Cell phones have become the new DNA with the power to recover compelling, truthful evidence in proof of cases in courts across America.

Cell Phones are Our Specialty

Our cell phone experts use cell phone forensics tools to recover evidence from over 39,000 makes and models of mobile devices. We also decode text messages, chat, and other evidence from over 731 unique mobile apps from our client’s iPhone or Android smartphones. We recover deleted and hidden evidence on every phone we examine. As a result, we have become experts at spoliation and fraud cases involving willful, intentional destruction of evidence.

We have learned to avoid reliance on just one mobile device forensics tool to recover evidence. One tool is never enough! So our cell phone experts use the four best cell phone forensics tools on the planet. They have different strengths to examine each cell phone that enters our lab to recover and decode absolutely all the mobile evidence on which your case may turn. If one tool can’t find it, another will.

What Evidence Can Cell Phone Forensics Recover?

Our cell phone investigators recover, analyze, and produce evidence of many types including these categories:

Text Messages and Attachments
Phone Book of Contacts
Voice Calls and Voice Mail Messages
Email Messages and Attachments
Social Media Posts, Direct Messages, Photos, and Videos
Device Locations, Location History, and Maps
Internet Accounts and Browser History
User Search Activity (Google, Bing, Yahoo)
Photographs and Videos with GPS Locations
Apps Data and Permissions
Fitness Activity and Health Information (Pulse and Energy)
Financial Accounts, Credentials, and Digital Documents
Cryptocurrency Assets like Bitcoin

Four Types of Cell Phone Evidence Starting with Phone Book of Contacts

Cell phone evidence is digital evidence recovered forensically from smartphones and tablets. Think Apple’s iPhones and iPads, also Android smartphones and tablets from manufacturers like Samsung, Motorola, and LG. The phone book of contacts is basic mobile evidence. A decade ago, feature phones, sometimes called flip phones, contained a trivial amount of contact evidence. Those contacts contained a person’s name, a cell phone number, and usually nothing else.

Today’s smartphones are a cornucopia of rich information about the phone user’s contacts. They can be complex, containing a person’s name but also aliases, credentials, many phone numbers, email addresses, website addresses, social media accounts, street addresses, employment information, and so on. The phone book of contacts becomes a directory of actors and players for use by the lawyer and his or her cell phone forensic expert during the pendency of the case.

Call Logs

Call log evidence is a record of phone call metadata, not a voice audio recording of the call. It contains phone numbers to and from the smartphone, often with a user’s name matching the phone number taken from the phone book of contacts. It also contains a date and time stamp and the duration of the phone call in minutes and seconds.

Voice Messages

When a phone user checks his or her voice messages, those messages are downloaded to the smartphone from the cell phone service provider. They are stored in the smartphone’s file system as live evidence, and when deleted by the phone user, they are often still recoverable. Sometimes the smartphone transcribes voice message recordings accurately and produces a textual record. When cases go to trial, our expert witnesses find recovered, admitted voice message audio is often persuasive in the courtroom, especially if deleted.

Device Locations

Device locations are important metadata from GPS evidence sourced from navigation satellites and stored in the smartphone. Cell phone investigators find them in photographs, videos, navigation apps, also Wi-Fi networks, and other mobile apps like Facebook and Foursquare. One of our best mobile device forensic tools enriches device location metadata by inspecting Wi-Fi networks and cell tower sites stored in the smartphone and returning device locations for them too.

We Specialize in Advanced iPhone Forensics

America’s most popular iPhone smartphone has become a materially important source of best evidence for civil and criminal litigation. But the effectiveness of iPhone forensics to recover probative evidence was declining for a decade until a major, transformational advance introduced in 2020 marked the return of iPhone forensics. This new forensic capability enables the recovery of vastly greater quantities of live and deleted iPhone evidence. It includes new forms of deeply probative evidence we now understand and apply successfully in court cases. Carney Forensics has invested heavily in several cellphone forensics tools to extract iOS evidence from the broadest range of iPhone and iPad models. Imagine how you might use breakthrough iPhone forensics to discover messages, email, documents, media, fitness and health, searches, Screen Time, and pattern of life evidence for advocacy on your next case.

We Offer Advanced Android Forensics

What about Android forensics? 2023 has also brought meaningful innovations to Google’s mobile platform available since 2005. We can now bypass many passwords and defeat encryption to get deeply probative extractions instead of relying on disappointing Android backups. And, like iPhones, cell phone experts can recover abundant, deleted evidence and new databases using Android forensics which exposes pattern of life and digital wellbeing evidence for judicial review. Carney Forensics has invested heavily in mobile device forensics tools to extract Android evidence from the broadest range of Samsung, LG, Motorola, OnePlus, and Google Pixel models. How might you take advantage of cutting-edge Android forensics to recover messages, emails, documents, media, fitness and health, searches, and more evidence for winning your next case?

We Can Handle Your Cell Phone, Glitches and All

Whatever cell phone your client or opposing counsel may present, cellphone experts at Carney Forensics can handle it. If it’s damaged, even waterlogged, we can repair it before the examination. We can recover or bypass most passcodes that lock smartphones using bootloaders or advanced techniques like JTAG, chip-off, and ISP. Our Android forensics services can often defeat an encrypted smartphone. And if the phone disappears, we have a long list of alternative evidence sources to discuss with you as we work together to develop a plan “B” for proving your case.

Submit Your Case

Cell Phone Forensics FAQs

What can be determined from cell phone evidence?

Digital evidence on a cell phone can help an attorney develop an evidence strategy that may determine his or her theory of the case and identify persuasive arguments. An expert witness can produce and testify to the cell phone evidence in court. Litigating it successfully can prove the client’s claims and defenses and win or advantageously settle the case.

How much does it cost to recover, examine, and produce evidence from a cell phone?

In the majority of legal cases, the cell phone investigator can recover and analyze the cell phone’s evidence and generate forensic tool reports for the legal team’s review for an average cost of $3,000 to $5,000. Each smartphone takes approximately 8 to 12 hours of lab time. Factors that go to cost include how much storage or memory capacity is built into the smartphone. How accessible the smartphone’s evidence is given possible damage, missing or incorrect passcodes, or data encryption. And how many hours of analysis are needed. Last, a critical factor is how many cell phone forensic tools are required to recover and analyze the material evidence upon which the dispute will turn, especially deleted or hidden evidence.

Where is evidence in mobile phones?

Most of the evidence will be found in the smartphone’s handset memory. Information related to the carrier and its cell tower network will be found in the SIM (Subscriber Identity Module) card. And media evidence like photographs and videos will be found on the microSD card for Android devices. But often the phone evidence is synchronized or backed up to online, cloud accounts like Apple iCloud and Google and can be recovered there.

Can you recover or bypass a cell phone’s passcode?

Often yes. Advanced capabilities are available for unlocking most iPhones except for late-model devices. The news is even better for Android smartphones. Cellphone forensics tools for Android models use bootloaders which can often bypass passcodes and extract the phone’s memory. The tools enable cell phone investigators to recover or even remove passcodes from many Android models. And they use advanced electronic acquisition techniques like JTAG, chip-off, and ISP extractions of phone memory to bypass passcode protection.

Can you recover deleted evidence from cell phones?

Generally yes. The type and amount of deleted evidence recovered from a cell phone depend on several factors including the make and model of the phone, how the cell phone was used, and the length of time since the evidence was deleted.

Can you recover evidence from mobile apps?

App evidence recovery from cell phones depends on the make and model of the cell phone and the particular app which is the target of the goal of the examination. Every third-party app records the user’s data in different ways. It is difficult for the cell phone expert to know whether deleted information can or cannot be recovered from an app without first analyzing the device and the app in question. The more popular the app, the better the chances to recover the evidence because of better support by more cell phone forensic tools.

How long does cell phone forensics take?

Usually just overnight to recover the evidence. If picked up locally, Carney Forensics’ courier can usually return it the next day. If it is delivered to the lab by an overnight carrier, it usually takes a day or two. Please make sure all passcodes are available to the cell phone expert and report any cell phone damage.

What is the first thing a phone forensic expert should do in a cell phone investigation?

Talk to the attorney or phone user to identify the device and then develop a plan of action for recovering its evidence. The attorney usually needs a deeply probative phone extraction to reveal deleted and hidden evidence. The phone user usually needs a quick and cost-effective recovery.

How do I send in the cell phone to the forensics lab?

Packaging the phone:
Put the phone into flight or airplane mode.
Power the cell phone off.
Wrap the device with 3 to 5 layers of aluminum foil to block it from talking to the network or cell towers.
Bubble wrap or foam wrap the phone to protect it during shipping.
What else to include in the box:
If you have the data cable and power charger, send them along with the phone.
Document any passcode or pattern lock for the phone.
Document any damage or missing parts such as a SIM card or a microSD card.
How to ship the phone:
Ship overnight with a signature required upon delivery to start the Chain of Custody.
Ship with a tracking number so the lab can locate the package in case of delay.