Mobile Device Forensics
How much does it cost for the acquisition and analysis of evidence from a mobile phone?
In the majority of cases we can acquire and process the phone’s evidence and generate tool analysis reports for between $2,500 to $3,000. Our hourly rate is $250 and each phone takes approximately 10 to 12 hours of lab time.
Can you bypass a phone’s passcode?
Often yes. Our mobile device forensic tools use bootloaders which can often bypass passcodes and extract the phone’s memory. Our tools can also remove passcodes from some phones. And we often use JTAG, chip-off, and ISP extractions of phone memory to bypass passcode protection.
Can you recover evidence from apps on a mobile device?
Yes, it’s our specialty. App evidence recovery from mobile devices depends on the make and model of the phone and the particular app which is the target of the goal of the examination. Every third party app records user-generated data in different ways. It is hard to state that deleted information can or cannot be recovered from a specific app without analyzing both the device and the app in question. The more popular the app, the better the chance is to recover the evidence because of support by more mobile device forensic tools.
Can you recover deleted evidence from a mobile phone?
Generally yes. The type and amount of deleted evidence recovered from a mobile phone depends on several factors: Make and model of the phone, usage of phone since the deletion, and length of time since deletion. Regrettably, we cannot guarantee all deleted evidence can be recovered from a mobile phone.
How long will my client need to give up their phone?
Usually just overnight. If we pick it up late afternoon, we can have it back by first thing in the morning. Please make sure all passcodes are available to us and the phone is not damaged.
What is computer forensics?
Computer forensics involves identifying, preserving, collecting, processing, analyzing, and reporting on digital evidence using highly sophisticated software and hardware tools and scientific methods acceptable in courts of law. Computer forensics when done properly changes no evidence on a computer, its hard drive, or other storage device.
Do you perform acquisitions of computer evidence on site at a client’s business?
Yes, we will collect on site, often after hours or on weekends, at the convenience of the client. We prefer to do the analysis our lab which is more cost effective.
How much does a computer forensic acquisition and analysis cost?
It’s difficult to accurately estimate total costs upfront. There are many unknown factors and analysis opportunities to consider before evidence collection and preliminary analysis. Carney Forensics strives to provide the best service in the most cost-effective manner. From the initial call through final reports or courtroom testimony, our experts work closely with each client to ensure they have the information they need to make good decisions and prioritize analysis opportunities and weigh costs against benefits throughout the investigation or matter.
What do you charge to image a hard drive?
Hard Drive $750 Flat Fee.
Forensic image of one (1) storage device at Carney Forensics lab facilities not to exceed 1 TB, including three months of secure storage for image (physical media is returned to the client). Also includes Files List spreadsheet by e-mail. If image exceeds 1TB, an additional charge of $1/GB will be assessed. This price includes Chain of Custody documentation.
SD Card / Memory Card / Flash or Thumb Drive $250 Flat Fee.
Forensic image of one (1) storage device at Carney Forensics lab facilities not to exceed 64GB, including three months of secure storage for image (physical media is returned to the client). Also includes Files List spreadsheet by e-mail. If image exceeds 64GB, an additional charge of $1/GB will be assessed. This price includes Chain of Custody documentation.
Shipping: UPS or FedEx ground shipping of media to or from MN is standard. If client wants faster shipping, we will calculate rates and bill client for costs.
What are examples of digital evidence?
Digital evidence has been critical to our clients’ cases including operating system and app artifacts which establish or support claims of theft of intellectual property, document forgery, evidence spoliation, text message deletion, and existence of an alternate perpetrator. For more specific examples of digital evidence, please see the Carney Forensics case studies.
What do you charge for storage of evidence?
Carney Forensics will store client’s data for three months at no charge. If you would like us continue to store your data, we charge $50 per month.
How long do computer forensic examinations take?
The answer depends on numerous factors. This is why it’s important to call us and talk to our project manager about the evidence to be recovered. Once we understand your case and the evidence you need, we can give you a ballpark estimate. The volume of data on the devices, how much searching and filtering is needed, and what other analyses are required will influence the time required.
What is Cloud Forensics?
According to NIST:
Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e., cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi- tenant situations.
According to Darshik Jariwala (March 20, 2013):
Cloud Forensics is cross-discipline between Cloud Computing and Digital Forensics. Cloud Forensics is actually an application within Digital Forensics which oversees the crime committed over the cloud and investigates it. Cloud computing is based on a huge network, which spreads globally. Hence, Cloud Forensics is said to be a subset of Network Forensics. The basic technique remains as the forensic investigation of a network.
My client’s phone is damaged and will not power up. Can you collect the data from cloud accounts connected to the phone?
Generally, yes. Even if the phone is damaged or not physically available, we can collect large amounts of data, sometimes exceeding that which is available on the phone. Cloud collection requires legal authority and proper authentication credentials to access the cloud evidence.
Is my client’s GPS data stored in his or her cloud account?
Often it is. Apple iCloud accounts, if connected to the iPhone, store photos and videos captured with its camera. Those photos and videos often contain embedded GPS coordinates. Also app data from many iPhone apps is stored in the connected iCloud account and sometimes includes GPS coordinates. Think the Apple Maps app and others.
Google accounts also store photo, video, and app data for connected Android smart phones. Google Maps is a popular app with GPS coordinates. But Google accounts support another avenue to harvest GPS data. The Google Timeline for connected Android apps is stored in the cloud account and generally contains Google Location History for places the phone has been, sometimes for years.
How can I be sure my client’s digital device will be admissible in court?
For more than a decade of admitting evidence in federal and state courts all over the country we have never had our evidence denied. We maintain a strict chain of custody with foundation and photograph all of our devices. We record strict lab notes of our examinations.
Do you have an expert witness that can testify for me in court?
Yes, John Carney, Esq. is our expert witness who testifies in court for our cases. He is an attorney, licensed in state and federal court, and has a Bachelor’s of Science degree from MIT and a J.D. from Mitchell Hamline School of Law. He is a voting member of the American Academy of Forensic Sciences.
How do we know if a digital forensics company is qualified?
It is essential to review the CVs of the digital forensic examiners. Do they have training and certifications for the top mobile, computer and cloud forensic tools? How many years’ experience do they have in performing forensics examinations? How many and on what types of cases have they worked? How often have they testified in court? An expert should be happy to share their experience, credentials, and references.
Can you help me with the technical language for a subpoena, court order, or preservation of evidence?
Yes. Our forensic experts can assist counsel in drafting language that will allow us to collect all the evidence in your case whether it’s mobile, computer, cloud, or cell towers. Few lawyers have both the technical and legal knowledge to craft these legal documents.
How do I hire you?
Carney Forensics is normally engaged by attorneys on behalf of their clients. Once we have the details of your case, we will check for any conflicts of interest with the parties. If none exist, we will send our service agreement to your attorney for his review and signature.