|Cops love iPhone data trail
EVIDENCE NEVER DELETED | Criminals who use device may be left without alibi
Chicago Sun-Times | August 1, 2010
Detective Josh Fazio of the Will County Sheriff's Department loves it when an iPhone turns up as evidence in a criminal case.
The sophisticated cell phone and mobile computer is becoming as popular with police as it is with consumers because it can provide investigators with so much information that can help in solving crimes.
"When someone tells me they have an iPhone in a case, I say, 'Yeah!' I can do tons with an iPhone," said Fazio, who works in the sheriff's department high-tech crimes unit.
The iPhones generally store more data than other high-end phones -- and investigators such as Fazio frequently can tap in to that information for evidence.
And while some phone users routinely delete information from their devices, that step is seldom as final as it seems.
"When you hit the delete button, it's never really deleted," Fazio said.
The devices can help police learn where you've been, what you were doing there and whether you've got something to hide.
Former hacker Jonathan Zdziarski, author of iPhone Forensics (O'Reilly Media) for law enforcement, said the devices "are people's companions today. They organize people's lives."
And if you're doing something criminal, something about it is probably going to go through that phone:
• Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime.
• iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone that took it.
• Even more information is stored by the applications themselves, including
the user's browser history. That data is meant in part to direct custom-tailored
advertisements to the user, but experts said some of it could be useful
Clearing out user histories isn't enough to clean the device of that data, said John B. Minor, a member of the International Society of Forensic Computer Examiners.
Just as users can take and store a picture of their iPhone's screen, the phone itself automatically shoots and stores hundreds of such images as people close out one application to use another.
"Those screen snapshots can contain images of e-mails or proof of activities that might be inculpatory or exculpatory," Minor said.
• The keyboard cache logs everything that you type in to learn autocorrect so that it can correct a user's typing mistakes. Apple doesn't store that cache very securely, Zdziarski contended, so someone with know-how could recover months of typing in the order in which it was typed, even if the e-mail or text it was part of has long since been deleted.
Sometimes, the phones can help even if the case isn't a matter of life or death.
In Kane County, the sheriff's department used GPS information from one of the phones to help reunite a worried father with his runaway daughter, who was staying at a friend's house.
"His daughter felt comfortable at the house because she did not think her parents knew where she was, and she actually answered the door. She was a bit surprised as to the fact that [her] dad found her," said Lt. Pat Gengler, a spokesman for the sheriff's department.