Friday, May 22, 2009

3-D TV on Mobile Phones

3-D TV on Mobile Phones



.
This is an interesting European funded research project which began January 2008 called MOBILE3DTV. The purpose of the project is to demonstrate the viability of the new technology of mobile 3DTV. The project develops a technology demonstration system for the creation and coding of 3D video content, its delivery over DVB-H (Digital Video Broadcasting - Handheld) and display on a mobile device.
.
Historical background
Despite the images it evokes of high-tech wizardry, rudimentary 3-D technologies have been around practically since the dawn of filmmaking. The first ever attempt came in 1890, when the British film pioneer William Friese-Greene invented a process in which two films were projected side by side on screen, and the viewer looked through a stereoscope to converge the two images. As early as 2003, Sharp launched a 3-D mobile phone in Japan and Korea’s SK Telecom launched a 3-D phone – from Samsung – in 2007, and Japan’s Hitachi just launched one in 2009. Apple’s iPhone also supports three-dimensional television, but can currently only be viewed with special glasses. Mobile3DTV is developing the core elements of the next generation of three-dimensional television for mobile devices.
.
Technical specifications
The major challenge has been choosing the optimal format for representing 3-D video for mobile delivery and for that reason, the project decided to build its system around the EU standard known as Digital Video Broadcasting – Handheld (DVB-H). Further challenges to provide comfortable and enjoyable 3-D viewing were overcome by employing what is being termed as the so-called "auto-stereoscopic displays". In essence the displays apparently remove the need to wear those awkward Blue Lense/Red Lense cardboard glass that are dished out in childrens magazines that gives the viewer of an image that look elevated and solid from off the page.
.
According to the research “Auto-stereoscopic displays use additional optical elements aligned on the surface of an LCD, to ensure that the observer sees different images with each eye.” Moreover, as mobile devices are normally watched "by a single observer, two independent views are sufficient for satisfactory 3-D perception.”
.
ICT Results EU Research material here:
.
Further research material here:

Wednesday, May 20, 2009

UK Criminal Evidence Delays

UK Criminal Evidence Delays
.

Due to delays in passing evidence to the defence certain building blocks of evidence used against a defendant are not being held by the prosecution, but worst still, the expert who obtains, for instance the tests and results, holds on to them because they claim their client (the Police) haven't made that a term of the instructions to pass them over. The police say they don't need to have it because the expert hasn't said it's necessary so they wont ask for it.
.

So what makes me and others think that we should expect, as a requirement, all the mobile telephone/cell site analysis evidence upfront from the prosecution and why do we think, as a requirement, the prosecution have a lawful duty to have obtained all the evidence from their expert, in order to meet the first requirement?
.

It is the lawful duty, so we are told, of the prosecution to look at, examine and retain a copy of all evidence (e.g. tests and results) and to conduct an assessment of risk, which is the principle enunciated in the "Golden Rule" by none other than Lord Bingham.
.

Examiners/Experts at common law are no longer entitled or permitted to arbitrarily withhold any evidence from their work in a case but are required to produce to the prosecution an index of all used and unused material they are holding which should replicate the actual physical copy of evidence given to the prosecution. So for a case involving mobile telephone/cell site analysis that would mean:
.

1) written instructions of work to be undertaken
.

2) call records/subscriber details
.

3) cell site details and data
.

4) GPS/CCTV evidence
.

5) handset/SIM (USIM) data and report
.

6) copy of the actual radio test measurement results obtained at site and presented in a visible, legible and intelligible format (with the electronic file of the original radio test measurements to accompany them)
.

7) copy of the expert's analysis of the results, report and any supporting exhibits
.

8) copy of written questions to and written responses from the mobile network operator
.
9) material considered and unused material and/or material disgarded as not relevant
.

.......and so on.
.

This enables the prosecution to sit down and examine what is on file put before them by the examiner/expert (usually the data can be recorded onto a CD costing less than £1.00) and all the material on CD and/or in paper form are identified on a tick sheet. The prosecutor/prosecution should then avail him/herself/themselves of the knowledge of that material by familiarisation with the information on the CD and/or in paper form. As some information may not be readily understood the examiner/expert should be called (by phone, written or in a meeting) to explain material or information not understoood. The risk assessment can then be made.
.

It is equally understood that the right of the defence to investigate the evidence held against a defendant was and is to stop cases being brought against anyone where evidence was being withheld, in a deliberate or clandestine fashion, in order to meet the principles of ECHR (Foucher v France). No evidence on file can be withheld from a defendant and no steps should be taken to find mechanisms to avoid holding or hiding evidence from the defendant. For the avoidance of doubt, I am not referring to public interest immunity (PII) information, which is another matter entirely.
.

So it is easy to see the principles enunciated by Lord Bingham in the Golden Rule contain impeccable logic and foresight. The Golden Rule requires the prosecution to logically assess that it has a complete copy of the evidence e.g. tests and results and if they were not held by the prosecution:
.
A) How would it be possible for the prosecution to conduct a risk assessment without the full evidence made available to them from their examiner/expert?
.
B) What happens, for instance, if the examiner/expert dies and no one can find the test results?
.

.... and the list goes on.
.

So what are the current delays? Whenever asking for standard mobile telephone evidence, for instance items such as cell site radio test measurement data or ask for corroboration of enquiries to and written responses from the mobile operator, the prosecution do not readily hold the evidence and massive delays ensue until just before going before the Judge part of the evidence suddenly emerges and then the defence are left to hurry an examination of that evidence.
.

I have a case on right now where I requested evidence on the 6th March 2009 and apart from the prosecution correcting mistakes in their material which the defence had to point out to make any sense of what the prosecution's evidence was meant to mean, the other corrobating information expected to be found in the file or CD under the Golden Rule principle and could/should have have been disclosed up front in March, this still has NOT been served. For instance, the radio test results have still not been served along with other information.
.

These delays impact by causing problems for the defence in many ways. Some examples are:
.

i) Defence experts are expected to tidy up the technical errors and mistakes (not typos though) with the prosecution's evidence. This implicitly means though that defence experts are acting as quasi-prosecution experts. These errors and mistakes are red-herrings though and occupy defence time to put them right, so by the time the requested evidence comes through the trial date is upon us and then the defence have limited time to conduct a proper and orderly analysis, which implicitly means the defence are equally being cajoled into overlooking some evidence or make mistakes due to being rushed.
.

As a side matter that is also concerning. If by chance some were to suggest that the observation about quasi-prosecution experts is not true, then consider this. If defence experts were to write reports delivered at court before the jury identifying all the inherent technical flaws and what evidence had not been served or served late just before/at trial, a defence expert would be more likely to get a reprimand from the Judge for wasting time and for not raising it sooner. In the alternative, the prosecution would go away correct the mistake and put version 4 of the evidence before the jury. It still means the same thing though, that defence experts are being placed into the position of acting as quasi-prosecution expert because the work they do identifying those corrections will be used against a defendant. My natural instincts tell me this is an appaulling breach of human rights. It will take someone with a far greater mind than mine, maybe even Lord Bingham, himself, to put that in the appropriate legal context highlighting that injustice in the current criminal evidential procedures.
.
Additional note: When mentioning human rights and injustice, my comments are not intended to campaign to get criminals off, my intentions are clearly about the rules that define how evidence should be presented and the roles people play in that process and about evidence generally. It is also about safeguarding our rights, our childrens' rights and our families' right to a fair trial in Britain, as opposed to deciding who gets the better court case based upon who understands what evidence should have been presented at the outset.
.

ii) The discussion being raised is not about where mobile telephone evidence suddenly becomes relevant just before or during a trial and taking everyone by surprise, it is where the evidence has already been examined and the delays to present the evidence to the defence means changes that can be happening in the radio network or the operator deletes data after a period of time prevents the defence from pursing lines of investigation of their own or conducting tests. The delays muddy the waters for the defence to properly do their job.
.

iii) Where the defence expert is prevented from knowing the weight of the technical case against a defendant it means the defence expert cannot properly advise the defence solicitors. More importantly this handcuffs the defendant from knowing the prima facie case against him or her.
.

iv) Another matter which is causing headaches: by the prosecution's actions of delaying service of evidence which they already hold (Golden Rule requirement) but they choose not to disclose for months on end impacts as defence experts cannot afford the time locked to a case over a long period. More importantly, as cases that run for months and months means the defence expert is not being paid until the end of the case it is just not financially viable for the defence expert to take the work. Consequently defence experts are being driven out. It should be noted also defence experts have no powers to demand evidence, we can only ask. This means that we are left to correct the prosecution technical errors and point out in advance the missing evidence (see - i) quasi-prosecution expert, above).
.
These evidential delays have not just started but have been going on, and with increased regularity, long before the recession started, so the recession is not the reason for the delay occurrences. The delays are not stated in procedural requirements and are not stated to be accepted because they (the delays) are usual, standard practice. The remedy to make these problems to go away is absolutely clear and easy to achieve and that is for the prosecution to stop the delays in serving evidence and present it up front, without delay, in every case using the Golden Rule evidential acquisition process needed in order to conduct a risk assessment. The CD/paper work can then be immediately passed to the defence without delay.
.
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
UPDATE
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
Just wanted to add an extra piece to this discussion that I had considered when forming my observations.
.
The case in point deals with fairness, not simply from a defence view point but prosecution, too. When requesting evidence it is a 'requirement' of the defence expert (thus defence) if, during examination and analysis, there is something wrong with the evidence or there is evidence missing that the defence expert should ask for it no matter how late in the day.
.
That is because if the defence expert doesn't ask for it the defence cannot request it and it could lead to an unfair trial. So when it is thought I am giving the prosecution a hard time over requesting evidence and asking them where is this particular piece of evidence that they would naturally need in order to know whether, say have the Masts changed or not before testing, it is not my intention to make someone look bad, or imply they don't know what they doing or in some way create difficulties.
.
As an expert there is a requirement to inform the defence, whether they like it or not, tedius or not, the expert must put it to them and seek the evidence or understanding about the evidence. That is because it is the duty of the defence to raise it to the prosecution so that prosecution are given a fair chance to deal with the request.
.
For the discussion in this thread it took account of the Gleeson principle, which I record below.
.
Testing the evidence: In our adversarial system, the defence, of course, are entitled to exploit adventitious faults and failings by the prosecution. Auld LJ in his Report of the Criminal Courts Review incorporated into his judgment in the case of Gleeson [2003] EWCA Crim 3357 at paragraph 36, in which he said:
.
"To the extent that the prosecution may legitimately wish to fill possible holes in its case once issues have been identified by the defence statement, it is understandable why as a matter of tactics a defendant might prefer to keep his case close to his chest. But that is not a valid reason for preventing a full and fair hearing on the issues canvassed at the trial. A criminal trial is not a game under which a guilty defendant should be provided with a sporting chance. It is a search for truth in accordance with the twin principles that the prosecution must prove its case and that a defendant is not obliged to inculpate himself, the object being to convict the guilty and acquit the innocent. Requiring a defendant to indicate in advance what he disputes about the prosecution case offends neither of those principles."
.
Some important words there are "....once issues have been identified by the defence statement....." and "Requiring a defendant to indicate in advance". How can that be done if the defence expert has seen errors or omissions in the prosecution evidence but then goes on not to ask for those gaps to be filled?
.
The problem here will be that where evidence is trickle fed to the expert s/he will always be tactically put on the back foot so as not to catch up, thus potentially failing the principle whereas if all the evidence is disclosed up front would that problem still exist?

Sunday, May 17, 2009

Prisoner - 60 years sentence for having a cellphone

Prisoner - 60 years sentence for having a cellphone
.
Derrick Ross, a prisoner at Coffield unit correctional facility received a 60 years sentence, according to a staff report in The Palestine Herald newspaper on the 14th May 2009, for being in possession of a cellphone whilst serving sentences at the correctional facility for other crimes.
.
According to the Herald: "Ross was found to be a habitual offender (on three different occasions he stole cars), the range of punishment for having a cell phone in a correctional facility was 25 years to 99 years or life. Normally the range of punishment would be 2 to 10 years.
.
A sentence of 60 years is one of the highest sentences in the state that has been handed down by a jury for possession of a cell phone in prison."
.

X12 Stun Gun Freezes People at 88 Feet Away

X12 Stun Gun Freezes People at 88 Feet Away
.
Promoted through Gizmodo and The Raw Feed and announced by Taser International this is another offering of how to zap people, but this time it claims to be painless, apparently. "The X12 is the latest stun gun which can fire a jolt through the air wirelessly through nonlethal bullets which can cut through clothing to paralyze a perpetrator within an effective range of 88 feet. Good thing is that this paralysis occurs without pain." That last bit about says it all, doesn't it.
.

Photo courtesy of Gizmodo
.
Looking like a para-military toy one would buy from Hamleys or Toys-R-Us the X12 is the real deal. Hopefully it will not end up in the hands of the wrong people after shipments start in June 2009. Maybe someone should tell the shipping firm not to sail in areas where there are Pirates.
.
Wont be long now and they'll have these wireless stun bullets being fired from mobile telephones. You can imagine it, can't you, after the footie on a Saturday and it all kicks-off down at the local pub. Tables over turned and everyone has a stun-out at the OK Corral Saloon. Officer attends and says: " 'ello 'ello 'ello, what's goin' on 'ere then? Right now, who started it?". All point to one individual and say: "Him, we call him Clint." Officer: "Why do you call him Clint?" "Well, officer, he's the man with no name, isn't he."
.

A808 Watch Phone With Bluetooth

A808 Watch Phone With Bluetooth
.
The spec for the A808 Tri-band (GSM 900 / 1800 / 1900 MHZ), GPRS and Bluetooth connectivity, a 1.3 inch touch screen and interestly not only keyboard but handwritten input. Additionally it comes with an MP3 / MP4 multimedia player and FM radio. And it's made in China.
.
.
The SIM is underneath the back cover and the cover carries an Apple-logo. Anyone examined this fancy goods style watch mobile telephone before and if so can you please send an email to me (to the email address located at the top my blogspot page) to let me know of any useful programs for downloading data via bluetooth. Thanks.
.

A808 Watch Phone With Bluetooth

A808 Watch Phone With Bluetooth
.
The spec for the A808 Tri-band (GSM 900 / 1800 / 1900 MHZ), GPRS and Bluetooth connectivity, a 1.3 inch touch screen and interestly not only keyboard but handwritten input. Additionally it comes with an MP3 / MP4 multimedia player and FM radio. And it's made in China.
.
.
The SIM is underneath the back cover and the cover carries an Apple-logo. Anyone examined this fancy goods style watch mobile telephone before and if so can you please send an email to me (to the email address located at the top my blogspot page) to let me know of any useful programs for downloading data via bluetooth. Thanks.
.

Friday, May 15, 2009

Undercover Officer Down, how might SIM Access Control Class help? Part 1

PART 1: Undercover Officer Down, how might SIM Access Control Class help?
.
The following is a scenario created to help examiners and experts know more about how to determine what data in SIM/USIM elementary files can mean and to appreciate what is required to be understood before examining SIM/USIM and giving evidence. Computer forensics has made a significant contribution to data recovery that can be used for harvesting data from mobile telephones and SIM cards, however data recovery is only one element of mobile telephone evidence and is not ‘the evidence’ to be considered in isolation to everything else.
.
Moreover, an examiner and an expert are expected to usefully advise with respect to investigations where data obtained from mobile telephones and SIMs/USIMs are involved, so, here to, this scenario will hopefully open examiners' and experts' eyes to new ways of considering data. What the law of evidence wants to know is, provided the data recovered is not a problem, what does the data actually mean and how should it be interpreted.
.
Scenario
An undercover officer working has infiltrated a criminal organisation involved in drugs and people trafficking. The undercover officer needs to keep details and seek answers without blowing his cover. The situation is always life threatening. The officer is required to report back by mobile phone to Control every 7-14 days.
.
PC0001 on patrol in the Shopping Mall sees a known drug dealer in the doorway of a Supermarket with an unknown IC1 female handing over a package. PC0001 calls and waits for back up before approaching. A stop and search is then conducted using the appropriate procedures under PACE 1984. A quantity of drugs is found, large bundle of money, along with two mobile telephones which were all subsequently put into evidential containers and the two individuals are carted off in the wagon to the local nick.
.
The alleged crime of drug selling (given the quantity seized) is fairly low down the scale and the money found was £1,780.00, but compared with other crimes wasn’t high and so priority won’t be given to this case over other cases in the system. The mobile phones are sent away for examination. The person assigned to deal with the examination of the mobile telephone and SIM card conducts a quick level examination for subscriber details, mobile telephone number, SIM serial number/ICCID, phonebook and text messages. Before starting examining the mobile telephone the examiner becomes ill and doesn’t complete the work.
.
The examination would need to be passed to another examiner who would have to start from scratch as the next examiner could not possibly give evidence about someone else’s work for the new examiner would have no knowledge about the previous examination. By chance the new examiner chosen for the work had just come back from Greg Smith’s TrewMTE SIM Card training course where he had undergone deep level training into being a professional examiner and taught about ethical working practices, understanding the symbiotic relation with other mobile telephone devices and network elements, technical standards, working practices and SIM Card examination and data investigation etc (well alright, but it is only a modest promotion about me).
.
The new examiner conducted a fresh examination, starting with the SIM Card. Having been trained to look for evidence of activity and indicators about the potential user of the SIM card, the new examiner immediately contacted the Senior Officer where PC0001 was stationed. The new examiner, having been trained to identify certain data and corroborate the finding with reference material to ensure the meaning of the data, explained to the Senior Officer that he was examining a mobile telephone SIM Card that may belong to someone in the Security Services and that if he, at the local level, was examining this SIM then it could mean there was a man [undercover] down in the field?
.
Asked why the new examiner might suspect this, he referred to the recent training he had had and had identified from a mandatory data file in the SIM Card an elementary file titled EFACC (Access Control Class). The SIM had recorded Access Class 12 which is referenced as “Security Services”. The examiner also informed the Senior Officer that he had acquired from the SIM the subscriber details and mobile telephone number but was not authorised to access personal details. The examiner also mentioned that as ex-British Army he had field experience and should “intel” suggest there may be a “man down” that he would rely on all efforts to be made to rescue him, he therefore considered the user of the SIM (being examined) would equally rely on the same.
.
The Senior Officer took the details and immediately set in motion a priority search. The details the new examiner had given to the Senior Officer had proven correct and were linked to an officer on field ops. It transpired the office had not been in contact for 14 days. Because of the work involved MI5 were called in for their superior network of intelligence and, given the nature of the criminal organisation, every school boys heroes were sent in, the SAS, to conduct ground surveillance, attack, capture and rescue. The undercover officer was rescued, badly beaten, bleeding and barely alive, but alive nonetheless.
.
To clear up some loose ends to this scenario: How did the drug dealer come to be in possession of the undercover officer's mobile phone? The undercover officer had been rumbled by the gang and when running away, before the gang captured him, he had thrown it away and working on the long shot he hoped that someone would find it and hand it in. The drug dealer had found it, assumed it had been dropped by a passer-by and considered it could provide anonymity for drug dealing. There is a separate story about other evidence the mobile tied to the drug dealer, but this scenario is about saving an important life.
.
So what can be learned from the above scenario and what facts are known:
.
a) that the examiner as fact needs proper training to know what data can be significant
b) that as a statement of fact there is an elementary file in SIM called EFACC (Access Control Class)
c) that as a statement of fact the elementary file EFACC (Access Control Class) can be assigned to a User with an Access Class 12 assigned to “Security Services”
d) the examiner should know the limitations of the tools s/he works with before using them
e) the examiner to have the tools that actually reveal the information that is significant
f) that a proper and full examination of a SIM is an absolute requirement rather than merely the examiner conducting a dumbed-down check, only looking at certain data sets
g) that checking the findings immediately following a SIM read is essential
h) to communicate straightaway of the potential for life threatening situations or national security
i) that “priority” check means “speed and instantly” and not manyarna
.
In part 2 it will identify the full 16 Access Classes, look at Class 12 technical elements for Access Control Class, how it works, its uses and its limitations. What will become abundantly clear, if Part 1 and Part 2 are only dealing with Access Class 12 what can be learned about all the other Access Classes? More importantly, why has proper checking about Access Control Class and other EFs in SIM Cards not become standard practice?

Undercover Officer Down, how might SIM Access Control Class help? Part 1

PART 1: Undercover Officer Down, how might SIM Access Control Class help?
.
The following is a scenario created to help examiners and experts know more about how to determine what data in SIM/USIM elementary files can mean and to appreciate what is required to be understood before examining SIM/USIM and giving evidence. Computer forensics has made a significant contribution to data recovery that can be used for harvesting data from mobile telephones and SIM cards, however data recovery is only one element of mobile telephone evidence and is not ‘the evidence’ to be considered in isolation to everything else.
.
Moreover, an examiner and an expert are expected to usefully advise with respect to investigations where data obtained from mobile telephones and SIMs/USIMs are involved, so, here to, this scenario will hopefully open examiners' and experts' eyes to new ways of considering data. What the law of evidence wants to know is, provided the data recovered is not a problem, what does the data actually mean and how should it be interpreted.
.
Scenario
An undercover officer working has infiltrated a criminal organisation involved in drugs and people trafficking. The undercover officer needs to keep details and seek answers without blowing his cover. The situation is always life threatening. The officer is required to report back by mobile phone to Control every 7-14 days.
.
PC0001 on patrol in the Shopping Mall sees a known drug dealer in the doorway of a Supermarket with an unknown IC1 female handing over a package. PC0001 calls and waits for back up before approaching. A stop and search is then conducted using the appropriate procedures under PACE 1984. A quantity of drugs is found, large bundle of money, along with two mobile telephones which were all subsequently put into evidential containers and the two individuals are carted off in the wagon to the local nick.
.
The alleged crime of drug selling (given the quantity seized) is fairly low down the scale and the money found was £1,780.00, but compared with other crimes wasn’t high and so priority won’t be given to this case over other cases in the system. The mobile phones are sent away for examination. The person assigned to deal with the examination of the mobile telephone and SIM card conducts a quick level examination for subscriber details, mobile telephone number, SIM serial number/ICCID, phonebook and text messages. Before starting examining the mobile telephone the examiner becomes ill and doesn’t complete the work.
.
The examination would need to be passed to another examiner who would have to start from scratch as the next examiner could not possibly give evidence about someone else’s work for the new examiner would have no knowledge about the previous examination. By chance the new examiner chosen for the work had just come back from Greg Smith’s TrewMTE SIM Card training course where he had undergone deep level training into being a professional examiner and taught about ethical working practices, understanding the symbiotic relation with other mobile telephone devices and network elements, technical standards, working practices and SIM Card examination and data investigation etc (well alright, but it is only a modest promotion about me).
.
The new examiner conducted a fresh examination, starting with the SIM Card. Having been trained to look for evidence of activity and indicators about the potential user of the SIM card, the new examiner immediately contacted the Senior Officer where PC0001 was stationed. The new examiner, having been trained to identify certain data and corroborate the finding with reference material to ensure the meaning of the data, explained to the Senior Officer that he was examining a mobile telephone SIM Card that may belong to someone in the Security Services and that if he, at the local level, was examining this SIM then it could mean there was a man [undercover] down in the field?
.
Asked why the new examiner might suspect this, he referred to the recent training he had had and had identified from a mandatory data file in the SIM Card an elementary file titled EFACC (Access Control Class). The SIM had recorded Access Class 12 which is referenced as “Security Services”. The examiner also informed the Senior Officer that he had acquired from the SIM the subscriber details and mobile telephone number but was not authorised to access personal details. The examiner also mentioned that as ex-British Army he had field experience and should “intel” suggest there may be a “man down” that he would rely on all efforts to be made to rescue him, he therefore considered the user of the SIM (being examined) would equally rely on the same.
.
The Senior Officer took the details and immediately set in motion a priority search. The details the new examiner had given to the Senior Officer had proven correct and were linked to an officer on field ops. It transpired the office had not been in contact for 14 days. Because of the work involved MI5 were called in for their superior network of intelligence and, given the nature of the criminal organisation, every school boys heroes were sent in, the SAS, to conduct ground surveillance, attack, capture and rescue. The undercover officer was rescued, badly beaten, bleeding and barely alive, but alive nonetheless.
.
To clear up some loose ends to this scenario: How did the drug dealer come to be in possession of the undercover officer's mobile phone? The undercover officer had been rumbled by the gang and when running away, before the gang captured him, he had thrown it away and working on the long shot he hoped that someone would find it and hand it in. The drug dealer had found it, assumed it had been dropped by a passer-by and considered it could provide anonymity for drug dealing. There is a separate story about other evidence the mobile tied to the drug dealer, but this scenario is about saving an important life.
.
So what can be learned from the above scenario and what facts are known:
.
a) that the examiner as fact needs proper training to know what data can be significant
b) that as a statement of fact there is an elementary file in SIM called EFACC (Access Control Class)
c) that as a statement of fact the elementary file EFACC (Access Control Class) can be assigned to a User with an Access Class 12 assigned to “Security Services”
d) the examiner should know the limitations of the tools s/he works with before using them
e) the examiner to have the tools that actually reveal the information that is significant
f) that a proper and full examination of a SIM is an absolute requirement rather than merely the examiner conducting a dumbed-down check, only looking at certain data sets
g) that checking the findings immediately following a SIM read is essential
h) to communicate straightaway of the potential for life threatening situations or national security
i) that “priority” check means “speed and instantly” and not manyarna
.
In part 2 it will identify the full 16 Access Classes, look at Class 12 technical elements for Access Control Class, how it works, its uses and its limitations. What will become abundantly clear, if Part 1 and Part 2 are only dealing with Access Class 12 what can be learned about all the other Access Classes? More importantly, why has proper checking about Access Control Class and other EFs in SIM Cards not become standard practice?

Thursday, May 14, 2009

Mobile Telephone Examination Procedure

Mobile Telephone Examination Procedure
.
This discussion continues on the theme to highlight, over the last five years, the diminishing quality of the knowledge in mobile telephone evidence training and very poor understanding by those giving advice about or presenting mobile telephone forensic evidence and opinion.
.
By way of further illustration about poor understanding which was given in an advice note regarding mobile telephone examination procedure, the advice given:
.
(1) by removing the battery of certain make/model of mobile telephone can lose the date and time stamp and call history, but using a Shielding Room can prevent this because you won’t need to remove the battery.
.
(1a) the party giving the advice above then went on to suggest they did not think, by and large, the above is a better methodology that should be adopted and went on to advocate that the method of producing a clone test SIM (Access Card) appeared to them to be more appropriate.
.
A shielding room is used to prevent radio signals entering a given space that the shielding is designed to protect, and also prevent the mobile telephone from registering to the mobile telephone network; [it] cannot though prevent loss of full call history and date and time stamp irrespective of whether the mobile telephone is in a shielded room or not. Removing the battery on some older models of mobile telephone can lose the full call history and date and time stamp. To produce a clone test SIM (Access Card) the examiner is required at first instance to remove the battery to get to the SIM/USIM. So how is their recommendation shown (in 1a) that it is any better than the unsuitable Shielding Room scenario (in 1)?

.
- For the record the point I am making is not to advocate shielding rooms or faraday bags, I am just pointing out the absurdity of the advice -
.
By noting in their advice that using a Shielding Room may not be the best method (thus tacitly negativing its use) the advice then goes on to positively suggest that the examiner wouldn’t need to remove the battery because it is in a shielding room and that call history and date and time stamp on the mobile telephone would be secure. They then go on to advocate the removal of the battery which implicitly requires taking the SIM out also from the handset for the purposes of producing a clone test SIM (Access Card). Their advice is confusing as they have already admitted removing the battery can lose data.
.
An examiner will naturally have to remove the SIM/USIM out of the handset anyway (thus removing the battery first is one point; another point being removing the SIM/USIM can inevitably cause loss of data in the handset - it can't be helped) because the proper order of examination requires a full examination of the SIM/USIM to get at evidence that is not readily available and obtainable by leaving the SIM/USIM in the handset during examination.
.
I concluded from reading their advice that it contained so many mixed messages and conflicting use of methodologies which each method that would usually be used for the treatment of different issues in isolation were now being squeezed together to make them work, would leave an examiner following their advice open to and vulnerable to potentially discrediting their own evidence.

.
Moreover, if the advice note was intended to succeed in getting an examiner to use Access Cards over Shielding Rooms then in my view it failed to convince me to use one or not the other.

Mobile Telephone Examination Procedure

Mobile Telephone Examination Procedure
.
This discussion continues on the theme to highlight, over the last five years, the diminishing quality of the knowledge in mobile telephone evidence training and very poor understanding by those giving advice about or presenting mobile telephone forensic evidence and opinion.
.
By way of further illustration about poor understanding which was given in an advice note regarding mobile telephone examination procedure, the advice given:
.
(1) by removing the battery of certain make/model of mobile telephone can lose the date and time stamp and call history, but using a Shielding Room can prevent this because you won’t need to remove the battery.
.
(1a) the party giving the advice above then went on to suggest they did not think, by and large, the above is a better methodology that should be adopted and went on to advocate that the method of producing a clone test SIM (Access Card) appeared to them to be more appropriate.
.
A shielding room is used to prevent radio signals entering a given space that the shielding is designed to protect, and also prevent the mobile telephone from registering to the mobile telephone network; [it] cannot though prevent loss of full call history and date and time stamp irrespective of whether the mobile telephone is in a shielded room or not. Removing the battery on some older models of mobile telephone can lose the full call history and date and time stamp. To produce a clone test SIM (Access Card) the examiner is required at first instance to remove the battery to get to the SIM/USIM. So how is their recommendation shown (in 1a) that it is any better than the unsuitable Shielding Room scenario (in 1)?

.
- For the record the point I am making is not to advocate shielding rooms or faraday bags, I am just pointing out the absurdity of the advice -
.
By noting in their advice that using a Shielding Room may not be the best method (thus tacitly negativing its use) the advice then goes on to positively suggest that the examiner wouldn’t need to remove the battery because it is in a shielding room and that call history and date and time stamp on the mobile telephone would be secure. They then go on to advocate the removal of the battery which implicitly requires taking the SIM out also from the handset for the purposes of producing a clone test SIM (Access Card). Their advice is confusing as they have already admitted removing the battery can lose data.
.
An examiner will naturally have to remove the SIM/USIM out of the handset anyway (thus removing the battery first is one point; another point being removing the SIM/USIM can inevitably cause loss of data in the handset - it can't be helped) because the proper order of examination requires a full examination of the SIM/USIM to get at evidence that is not readily available and obtainable by leaving the SIM/USIM in the handset during examination.
.
I concluded from reading their advice that it contained so many mixed messages and conflicting use of methodologies which each method that would usually be used for the treatment of different issues in isolation were now being squeezed together to make them work, would leave an examiner following their advice open to and vulnerable to potentially discrediting their own evidence.

.
Moreover, if the advice note was intended to succeed in getting an examiner to use Access Cards over Shielding Rooms then in my view it failed to convince me to use one or not the other.

Friday, May 08, 2009

Call Detail Record (CDR) GSM Mobile Telephone Call

Call Detail Record (CDR) GSM Mobile Telephone Call
.
For every mobile telephone call there should be a corresponding Call Detail Record (CDR). It can contain information that the mobile network operator uses for subscriber identification, call charging, services obtained, call routing etc.
.
.

A Call Detail Record (CDR) can contain the identification of the start and end cell. Do remember, for the purposes of accuracy, a Call Detail Record is a single record of a mobile telephone call and is legally and Standards recognised. The mobile terminated call (MTC) CDR example above is included in my work that I was commissioned to prepare and published for Dr Bainbridge Aston University: Admissibility of Computer Evidence in Criminal Proceedings, 1998. The relevance of mentioning this is that there is nothing new about cell identification being recorded in a Call Detail Record.
.
The above is one example of the core-skills content available through my training courses and I have posted this information because I have heard from and read comments from those who have attended other providers' training courses who have received what is said to be forensic and expert training for the purposes of providing mobile telephone evidence and services and which the comments imply or infer that the training turns out to be partly or entirely unsuitable to deal with the understanding of the subject matter. This is leaving those who attended those training courses to vulnerability when examining, investigating or providing opinion about mobile telephone evidence.