Wednesday, November 30, 2011

CDR Toll Ticket

CDR Toll Ticket

Essential to any police inquiry and/or investigation is the availability of mobile network call detail records. Significantly, the data to be found in a CDR usually contains far more detail than data produced in eg compilation records; the latter data being selected based upon the 'subjective' mindset of the person creating the compilations.

Toll Ticket Enquiry is very different from Toll Ticket Analysis as the latter document only extrapolates those fields of data chosen by the person eg making selective choices from data stored in a database; thus an unsuspecting officer with little-to-no-experience may have no concept of the range of fields of data available that could be useful to an inquiry and investigation. Thus any objectivity by the officer to form an appropriate opinion or conclusion might be blocked.     

I have produced below scanned headers from two Vodafone Toll Ticket Enquiry CDRs both dated in February 1998. Both of the headers come from genuine Toll Ticket Enquiry CDRs, the first is for a Toll Ticket relating to call traffic on 13-02-98 on Vodafone's analogue TACS mobile network and produced on the 24-02-98. The second Toll Ticket relates to call traffic on 13-02-98 on Vodafone's digital GSM mobile network and produced on the 21-02-98.  Both were served in evidence in a murder case, thus in the public domain. The scanned headers below do not contain any personal data.  

Vodafone's Toll Ticket Enquiry CDR (TACS)

Vodafone's Toll Ticket Enquiry CDR (GSM)

It is entirely consistent that as an expert I would seek these CDRs in cases (as I did in the above case) in order that I can properly and appropriately advise those who instruct. The two Toll Ticket Enquiry CDRs represent a useful historical guide of events in 1998. It is noteworthy to mention that the GSM and TACS records illustrate the position of a single mobile network operator running two different radio transmission mobile networks at the same time. Moreover, such a feat did not limit or prevent the operator capturing data for CDRs relating to call traffic from its switches (EMX/MSC). Note also the duration of time between the dates of the call traffic CDRs and the production of them. Thus any inquiry or investigation into serious crime in 1998 would or should have had access to such records. So when reading the transcripts from eg two Appeals involving the same case  ( NIHC/QB/2009/50NICA/2011/33 ) and Toll Ticket is mentioned by name, the above provides the reader with some insight as to the data that can be recorded in such CDRs.

Today, of course, CDRs from mobile operators may have changed with respect to the identified fields of data in them or by design due to the system that produced them. I have shown examples elsewhere. Historically and like today the CDRs referred to should not contain fields of data that would compromise security of an operator's secure protocols, encryption keys etc.  Toll Ticket or other types of CDRs are ideal for evidence and provided there is completeness in the data (as opposed to subjective content imported into compilation records) then CDRs are essential to call record analysis (CRA) and cell site analysis (CSA).

Historical and current material on this subject and other subjects are included in my training courses for police and examiners to assist inquiries and investigation to make the best use of data and, as equally as important, how to interpret such data.

No comments: