±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36459
New Yesterday: 5 Visitors: 156

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Authentication of provider records

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

hcso1510
Senior Member
 

Authentication of provider records

Post Posted: Mar 17, 12 04:36

One of the issues law enforcement consistently runs into is the authentication of records. My common practice when requesting records has been to ask for a Certificate of Record or Business Records Affidavit certifying the data is a true and correct copy of records kept during the normal course of business.

When obtaining records whether it is from the Sprint L-Site, Verizon’s secure Iron Port Server or other provider I always make screen shots of whatever I’m looking at and place it into the case file. If there is a question as to what I requested one can always refer to the judicial process and if there is a question as to what I received one could also refer to the screen shots of when the records were received and when I obtained them. I then download the records and place my original in property. “I’m thinking I’m good, but not so fast.”

I currently have a case involving some text content that the DA said he needed to “authenticate.” I obtained some text content from a mobile phone and I obtained the sms log of the sender and sendee’s phone. All the times line up perfect, But he still believes he needs a rep from the Telco to testify that the records requested are a true and correct copy, etc, etc.

The bottom line is “Experts” can be a pinch to the wallet.

I was wondering if anyone out there has been able to overcome bringing in experts and whether or not your Judges are allowing records in with a Certificate of Record. I have a feeling the DA I am working with just needs to fight to get it in, but I’m not sure he is willing to make the argument.

Thanks,
_________________
Ed

I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 
 
  

JLEllis
Member
 

Re: Authentication of provider records

Post Posted: Mar 17, 12 08:13

I'm a little confused. What records does the DA want authenticated? It sounds like you obtained the actual SMS from the handset(s), but I'm not sure where you obtained the "sms log of the sender and sendee’s phone". I think what you are saying is that you obtained the SMS detail records from the cellular providers? Via search warrant maybe?  
 
  

trewmte
Senior Member
 

Re: Authentication of provider records

Post Posted: Mar 17, 12 11:49

Ed

With authentication is the requirement of clarification. Is the DA asking authentication of sending and receiving party (and they on CDMA, GSM ???) or is he seeking authentication on the "content"? "Content" is the term you used above because that is the term you mention the DA used.

Can you ask the DA to clarify is he wanting identification for the sending/receiving parties for his authentication requirement or is it the actual authenication of content e.g. text, symbols, user data length etc?

You will be asking him this to clarify what he perceives to be authentication beause that criteria is not set out in your comments above.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

hcso1510
Senior Member
 

Re: Authentication of provider records

Post Posted: Mar 17, 12 17:15

The DA I'm working with feels wee need an expert (1 from Sprint and 1 from AT&T ) to get up on the stand and say "Yes, those are our records." "Those records are in the format which we currently utilize," etc, etc.
The term I use for the records I'm refering to is the sms log, which I obtained through a Subpoena from both providers.

I did use the term "content", but I should have been clearer. The case involves some content which was downloaded from a mobile device with a Cellebrite, but that's a different issue. Neither of the providers mentioned above retain content so they couldn't authenticate something they don't retain and they wouldn't be qualified to comment on the evidence that came from the mobile device.

Sorry for the "content" confusion.

Regardless of how I would like to see the DA aqrgue the validity of the evidence he has to go along with what he feels the Judges will allow in my Jurisdiction.

If you are utilizing, at least what I feel are "best practices", I don't see the need for the expert. "That being said I'm not sitting in the defense chair."

I can show what I asked for, the screen captures from when I received the records and how I downloaded and saved the records. What more can I do?

My original question was, and it continues to be, is whether or not other members have been able to get records admitted into evidence with a Certificate of Record/Business Records Affidavit rather than calling in an expert.

Thanks!
_________________
Ed

I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 
 
  

miket065
Senior Member
 

Re: Authentication of provider records

Post Posted: Mar 17, 12 17:50

Can the DA not talk to the defense and get them to stipulate to the records? That would avoid "much ado about nothing". I have never had to have anyone come testify from an ISP or Telco, but there is such variance between jurisdictions and even judges in the same jurisdiction that what happens in one place is almost irrelevant.
_________________
Some things you just can't "unsee". 
 
  

hcso1510
Senior Member
 

Re: Authentication of provider records

Post Posted: Mar 18, 12 06:04

Mike,
I'm going to bring up the subject and see if the defense will stipulate to the records. My experience has been that most defense attorney's are reasonable. If I can show how I obtained the records and the process I took from email, downloading to the property room I believe that should be good enough.
_________________
Ed

I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 
 
  

JLEllis
Member
 

Re: Authentication of provider records

Post Posted: Mar 18, 12 06:15

You're in Tennessee, so what applies here in Cali. may be different (or maybe not). In Cali, call detail records (or SMS detail records) are admissible as business records as long as the records are accompanied by an affidavit from the Custodian of Records that meets the Evidence Code requirement for admissibility of business records. I've never had an issue with this.

Your own "best practices" do not supersede the evidence code requirement relating to the admissibility of business records. No affidavit, or an affidavit that does not contain the required information = inadmissible evidence.

It could be that the DA isn't so much concerned about the admissibility of the records, but rather whether or not you are qualified to interpret the records?  
 

Page 1 of 2
Page 1, 2  Next