To clarify the home office issue, I dont have papers that state specifically YOU MUST RETRIEVE POST SEIZURE MESSAGES
The home office do state that there may be circumstances where the investigator or examiner determines it is appropriate in the specific circumstances of an operation or investigation for the device, to remain on and connected to a network, or to be reconnected to a network, or, if having been switched off, to be switched back on and reconnected to a network
In this way a record may be made of previously undelivered messages and their evidential value considered.???? —If you don’t know the content how do you value it? Which handsets do I decide to get post seizures from? What if the one I decide NOT to do ends up with the other side and there are messages in there that are incriminatory or exculpatory? Will I be looked at as maybe trying to pervert?? “ You do it with one handset but not another what’s your method for choosing bigjon?”
In circumstances where messages are delivered to the device after it has come into lawful possession of the investigator it is the view of the Home Office and DCG that if the device has been lawfully seized or obtained, and proper consideration has been given to the circumstances of the case, then the receipt of those messages and making record of them will be lawful. There is nothing in UK law that enables a police officer or public authority investigator to stop the delivery of a communication to an intended recipient. Equally it can be technically impossible for a communication service provider to stop the transmission of a communication or recover messages that are awaiting delivery to a device that has either been disconnected from a network or been switched off by the investigator or examiner
PS how are you plans going for running some mobile phone forensic training, I have a grad who would be very interested
There is a course coorindation meeting in April and I believe by June a series of courses will be available offering high level skillsets, knowledge and experience.
How to use the mobile telephone standards
GSM SIM - Examination
3G USIM - Examination
Mobile Phones - Examination
Smart Phones - Examination
Call Records Analysis
Cell Site Analysis
Interpretation of Evidence
However, if anyone has a particular subject matter of interest please let me.
trew, i would also like to be kept informed re the training thanks
I would appreciate any views but I am writing a paper for our department to outline the examination of mobiles guidance
my method is remove sim card and read.
Replace SIM in handset and switch on….read.
Take out SIM re read to show the differences between reads, whilst making contemperaneous notes and photographing where necessary.
No Faraday bag/box as this alters data on the SIM card which is automated data ( ie.real evidence),
There have been discussions re the wireless telegrahy act prohibiting "interference" and some examiners have placed this at the "jammers" door as the jammers are wireless tools and think it doesnt include Faraday,but,my understanding is different especially when you read heading DELIBERATE INTEREFERENCE, it states the use of ANY apparatus whether or not wireless telegrahy appartus for the purpose of interfering……
Jammers are legal - as long as no signal escapes the faraday cage.
All the PASSIVE enclosures that I have seen do fail under strong signals. I had conducted the testing close to an antenna ( it's on top of the building ).
None of the ones I could see did work.
Neutrino comes with a faraday bag that is very good - because it is active. In the bag there is a noise generator that will make the bag much more effective.
If you want to see which was the last tower that was connected to the phone, you have to stop it from being on the network.
I HAVE A FARADAY CAGE FOR SALE WOULD HAPPILY SELL TO YOU ITS THE SECOND EDITION FROM PHONEBASE THE FLAT BLUE BOX WITH THE PERSPEX-ISH WINDOW
I have one of THE FLAT BLUE BOX, heavy little things aren't they!!!!
Sorry to sound like a dog with a bone here but I have just had to justify with my department that I should not be using a faraday cage, thankfully I have got my point home and I have had conformation that I do not HAVE to use one, this does not satisfy totally as I was making the point that I should not use one due to their use being prohibited under the Wireless and Telegraphy act (1949 2006).
I am constantly told that the W&T act refers to jammers being illegal and it does not aim at Faraday cages.
For the record (and how I see it) Jammers have their own section.
Section 68 ( W&T act) refers to deliberate interference and states
(2) This section applies to—
(a) whether or not the apparatus in question is wireless telegraphy apparatus;
(b) whether or not it is apparatus specified in regulations under section 54;
© whether or not a notice under section 55 or 56 has been given with respect to it, or, if given, has been varied or revoked
The key reference is DELIBERATE,which (again as I see it) means that if I was to buy a lead-lined dustbin and DELIBERATELY place a handset in it to block access, this, in turn would fall under the act of deliberate interference and is therefore prohibited.
Surely any examiner who places a handset into a Faraday cage to block access is doing so deliberately
The 'intention' element to use apparatus to which bigjon is referring that is not the same as someone deliberately going into an underground car park 10 levels down where no RF signal is detected and there are no in-building microcells. Otherwise everyone going into a building that blocks a signal might potentially be said to be using an unlawful apparatus.
The above discussion is not fantasy, there are some of have tried to argue that one.
I think you are getting bogged down in the letter of the legislation and possible ignoring the rules on interpretation. Courts nowadays are adopting the European purposive approach to determining what the mischief is that a particular bit of legislation is intended to resolve. It seems clear that the W&T act is designed to prevent unauthorised interference with broadcast signals in the sense that someone might block the local emergency services, the military, Air Traffic or some other essential transmission such as CBBC.
I can not see that when parliament passed this act that it was there intention to prevent someone placing a phone in a screened bag in order to carry out an investigation.