All Posts By

Ryan Ferreira

Cell Phone = Plethora of Evidence

By | Criminal Defense, eDiscovery, Employment Law, Litigation | No Comments

cell phone social media apps

Odds are good that you might reading this article on your cell phone. Mobile devices topped the 8 billion mark in 2016, with only 7.5 billion people. That means that cell phones now out number people. Think about all the data floating around and how this data could be potentially relevant in the legal realm. Before we get into that, while many of the principles discussed here apply to most mobile devices, for the purposes of this article we’ll be focusing on smartphones. Smartphones are defined as any phone with advanced computing capabilities (something more than the ability to make a cell phone call from your car) and 3G network connectivity. You might use a smartphone to browse Facebook, complete a Google search, check emails, watch a few videos, or even to complete a call.

Cell Phone Usage in the US

In the U.S. 95% of Americans own a cell phone of some type, 75% of those users own a smartphone. A majority of users consume more than 2GB (gigabytes) of data per month. Two gigabytes of data may not sound like much, however that would be equivalent to roughly two truckloads full of boxes of office documents stored on the average (low end) cell phone. As if that were not enough, consider the fact that unlimited data plans are making a comeback (and that the average unlimited plan usage is 7GB per month). The high U.S. ownership numbers span across all demographics – male/female, educated or not, rich or poor. In fact, the only demographic that has less than a 50% smartphone penetration is the 65+ age range – those who already spent a majority of their lives without cell phones.

Almost everyone is using a Cell Phone

All of these users – young or old – are using their phones for a number of tasks. Simple tasks like sending text messages, checking emails and perusing WebMD to see if their headache might mean they have a life-threatening disease (they don’t, but WebMD suggested it). They’re using dozens of applications (apps) for more specialized tasks – sometimes simultaneously – and they’re (rarely) making calls with their cell phone. Current statistics show that 80-90% of mobile device usage takes place in apps, the heavyweight being Facebook at a whopping 19% of the time spent. Messaging/Social apps fall in at 12%, and internet browsing is not far behind at 10%. Although most users are unaware of it, data associated with their activity is being written to their device (typically in real-time). This data sits idle and is innocuous until potential litigation arises.

In the event that a user’s smartphone activity is of interest, a qualified computer/digital forensic examiner can easily preserve and/or search the data held on the smartphone. In my experience, the following items were generally the most useful:

  • Active and deleted text messages (deleted text messages can usually be recovered)
  • Facebook conversations (without the need for a password)
  • Internet history
  • Full content of emails
  • Audit logs (they can offer a granular view of user activity, logs of the power cycles or the last computer the phone was plugged into, applications installed, and more)

The implications of the data stored on mobile devices in general is limitless. Below are some examples of how smartphone data can be used in criminal and civil matters to…

  • determine the user’s state of mind/motive/establish an alibi.
  • substantiate the user’s location at a given time.
  • identify known associates.
  • uncover evidence of plans to go to work for and/or take sensitive information to a competing company.
  • provide justifications for child custody (or lack thereof).
  • confirm/validate contractual terms/debts.
  • show excessive internet or app usage to deem a person “addicted to their phone” and unfit for full-time custody of special needs children.
  • provide proof of infidelity.
  • provide evidence of cyber bullying of a child.

The Right to Search a Cell Phone

After reading all of this, it may seem like the world is your oyster – you can get a hold of a mobile device and all this great evidence automatically rains down from it, right? The legality of gathering this information is a little more complex than that. The biggest issue of all is the right to preserve and/or search the device/data. To determine if you have those rights or will need a court order to gain access to the phone, consider the following:

  • Did you purchase the mobile device, or did someone else?
  • Do you pay the monthly bills?
  • Did you sign anything providing another individual or company the right to access your data, or is it yours and yours alone?
  • For the parents out there – depending on your jurisdiction, the fact that you bought and pay for your child’s phone may still not be enough to allow you the right to take possession of the device and review its content.
  • Husbands and wives – depending on the shared property laws in your jurisdiction, you may or may not have the right to view your spouse’s data.

Does the right to review that data create a roadblock? Certainly. But in reality it’s little more than the thresholds for other evidence. With due legal process, the right can be obtained for a forensic examiner to preserve the devices and their contents, search that data based on the particulars, and present the findings for review. If you’re new to the incorporation of ESI (electronically stored information) in your practice, it may seem like a daunting task. But, as with any new evidence category, there are qualified experts in the digital forensics field ready to help you navigate the waters and ensure you get reliable evidence. Regardless of the type of law you practice, you likely have current cases that could benefit from the inclusion of digital evidence.


Ryan Ferreira is a Digital Forensic Examiner at One Source Discovery who specializes in mobile device forensics and call detail record analysis. He has a Master’s degree in Digital Forensics and holds the Certified Computer Examiner (CCE) designation from the International Society of Forensic Computer Examiners, among various other certifications.

Wearable Technology: What Are You Wearing and What Is It Saying About You?

By | Criminal Defense, eDiscovery, Employment Law | No Comments

WEARABLE TECHNOLOGYJenny leaves the gym, pleased that she reached her step goal for the day. Johnny glances at his wrist quickly during a meeting, and swipes to the left. Billy finishes a marathon and checks his time at the finish line station. What do these people all have in common? They’re all integrating wearable devices into their everyday life. Wearables are arguably the next big craze in portable technology. A recent study by IDTechEx found that the market for wearables will increase 10% annually to over $40 billion in 2018, and by 2026 is anticipated to be over $150 billion per year. The reality is that whether it’s a chip connected to someone’s shoe at a marathon, a smartwatch, a fancy pedometer, or an activity band, it seems like every other person has at least one (if not more) of these devices. Yet little attention has been paid to these devices outside of the fashion and fitness realms until recently.

It is important to note that most of these devices log and in some instances analyze various metrics collected from the wearer’s daily activity. Many of these devices track the number of steps taken in a day, some monitor your heart rate to make sure you’re getting in a good workout or a restful night’s sleep. Recently FitBit and Medtronic announced a partnership to develop the ability for diabetics to track their blood glucose levels using wearables. Other devices, while lacking in intrinsic health benefits, instead tend towards the cool factor of the scale. For instance, Levi’s Jeans company now has a “smart jacket” capable of interacting with a Bluetooth-linked device such as your cell phone. The possibilities for wearable technology are endless, and so are the potential uses of this data in digital investigations.

Think about it – assume there is a harassment (sexual or otherwise) claim. The argument could be made that changes in heart rate corresponding with the timeline of the alleged event corroborate the claim, or they could be indicative of whether someone did or did not in fact feel threatened during an exchange. Wouldn’t it be useful to know exactly how someone reacted physiologically during and around the time of the alleged infraction? The data from these devices could also be useful in evaluating injuries. Take a workman’s compensation injury claim. It would be key to the investigation to know if someone with a neck injury was spending their off time getting in a vigorous workout at a gym or recuperating within the confines their house.

While these methods of investigation may seem intrusive, in some jurisdictions they are already in use. Attorneys at McLeod Law in Calgary, Canada, used wearable device data to show that their client, a former personal trainer, had in fact been seriously injured and that those injuries impacted her quality of life. In the case, she wore a FitBit during an “assessment period” to show that her levels of activity were well below what someone of her age and profession should be exhibiting on a regular basis. Using actual data from the wearer’s daily life has the potential to carry much more weight than traditional clinical assessments, as an assessment often only examines a person for short segments of time. Wearable device data has also played a part in alleged sexual assault cases. In Lancaster, Pennsylvania, police officers responded to an alleged sexual assault and opted to collect the victim’s FitBit as evidence for their investigation. In reviewing the data from the device, a different story unfolded. Rather than corroborating the victim’s story that she was sleeping and awoken by the assailant, the device data showed that the alleged victim was awake and exhibiting signs of normal activity during the time of the alleged assault. Ultimately, the police department stopped their investigation into the assault and instead charged the alleged victim with filing a false police report.

But this technology does not come without its issues. It’s equally important to know that there can be shortcomings to the usage of data from wearable devices in litigation. First, data can be accidentally falsified, such as in the case of fidgeting (for movement data) or having someone jump out from behind a wall and yell “boo!” (for heart rate data). Second, the data collected can also be intentionally falsified. For instance, a workman’s comp claimant could opt to skew the results by sitting on the couch and doing nothing for two weeks when they are perfectly healthy. Or someone could easily let a friend (known to be exhibiting the desired level of activity) borrow the device and wear it to record data that supports the user’s story.

It’s also important to be mindful that many of these wearable devices are unique – they do not fall under a unifying specification where each one has the same interface to extract the data contained within (unlike that of a computer hard drive, mobile phone, etc.). This means that the ease of collecting data from an activity band could vary greatly between models and/or manufacturers. While forensic examiners may be able to connect to one device and access data using a USB cable, they might have to entirely dismantle a second type of device (of the same general category) in order to manually read the internal data chips, and on the third device run into a scenario requiring a court order to a wearables provider to produce the user data stored on their servers.
So what does this all mean? Is the data gathered from this new technology unreliable? Definitely not. As with all information in a case, you should trust, but verify. Wearable technology certainly has its uses, and it’s important to make sure you’re not only aware of them but taking advantage of them when appropriate. From a corporate standpoint, it might be a good idea to start thinking about revising your BYOD (Bring Your Own Device) policies to contemplate wearable devices. But from a litigation standpoint, you should make it a habit to start asking your clients or adverse parties if they use and allow wearable devices. We predict that the use of data collected from wearable devices in legal matters has just begun – get ahead of the curve now.


Ryan Ferreira is a Digital Forensic Examiner at One Source Discovery who specializes in mobile device forensics and call detail record analysis.  He has a Master’s degree in Digital Forensics and holds the Certified Computer Examiner (CCE) designation from the International Society of Forensic Computer Examiners, among various other certifications.