Document reveals iPhone forensics data police get from your phone.
The courts have traditionally allowed the police to inspect any items a suspect is carrying when they arrest him or her. But in the past, the information the police could obtain in this fashion was fairly limited. The advent of the smartphone has changed all that.
A new document uncovered by the ACLU provides insight into just how aggressive law enforcement agencies have become about obtaining the contents of seized cell phones. Last fall, writes the ACLU's Chris Soghoian, "officers from Immigration and Customs Enforcement (ICE) seized an iPhone from the bedroom of a suspect in a drug investigation."
A document filed in court shows that police extracted a wealth of personal information from the device, including call records, contacts, stored text messages, photos, videos, and passwords. They also obtained "659 geolocation points, including 227 cell towers and 403 Wi-Fi networks with which the cell phone had previously connected"—a detailed record of where the device had been in previous weeks. Soghoian says law enforcement agencies can buy portable devices that extract this kind of information from smartphones in a matter of minutes.
While acquiring such a massive volume of data without a warrant may fit the letter of the law, it certainly seems to violate the spirit of the Fourth Amendment. Until recently, no one would have had that much personal information in their pockets. Such records, if they existed at all, would have been in the suspect's home, where the police couldn't seize it without a warrant.
Unfortunately, law enforcement groups have resisted efforts to enhance cell phone privacy in these situations. In 2011, the California legislature overwhelmingly passed legislation requiring a warrant to search the contents of cell phones, but Governor Jerry Brown vetoed the bill.
“We know the police have started using tools that can do this. We’ve known the iPhone retains records of the cell towers it contacts. But we’ve never before seen the huge amount of data police can obtain,” ACLU technology lead Chris Soghoian, who found the report in a court filing, told Forbes.
“It shouldn’t be shocking. But it’s one thing to know that they’re using it. It’s another to see exactly what they get.”
ICE was able to extract the information with the help of Cellebrite. According to the report, the suspect did not seem to have a Personal Identification Number (PIN) or passcode, but law enforcement has shown the ability to bypass passwords and other basic security measures.
In the past, Google has helped law enforcement get past the lock screens of Android phones. In some situations, law enforcement has been known to mail a phone they cannot crack to Apple, which would take the data and store it on a DVD before sending it back to the law enforcement agency.
Soghoian said people who want to keep law enforcement away from their data should use long, complex passwords and encrypt their phone’s storage disk.
http://arstechnica.com/tech-policy/2013/02/document-shows-how-much-data-cops-suck-up-from-suspects-cell-phones/
iPhone forensics document (ACLU):
http://www.aclu.org/files/assets/iphone-forensics-report_redacted.pdf
iPhone forensics: iPhone & iPad forensics:
https://www.blackbagtech.com/blog/2012/02/23/iphone-forensics-iphone-and-ipad-forensics-in-a-byod-enterprise-environment-2
Digital forensics magazine:
https://www.digitalforensicsmagazine.com/