Learn about the importance of call histories within mobile devices and how they can be used to show collaboration and possible conspiracy.
Digital Forensics Specialist
Grayshift
Call logs are not only stored within mobile devices, but also at the network level for billing purposes. How can we take these two datasets to paint a better picture in an investigation? The Calls Category within ArtifactIQ by Grayshift can provide critical insights into who the device user has been in contact with. While traditional calls are minimal compared to text messages and third-party texting applications, you shouldn’t overlook the obvious, especially when investigating data from a telephone.
ArtifactIQ by Grayshift offers examiners quick access to call data stored on a device from native telephone applications and other supported third-party communications applications. Access to this data can be through the timeline functionality. The examiner can cross reference and research multiple data categories simultaneously, selecting all the data obtained. Or by using the date and time filter to define a specific time or a single date, building an overall pattern of device usage and communications patterns. Investigators should be aware that not all calls from third-party applications are stored as calls on a device. In some instances, call record entries are displayed as text messages.
Three Benefits of Using The ArtifactIQ Calls Category
- The Calls Category features a simple, easy-to-read layout detailing a simple grid of Incoming, Outgoing, and Missed Calls received by the device.
The data is displayed concisely and shows:
- The date and time the call was made or received
- The telephone number of the device or third-party application making or receiving the call
- Where the telephone number is listed as a contact in the device
The contact’s entry name is also listed next to the number, along with the duration of the call displayed in seconds.
It’s possible to search for a specific telephone number or a sequence of numbers that appear in a telephone number by using the search function to aid the investigator and expedite the search. The results within ArtifactIQ by Grayshift display only those telephone numbers that conform to the search criteria. There is also a date and time filter. As with the timeline feature, it is possible to filter the displayed results either as a specific time or as a single date.
- The ArtifactIQ Calls Category offers the benefit of obtaining telephone numbers that may not record within call data records held by the telecom’s operators.
Researching this data may lead to other associations and conspirators that may not otherwise be identified had the device not been downloaded. Mobile phone network operators record traditional voice calls made or received over the cellular network for billing purposes. These records are called Call Data Records and can also include information about the device making the call.
- ArtifactIQ by Grayshift offers the ability to obtain data quickly. This speed of access and the ability to share the extraction results between agencies globally allows the investigators to take quick action across multiple jurisdictions. This expanded collaboration helps to protect victims, make arrests, or secure evidence.
Try ArtifactIQ by Grayshift for yourself by participating in ArtifactIQ Early Access and get to know the Calls Category (and other useful features).
© 2022. Grayshift, LLC. All rights reserved. Proprietary and confidential.
