Technical Background of Cell Site Analysis by Simon Steggles - Mobile Phone Forensics
Cell phones, (or Mobile phones) used today are transceivers which use little power. They combine both a transmitter and a receiver. Although most cell phones, (or Mobile phones), are used to provide a telephone service for the public, they are still radio transmitters and receivers. Because of this, mobile phones, (or mobile phones), behave in the same way that traditional radio equipment does. Mobile phones operate through networks, (which in the UK are run by O2, Vodafone, Orange and T-Mobile). These networks are GSM, (Global Systems for Mobile communications), and are built around an array of transmitters, receiving stations which cover nearly all of the United Kingdom. Many other countries follow this similar rule; however, they may have different networks run by different companies, (Verizon, AT&T etc).
These transmit and receive stations (or beacons), are also known as 'Cell Sites'. Each cell site consists of multiple receivers and transmitters and of course the relevant aerials associated with each one. These sites are often on masts, can be sited above police stations, schools or other tall buildings, (giving clearer transmissions, therefore clearer line of site transmission). Each cell site has a reference number and name. Using this information, one can state exactly the area of the cell site. From this we can pin point to a very small area if the suspect phone has been used in this area.
Whenever a mobile phone is 'on', it scans the radio frequencies assigned to it by its designated network provider, and then links up the cell that gives it the best coverage. This process is called registration, and is of course necessary for the networks so that they can direct incoming or outgoing calls to the correct phone. When travelling, (for example), a phone may move from one cell site to another. This is achieved by the phone evaluating the signal at all times, and switching over to the appropriate best one. This is also logged by the networks and is known as a 'handover'. The handover also ensures a continuation of the call, rather than the requirement to redial every time a new better cell site is found.
Network providers positioned their cell sites after carrying out extensive testings on the frequency, geographical position, and potential transmission/reception hazards. Extensive maps of these tests are kept by the network providers, showing the specific cover of each transmitter and receiver. Even when mobile phones are not executing a call, they are still logged on the network providers systems, ready for their next call/message. This information is not stored historically, however when a call is made or received, it is. When a phone is 'live' i.e. switched on and connected to the network providers, it is possible to track it by the non recorded records which get switched on manually.
Geographical locations can be specified for a mobile phone by referring to the call detail records, (CDR's). This can give you information of which cell site was being used. From checking the records about the specific site in question, it is then possible to find out about if the aerial was a full 360 degrees, or an azimuth of 120 degrees, (these can vary). If the call was coming from aerial 3 on a cell site, then it is right to assume that the specific geographic location of that cell phone is now only a third or the original area it was thought to be in, (e.g. If a call was made from the south of a cell site, then it is likely that the mobile phone was within a reasonable, (varies) distance from the south of that cell site).
Things to take into consideration:
1. Cell Site Analysis is not a proven science. Even if a mobile phone was used in position A, to the south of a cell site, it doesn't necessarily mean that the phone was actually there. It could well be anywhere up to a theoretical 35Kms away if all the cell sites between the phone and the used cell site had achieved maximum usage, (cell sites can only accommodate a finite amount of traffic at one time) or are not in service. 2. The cell site chosen is not necessarily chosen by the phone, it may be the network 're-directing' the phone to a 'not so busy' cell site. 3. Geographical locations may also prevent the usage of a cell site, (large building in the way, dense woodland etc).
The latest system for mobile phones is 3G, (third generation). This relies on UMTS, (Universal Mobile Telecommunications System), a faster data transfer system using Duplexing technologies. In the UK 5 licenses were won for the ability to provide these services. These network providers are 3G Technologies, Hutchinson 3G, Orange, Vodafone, O2 and T-Mobile. Although a different style/type of service, UMTS is recorded in the same way as traditional GSM. Handover occurs in the same way between UMTS and GSM as GSM to GSM.
Simon Steggles MBCS Director
disklabs® t +44 (0)1827 50000 f +44 (0)1827 66666 m +44 (0)7973 210 895 w http://www.disklabs.com w http://www.computer-forensics.co.uk w http://www.mobilephoneforensics.com w http://www.satnavforensics.com e mailto:simon.steggles@disklabs.com
Users Reading this article are also interested in;
SIMON STEGGLES Disklabs Computer Forensics Services DIRECTOR Background
Simon is an owner of 1st Computer Traders Ltd, the company that owns Disklabs Data Recovery Services and Disklabs Computer Forensics Services. Simon originally set up the Disklabs Data Recovery Services part of the business in 1997, and started Disklabs Computer Forensics Services in 1999. Natural organic growth meant that new business premises were required for the Disklabs companies, and in December 2005, a further building was secured to accommodate the rapidly growing Disklabs Computer Forensics Services. He has a background of military, (Royal Navy communications and intelligence), and has principally dealt with hard disk drives ever since in roles of buying, selling, wiping and repairing, with the last two roles as business owner. Having completed courses in various computer and mobile phone forensics practises, as well as evidence handling procedures, Simon directs the data side of the business, and drives new business.
Qualifications and Training FTK Boot Camp, Dec Wyboston 2005 PRTK Boot Camp, Dec Wyboston 2005 DNA, Dec Wyboston 2005 FST Mobile Phone SIM examination, Southampton Nov 2004 FST Mobile Phone USIM examination, Southampton Nov 2004 .XRY Mobile Phone Examination, Tamworth Jan 2005 Evidence Handling Procedures, Milton Keynes Feb 2004
Simon, along with Matt Jones founded the 1st Computer Traders Ltd in September 1997. The business has steadily grown into the multi division company that now incorporates Disklabs Data Recovery Services, Disklabs Computer Forensics Services, and 1st Asset Management, a new division started in January 2006. The new forensics facility was set up to ensure that proper practise and procedures are adhered to whilst dealing with the law enforcement agencies that have very special security requirements, such as security locked evidence cages, proximity readers that only allow authorised personnel into their respective offices/labs/evidence cages. In 2002, Simon became a co-opted director of the Professional Computer Association, a year later he was voted as a full director of the PCA. In 2006 Simon was promoted to the position of Vice Chairman of the PCA, a not for profit organisation which represents in excess of £50 Billion of revenue within the UK and Ireland.
Prior to Disklabs Data Recovery Services and Disklabs Computer Forensics Services, Simon was an active director in 1st Computer Traders Ltd, where he implemented the procedures for the test, repair, and data destruction routines used by the technicians of 1st Computer Traders Ltd. The work was rewarded with accreditations by various hard drive manufacturers including Seagate, Maxtor, Western Digital and Fujitsu. In June of 2002, 1st Computer Traders Ltd was awarded the highly coveted ISO9001-2000 for Quality Control.
Prior to 1st Computer Traders Ltd, Simon was the Managing Director of United Computer Services (UK) Ltd, another technology based company, trading exclusively in hard disk drives. Hard drives were bought and sold across the world. Within 5 years, and with only 3 staff, Simon led his team to a turnover of £7,000,000.00, and sold the company to his business partner who continued to trade until the business was bought again.
Prior to United Computer Services (UK) Ltd, Simon worked at various computer supplies companies gaining experience.
Upon leaving school, Simon was a member of the Royal Navy. Specialising in communications, Simon also worked in the Legal Division and in Naval Intelligence.
