The importance of the correlation of CDR data with other sources

 

Securcube Phonelog CDR

 

Securcube® Phone Log gives the investigators the opportunity to decipher volumes of data coming from CDR, finding useful hidden information.

BTS CELL TRAFFIC

pro:

  • Securcube® BTS Tracker (SW or HW) measures the real coverage of the BTS cell, showing you which telephone cells your mobile device is ready to connect to.

cons:

  • You also need the information  coming from the CDR or from a mobile extractions to find out if a device was connected to a specific cell.

MNO (Mobile Network Operator)

pro:

  • You acquire the data from a third party
  • You have a clear indication (cellID or GPS position) of which BTS phone cell made that particular exchange ( and NOT the GPS location of the mobile device)
  • You can start an investigation without a known suspect

cons:

  • Huge amount of records, hard to parse

WIRETAPS

pro:

  • Complete audio of a phone calls and complete text of an SMS

cons:

  • No info on the data sent through other apps (skype/WhatsApp/line…)

MOBILE DEVICE EXTRACTIONS

pro:

  • You obtain the data directly from the device: you acquire not only the calls/SMS but also the images, GPS position etc.
  • You can extract the historical backup of certain app (whatsapp,..)

cons:

  • It is not always is possible to seize the device
  • It is not always is possible to analyse the device (unsupported – password locked)
  • The mobile forensic tools may display the obtained data in an incorrect way (problem with the parsing procedure)
  • Anti-forensic measures may affect the extracted data (fake GPS location, fake calls,..)

THE SOLUTION: SECURCUBE Phone Log and Securcube BTS Tracker analysis.

Securcube Phonelog & BTS Tracker

  • Correlate data extracted from different sources
  • Powerful and intuitive GUI
  • MS SQL based to manage large amount of data (5PB)