On May 12, 2015, tragedy struck. An Amtrak train on route from Washington to New York tried to take a turn rated for 50 mph while travelling in excess of 100 mph. When the smoke cleared, 8 were left dead and more than 200 injured. Among the injured was Brandon Bostian, the engineer, who seems to have no recollection of the events leading up to the disaster due to the trauma he suffered. So now, as reported by NBC News on Wednesday, June 10th, investigators are trying to fill in some of the gaps with mobile forensics on Bostian’s phone.

The quest for answers in a mobile digital world

“Mobile devices today can tell a lot of tales,” says Joe Caruso, founder and head of Global Digital Forensics (GDF), a recognized national leader in computer forensics and electronic discovery (eDiscovery) services. “The burning question for accident investigators, obviously, is what happened? And of course, the logical place to start is with the engineer at the controls, who unfortunately in this case though, can’t seem to remember anything. So without means to question the most important witness, investigators have to start flying theories using the information available to them. But in this case, a mobile phone is in the equation, which can make a big difference."

"Mobile devices can often reveal plenty of relevant information to investigators about an individual involved in an incident," says Caruso, "like their habits, interests and sometimes even their state of mind by analyzing texts, phone call records, pictures taken, Internet activity, emails and often geolocation data as well, which can be used to build a timeline of when and where things happened. But sometimes, they can also help investigators cross off things that didn’t happen, like whether or not an engineer at the controls during a tragic train accident was talking, texting, or being otherwise distracted by his smartphone. Because at the core of the investigative process, eliminating possibilities helps focus efforts and resources on other plausible scenarios.”

“Of the utmost importance though,” Caruso says, “is to make sure to collect that data as quickly as possible from as many devices as are available before any valuable data is overwritten or otherwise lost. Because in the end, it’s far better to have the data and not need it, than to need it and not have it. That’s why we started offering a Mobile Forensics Quick Analysis to make the process easy and affordable for investigators and attorneys that deal with accident investigations and/or litigation. For a flat rate of $1595, which is very low as far as comparable pricing across the industry, our Quick Analysis is designed to correctly collect all the data from mobile devices and help clients determine if a more thorough analysis is justified.”

THE GDF QUICK ANALYSIS PROCESS:

• 1. The suspect device is received, and logged.
• 2. A proper chain-of-custody log is created.
• 3. The suspect device is forensically duplicated (imaged) using court accepted procedures.
• 4. The original evidence is properly stored in compliance with court approved procedures.
• 5. GDF’s certified analysts search the entire mobile device for all recoverable data.
• 6. All recoverable data is extracted and provided to the client in easy to understand format.
• 7. GDF’s assigned lead analyst forwards the results to the client.
• 8. The results will help identify the presence of any evidence or indicators to help client determine evidentiary value and decide if a more thorough analysis is warranted.

No excuses

“Once we’ve done the Quick Analysis, all of the data will be preserved in the exact same state it was on the day we received it,” says Caruso, “and can then be used in multiple ways at any time afterwards. If the investigators or attorneys need to build a timeline, they’ll have the collected data available to do it. If they need to broaden their search scope after learning more about the case, we’ll be able to help with that too, using the data from the original collection. And if things get more complex, our vast experience and expertise in all things relating to digital evidence will let our specialists seamlessly transition to a more thorough analysis of any and all data if necessary, and assist with any further eDiscovery needs the client may have, all the way through production and expert witness testimony. It doesn’t get any easier or cost effective, so there should be no excuses when it comes to leveraging every benefit mobile forensics can offer, because when tragedy strikes, anything that can shed light on the who, what, when, where, why and how of a case can prove invaluable.”

The right choice when evidence goes digital

*Global Digital Forensics is a recognized leader in the fields of computer forensics, eDiscovery, cyber security and emergency incident response. To speak with a digital evidence specialist about your unique situation, or any other computer forensics, eDiscovery or cyber security needs involving Electronically Stored Information (ESI), call 1-800-868-8189, or visit GDF’s computer forensics page.