(888)282-2379
Request a Service

Case Study: Hidden Gems in Call Logs

Rob Walensky

Rob Walensky

So when you discover that a call log is so much more than a call log, it’s time to consult a digital forensic expert and let them handle the digital forensic work!

A call log is just a call log, right? To the majority of professionals in the criminal or civil world, you’ll discover that they believe that a call log is a simple, straightforward piece of the puzzle.  I am here to tell you that there are many hidden gems in call logs, and it is up to you to find them – if you really want to discover the real truth, that is.

In many cases that I have been involved with relating to cellular devices, I often see professionals in legal cases capturing call log data by simply taking photographs of the cellular device’s screen. To further aggravate this decision, the professionals pick and choose the timeline of the call log that they believe would be most relevant to their case.  Historically, this practice has been allowed in many courts – but this method is not recommended.  To acquire the full story, a forensic examination and acquisition of data from the cellular device is required. 

To fully understand my point, I have provided a case study from one of my past cases; fictious names and events have been substituted.  While there are many more complex issues that can arise in cellular examinations by untrained or inexperienced people, the following example highlights one specific problem that can occur. 

  • Jimmy is an accused drug dealer.  He was arrested on January 16, 2021, with 16 ounces of cocaine in the trunk of a vehicle he was operating. At the time of his arrest a cellular device was seized from his person. 
  • Upon doing a lawful search of the cellular device seized from Jimmy, there were 10 text messages located during a manual search of the device by law enforcement that seemed to be related to a drug transaction on January 15, 2021, with a subject identified in the message as ‘Kim-stepmom.’  Rather than wait for a forensic expert to examine the device, it was decided that photographs would be taken of the 10 text messages deemed relevant since it involved minimal time and effort. 
  • The cellular device was then returned to the owner upon his release on bond, as the evidence from the device had been “collected.”
  • The police know that Jimmy’s step-mother is Kim, and she resides with his father in the same town where Jimmy lives and was arrested.  The police interview Kim and she denies involvement in the drug transaction with Jimmy, but admits she does use cocaine on occasion.  Kim is not forthcoming with any other information, but is not uncooperative.  The police suspect she is not being honest about the drug transaction with Jimmy, but do not have enough to arrest her or charge her in the case with Jimmy.
  • Due to court delays, Jimmy not appearing for court and leaving the state after a warrant is issued for him, the case does not proceed to trial until two years later in March of 2023.  Kim is subpoenaed to testify regarding the text messages between her and Jimmy that are incriminating to Jimmy and show that he is a drug dealer.  Kim denies ever sending the messages. 
  • Jimmy then details to his attorney how his drug source was a guy named Billy, but in the contacts of his device he put ‘Kim-step-mom’ as the name pairing it with Billy’s cell phone number to throw the police off if they ever obtained his cell phone. 
  • The photographed text messages do not show the telephone number in the texts, only the programmed name – ‘Kim step-mom’ – and the content of the messages.  Though the content of the messages are still incriminating as it relates to Jimmy being a drug dealer, the attorney raises the issues with this information in court and shows that the police did not do their job during the investigation related to the cellular device.  The attorney also uses this information to call into question the ineffective investigative work by local law enforcement, which makes for an uncomfortable experience for the police testifying in the case.      

In the example, a forensic examination of the cellular device would have uncovered the phone number alongside the contact name associated with the incriminating text messages. If you want to test this theory for yourself, look at your text message list in your texting application and identify a thread.   Next, go to your contact list and change the person on the thread’s contact name to something else.  Lastly, go back to the text message thread in the message application and notice that the entire thread’s contact name has been updated.  This trick works for several cellular devices – it is literally that easy to associate a fictitious person with a phone number to create confusion.

A forensic expert with the proper training, experience, and software could have easily performed a forensic examination on this device and produced a report detailing the facts and preserving evidence. Forensic examinations can help streamline investigative efforts and eliminate potential suspects, saving time, money, and frustration. Perhaps this approach would have led local law enforcement to quickly eliminate Kim as a suspect and allow them to focus their efforts on Billy, the source of the drugs. 

So when you discover that a call log is so much more than a call log, it’s time to consult a digital forensic expert and let them handle the digital forensic work!
Rob Walensky

Deleted Text Messages

Deleted Text Messages I often get asked about deleted text messages on cellular devices, specifically SMS or MMS messages on cellular devices. Can I recover

Read More »
Rob Walensky December 5, 2023
Load More
Request A Service
(888)282-2379

Connect With Us

Facebook Youtube Linkedin
SIte Map
Knowledge Base