Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cellular Records Review and Analysis Part 1: AT&T

Published byGeorge Cannon Modified over 6 years ago

Similar presentations

Presentation on theme: "Cellular Records Review and Analysis Part 1: AT&T"— Presentation transcript:

1 Cellular Records Review and Analysis Part 1: AT&T

2 PATCtech Glenn K Bard, Chief Technology Officer Jim Alsup, Director – PATCtech Scott Lucas, Instructor and Examiner Steve Dempsey, Instructor Kathy Enriquez, Instructor Brian Sprinkle, Case Manager and Software consultant Stefani Lucas, Marketing Director

3 Glenn K. Bard Public Agency Training Council tech Chief Technical Officer
PA State Trooper – Retired NCMEC – Project ALERT CISSP, EnCE, CFCE, CHFI, A+, Network+, Security+, ACE, AME

4 For Starters What can we get from AT&T?

5 Cell phone technology What can AT&T provide with appropriate legal process? Call detail logs Cell Sites accessed Cell site sector Azimuth Beam Width Direction of call (incoming or outgoing) Calling number Dialed number Call Time and duration (UTC) Data usage location information Location of cell tower 5

6 Cell phone technology Subscriber information (Name, address, etc)
SMS location information IMEI, IMSI of target phone. Phone Model Tower dump Definitions page (Key Codes) Reports of Lost / stolen phone If prepaid, where purchased? Other phones on the same account Cell sites at the time of the incident (Not current) Historical Handset Location (Nelos) Contents of the Cloud 6

7 Some important definitions
IMEI – International Mobile Equipment Identifier IMSI – International Mobile Subscriber Identifier MSISDN - Mobile Station International Subscriber Directory Number (It means your phone number)

8 Some important definitions
LAC / CID – This is the switch (LAC – Location Area Code) and tower along with side (CID – Cell ID) accessed CGI – Cell Global Identifier Azimuth – The median of the sector accessed Beam Width – The width of the sector accessed MCC – Mobile Country Code MNC – Mobile Network Code

9 Some important definitions
Seizure – The time it takes for the call to connect to the network. NOT the elapsed time. ET – Elapsed Time CT – Call Type UTC – Universal Time, also known as GMT

10 Some important tips The location is Longitude then Latitude
This is the opposite of all other companies The records will come in both PDF and TXT If you want Excel, we will learn how to import TXT into Excel in a bit.

11 Some important tips AT&T can provide locations for Voice, SMS and Data for a very long time. (Which is not common.) Tower Dumps also include Voice, SMS and Data. (Which is not common.) AT&T does not use the terms Lucent or Nortel when describing the tower sides. They simply give the Azimuth. (Which is not common.)

12 Some important tips NELOS
AKA: “historical GPS Locations”, “Historical Handset Location data”, and “Handset triangulation data” Technically: Network Event Location System What it means is an estimate of the location of the handset itself at the initiation of the event. How accurate can it be:

13 Some important tips NELOS

14 Contact information (updated) AT&T Wireless 208 South Akard, 10th Floor Dallas, Texas Phone Number: Fax Number: Address: Note(s): AT&T will now accept service by at:

15 Contact information Two Hints: AT&T now owns Cricket. TracFone sells phones that use the AT&T towers, so the records must come from AT&T. We will get into both of those in Part 5 of this series.

16 Warrant language Subscriber information for the number _____________ including name, date of birth, mailing address, alternate phone number, and other numbers on the same account. All communication for the wireless number _______________ for the time period of _______________ to include cellular calls, SMS messages and Data communications, tower locations (LAC/CID or eCGI) and azimuth / beam width for the sectors accessed during the communication. Also, identify the existence of any AT&T cloud services associated with the wireless number of ____________________________ and provide any data held within the cloud to include SMS, MMS, and s communications. Additionally, supply “historical GPS Locations”, “Historical Handset Location data”, “Handset triangulation data”, aka NELOS (Network Event Location System). Also provide any IP (Internet Protocol Addresses) assigned to the device for the time period of _____________________. Lastly, provide a detailed definitions page which identifies all information in the records. Please provide this information to Detective ________________ in digital format on a compact disc in Excel, PDF or TXT format.

17 Retention periods Subscriber information: 7 years Call History: 7 years Tower Locations: 7 years SMS Content: Not available Tower Dumps: 7 years NELOS: Over 1 year

18 Now let’s see some examples of what you can get:

19 Follow PATCtech! Updates & PATCtech Research Public Safety News
Forensic Digital Evidence Investigators (LinkedIn Group) Updates & PATCtech Research Public Safety News Training Opportunities

Download ppt "Cellular Records Review and Analysis Part 1: AT&T"

Similar presentations

Aspire Vertical Markets Executive Suite Solution.

Aspire Vertical Markets Executive Suite Solution.
Intermediate 2 Computing

Intermediate 2 Computing
Unified Communications (UC) Quick Reference Guide USING YOUR UC CLIENT This guide is designed to provide you with a quick overview of the Unified Communications.

Unified Communications (UC) Quick Reference Guide USING YOUR UC CLIENT This guide is designed to provide you with a quick overview of the Unified Communications.
OfficeTrack Mobile Employees Location Management Service.

OfficeTrack Mobile Employees Location Management Service.
OfficeTrack Mobile Employees Location Management Solution.

OfficeTrack Mobile Employees Location Management Solution.
CC4100 Active Cellular Intercept Technologies

CC4100 Active Cellular Intercept Technologies
CDR Analysis & Investigation Basic Course - Presentation

CDR Analysis & Investigation Basic Course - Presentation
CDR Analysis & Investigation Basic Course - Presentation

CDR Analysis & Investigation Basic Course - Presentation
Telecom Analytics – by Arindam Guptaray. Few words about me... B. TECH FROM IIT KHARAGPUR. MBA (FINANCE) FROM UNIV. OF MINNESOTA, CARLSON SCHOOL. HAVE.

Telecom Analytics – by Arindam Guptaray. Few words about me... B. TECH FROM IIT KHARAGPUR. MBA (FINANCE) FROM UNIV. OF MINNESOTA, CARLSON SCHOOL. HAVE.
INTERNET A collection of networks. History ARPANet – developed for security of sending in case of a nuclear attack IDEA – the system would not go down.

INTERNET A collection of networks. History ARPANet – developed for security of sending in case of a nuclear attack IDEA – the system would not go down.
Aspire Vertical Markets Real Estate Office. Real Estate.

Aspire Vertical Markets Real Estate Office. Real Estate.
Internet Basics 1 Internet Basic includes two lessons:  Lesson 1: The Internet  Lesson 2: The World Wide Web.

Internet Basics 1 Internet Basic includes two lessons:  Lesson 1: The Internet  Lesson 2: The World Wide Web.
SIM Card Facts. SIM Card Form & Definition SIM is short for Subscriber Identity Module. SIM cards are small removable smart cards that are used in many.

SIM Card Facts. SIM Card Form & Definition SIM is short for Subscriber Identity Module. SIM cards are small removable smart cards that are used in many.
Network security policy: best practices

Network security policy: best practices
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
MessageSync™ Exclusively By: TELETOUCH PAGING, LP A Critical Alerts System Company.

MessageSync™ Exclusively By: TELETOUCH PAGING, LP A Critical Alerts System Company.
Mobile Phone Networks Dr. Hassan Nojumi1 MOBLIE PHONE NETWORKS Dr. Hassan Nojumi.

Mobile Phone Networks Dr. Hassan Nojumi1 MOBLIE PHONE NETWORKS Dr. Hassan Nojumi.
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.

WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.
Privacy, Security and Confidentiality for Calls, Texts and Contact Lists Secure Mobile Communications.

Privacy, Security and Confidentiality for Calls, Texts and Contact Lists Secure Mobile Communications.

Similar presentations

Ads by Google