Using the Virtual Analyzer’s Android Emulator to Interrogate, Collaborate, and Present Digital Evidence
Making digital evidence easy to understand using native app visuals is critical to effectively communicating with prosecutors, judges, and juries.
In today’s world of digital intelligence, reporting and analysis of digital evidence are well understood by investigators and examiners but their colleagues in other departments may be far less aware of the output. The lack of understanding is especially pronounced when investigators try to communicate digital evidence to prosecutors, judges, and juries who are typically unfamiliar with digital forensic data and analysis reports.
Forensic analysts working with Law Enforcement and prosecutors on cases involving homicides, child exploitation, and trafficking, understand that blood and fingerprints remain consistent but digital evidence evolves at an exponential rate.
This is especially true when dealing with apps that experience software updates, timed data disappearance, and fake account engagement. Anyone who has conducted mobile forensics on digital devices knows that hardware and software are ever-evolving and digital evidence can seem like a “moving target.”
The new release of Cellebrite Physical Analyzer 7.10 featuring the Virtual Analyzer allows users to view any digital evidence on Android-powered devices in its native format. The solution essentially unlocks, extracts, and decrypts the information for viewing within an emulator screen that simulates a familiar environment to the user.
This functionality is particularly useful to investigators in instances when app data is not decryptable. The Virtual Analyzer also provides the ability to view “inaccessible” apps, with the data being used to create powerful visual reports to interrogate suspects more effectively, share findings with peers and present evidence to juries.
Interrogating Suspects Using Familiar App Experiences
When questioning suspects, referring to their communication within its native format can be an effective interrogation technique. For example, a Whatsapp conversation can be easily recognizable when seen in context.
Examiners needing to find as much evidence as possible on a mobile device can factor in group descriptions, deleted and intact group images, participant images, and chat admin participants. These data points can reveal new suspects, help expose crime rings, and generate additional digital evidence to accelerate investigations.
In crimes where the suspect knew the victim, investigators will primarily be interested in uncovering the communication between all familiar parties involved. They will attempt to corroborate what a victim has told them, or try to nail down a specific date and time a digital conversation or comment took place.
Victims can doubt the authenticity of even their own messages when they see them out of context, or when they are presented in a table or spreadsheet format, which is the most common method used by investigators.
Virtual Analyzer allows the user to see communication in the same format as it would appear on their mobile device. This makes it much more intuitive and easier to understand because information is presented in a familiar format.
Share Findings with Peers
Virtual Analyzer also provides better visualization and understanding of data in real time. When Cellebrite Physical Analyzer has finished extracting and parsing data and something of potential significance is found, examiners can now take a screenshot and send it to an investigator actively working an investigation who may need to refer to that information immediately.
Today’s prosecutors often receive hundreds of pages of extracted data. This information is difficult to digest and may be ignored when presented in a complex format or in its original state.
Data recovered in a forensically sound manner with Cellebrite solutions can now be factored into a prosecutors’ hypothesis and then presented in an easy to understand visual format to convince judges and juries of the validity of their case.
Enriching Virtual Analyzer Visual Reports with Evidence from the Cloud and Social Media
Obtaining publicly available data from social media networks is also an important way to gather additional information on suspects, victims, and leads.
Watch the video introduction to the Virtual Analyzer, an industry-unique emulator to display forensically sound digital evidence from +3M Android apps. This new capability enables you to view mobile device data in its original application form to allow for easier comprehension and sharing of findings with peers and juries using powerful visual reports.
To increase the amount of data that can be visually represented, the new release of Cellebrite Physical Analyzer 7.10 allows investigators to uncover a suspect’s profile data and public content from social media accounts such as Facebook, Twitter, and Instagram. Together with mobile device extractions, public cloud data on social media channels helps to accelerate forensic investigations by establishing critical connections between people, places, and activities.
A suspect’s circle of relationships can be established with data pulled in from social media accounts. This public information can provide incontrovertible evidence that can also expedite the search for new leads.
In addition to visually appealing user experiences during investigations, the Virtual Analyzer decrypts, unlocks, and decodes digital data to enrich powerful visual reports on demand.