For supporting investigations into criminal activities, investigators often use information provided by the operators of mobile networks. The accepted methods for retrieving such information are lawful intercept and the retrieval of retained data. The first provides metadata and content in real-time whilst the latter provides historical metadata.

Often serving as supporting evidence, lawful interception and data retention are valuable tools for investigators. The data it renders can give insight into the persons involved in criminal activities and can help in revealing the structure of criminal organizations.

A criminal investigation is generally a lengthy process that goes through various stages. Information from various sources is combined to get a better picture of the events and people involved.

Investigation sources such as eyewitness reports or CCTV information might add further insight into what has happened. Subsequent analysis of intercepted and retained data can reveal who might have been involved. Attribution is of critical importance to an investigation. However, to be of any evidential use these persons must be placed at the location of the event at a key time.

Intercepted or retained information received from mobile operators usually contains the identifier of the tower and Cell ID and the direction of the antenna that was handling the call or data session. Combining this cellular data with the identity of the person linked to that call or data session could place the person at that location around the time of the event.

Mobile cells can cover a vast area, especially in rural regions, additional investigation is needed for providing more solid proof. Cell Site Analysis is a combination of analysis of the cell addresses from the intercepted or retained data, supported by a Radio Frequency Propagation Survey. This can provide the forensic evidence needed to link a mobile phone to a location with a reasonable degree of certainty. Through on-the-ground RF measurements, Cell Site Analysis captures information about coverage of mobile cells at a certain location, area, or route.

As such, Cell Site Analysis can help prove or disprove an alibi. By mapping the coverage area of a ‘serving cell’ (the Cell ID from the intercepted or retained data), a reasonably exact area of coverage can be established for that cell phone around the time of the event. This can help in validating an alibi by comparing this with the information given by a suspect.

In a similar way, Cell Site Analysis can aid in a missing person investigation. By overlaying the last known Cell IDs with RF measurements indicating the actual serving area of those cells, a search area can be drastically reduced.

There are two types of equipment that can be used for undertaking the RF survey side of Cell Site Analysis. Scanners sweep the frequency spectrum and register all mobile cells that can be ‘seen’ at that location. SIM-based solutions on the other hand mimic a cell phone and retrieve all sorts of information by connecting to the mobile network.

A scanner works very efficiently, quickly capturing a lot of information in one go, but they tend to be quite expensive. The cost of a SIM-based solution is much lower. And SIM-based systems that are able to emulate multiple phones simultaneously can also take full measurement of all cellular cells (2G – 5G) of all providers in under a second.

Another important forensic aspect in favor of SIM-based solutions is that they actually behave like regular cell phones. In Idle mode when no call is active a phone selects the strongest cell through a process that is called ‘cell reselection’. This selection is based on parameters received from the network. In Connected mode when the handset is engaged in a call, the phone is no longer in control. Based on measurements of signal strength sent by phone, the network decides when a ‘handover’ needs to occur to move the phone to another cell.

Behaving like an actual phone, the processes above are inherent to SIM-based solutions, whereas Scanners can only make the best guess of which cell would have been used for a call at that location.

Forensic Radio Surveys undertaken with the right and reliable equipment are paramount in filling in that last piece of information of placing mobile phones (and therefore presumably its owner) at a certain location at a certain time.

The LIMA Cell Monitor is a SIM-based solution for undertaking Cell Site Surveys. It is a purpose-built solution that can connect to 12 networks simultaneously. In addition to measuring the network coverage, it offers a host of additional features that can be controlled via an App installed on an Android phone or tablet. Combined with a battery pack that can provide 14 hours of unbroken surveying, its small form factor makes it very suitable for surveys using a small anonymous rucksack.

Read more about LIMA Cell monitor.