EXAMINATION OF TELECOMMUNICATION SYSTEMS (EQUIPMENT) AND FACILITIES
General provisions
Telecommunication examination is an independent expert specialty, which belongs to the type of engineering and technical examination. The content of telecommunication examination is the study by an expert on the basis of special knowledge in the field of electronics and telecommunication systems, facilities, networks and their components, the information transmitted by them, received, processed and contains factual data on circumstances that are relevant for the investigation of a crime or consideration of a case.
The subject of telecommunication examination is factual data that are relevant for the process based on the study of telecommunication systems, facilities, networks and their components and the information transmitted, received and processed by them.
The objects of telecommunication examination are:
- – telecommunication systems (for example, systems of mobile operators, television systems, radio systems, etc.);
- – mobile terminals (for example, phones, smartphones, tablets and other mobile devices with installed software);
- – billing systems (for example, billing systems of mobile operators, billing systems of banks, systems of state registers, etc.);
- – specialized technical devices (for example, active interference stations, telematics modules, access control panels, active key programmers for cars and immobilizers, etc.).
Tasks solved by telecommunication examination
The main tasks of telecommunication examination include:
- – determination of characteristics and parameters of telecommunication systems and facilities;
- – establishment of facts and methods of transmission (receipt) of information in telecommunication systems;
- – establishment of facts and methods of access to systems, resources and information in the field of telecommunications;
- – determination of technical indicators of the quality of telecommunication services at the level of their consumption;
- – establishment of configuration and working conditions of telecommunication systems and facilities;
- – establishment of type, brand, model and other classification categories of telecommunication systems and facilities;
- – research of algorithms for information processing and its protection in the field of telecommunications.
Issues to be resolved during the telecommunication examination:
- – What are the type, brand, and model of telecommunication means (systems)?
- – Is the telecommunication facility (object) in working condition?
- – What characteristics of network connections does a telecommunications facility have?
- – Have the users of the telecommunications network changed the settings of individual devices, at what time, and what are their values?
- – What is the general nature of connections to the telecommunication network performed by the object (telecommunication system, means)?
- – What software was used to connect to the telecommunication network?
- – What is the topology of hardware integrated into a telecommunications system?
- – Does the functioning of the telecommunication means (system) comply with the technical documentation?
- – What technical characteristics (parameters) does the telecommunication tool (system) have?
- – Has there been access to the telecommunications system and in what way?
- – Has there been a use of resources and information in the telecommunication system and in what way?
- – Did the fact of transmission (receipt) of information in the telecommunication system take place and in what way?
- – Are there any signs of interference with the telecommunications system?
- – Could the hardware be combined into a telecommunications network and on what grounds?
- – What are the ways of data routing in the telecommunication system?
- – Is it possible to use a telecommunication tool (equipment) for these purposes?
Features of the appointment of telecommunication examination
When appointing a telecommunication examination, special attention should be paid to the collection of research objects. The slightest unqualified action with the telecommunication system often ends with the irretrievable loss of valuable search and evidentiary information. In this regard, for the collection of objects, it is advisable to attract a specialist.
Nowadays mobile phones, smartphones and tablets are among the most frequently studied objects of telecommunication examination.
Typically, modern smartphones and tablets have different degrees of protection (access code, graphic code, fingerprint, face scanner, etc.) and a permanent connection to the Internet (the information contained in them can be blocked or deleted remotely).
In such cases, the mobile phone, smartphone or tablet should be switched to “aero plane mode” and, if possible, remove the SIM card without turning it off and keep the device unlocked until the transfer to a specialist.
Typical tasks of examination (in detail)
Research of mobile devices. This area of telecommunication examination in countries where there is no sufficiently formalized division of forensic experts into relevant specialties inherent in Ukrainian legislation is called “Mobile Forensics” (MOBILE FORENSICS – English). Within this direction, studies are carried out on the information of the user of the mobile terminal (mobile phone, smartphone, tablet, modem) and mobile applications installed on them (including messengers, etc.). The lion’s share of such research falls on devices operating on the basis of iOS, Android and BlackBerry operating systems.
Based on the results of such research, the customer of the examination is provided with a technical report with all information available and deleted by the user (in this case, “deleted information” means information that was previously deleted by the user of the mobile terminal and which was restored using special software and hardware systems). The practice of recent years is aimed at providing the most complete information in a form that allows the investigator, according to certain criteria, to highlight the one that relates to the subject of the investigation. As a rule, such examinations are conducted in criminal proceedings.
In the case when the body appointing the examination has defined clear criteria for information related to the investigation or case, based on the results of the examination, a technical report shall be submitted only with information that meets the specified criteria.
For example, when the pre-trial investigation body is interested in correspondence in the WhatsApp messenger, the report will provide exactly the content of the correspondence with the relevant official data: the date and time of messages, attachments to messages, participant IDs, etc.
Research of billing data of a mobile operator. Billing (English. billing) in some types of business, in particular in telecommunications – an automated system for accounting services provided, their tariffs and invoicing for payment. In the field of telecommunications, billing is officially called the automated settlement system (ACP). As a rule, such studies are aimed at analyzing data recording billing systems of mobile operators, which include the following data:
- – Date and time of connections of specific subscribers;
- – Type of connection (phone call, sending or receiving messages from another subscriber, receiving service messages, etc.);
- – Location of the base station (BS) of the mobile operator at the time of connection and azimuth of direction of the corresponding BS antenna.
The tasks solved in these studies include establishing an approximate place where the mobile terminal was located during such connections, the number date and time of connections between certain subscribers, confirmation of the fact of connection between specific subscribers or groups of subscribers, etc. Also, studies of technical aspects of the ACP functioning of mobile operators are carried out, for example, confirmation of the fact of providing services to the subscriber and the volume of services, etc.)
Investigation of code grabbers and similar devices. It is customary to refer to code grabbers devices (systems) designed for unauthorized interference in the operation of a car alarm by intercepting and processing a signal from the car owner’s car alarm console, which provides full access to the car burglar alarm.
The first official mention of the code grabber can be found in the article “Keychain for a hundred thousand” of the 11th issue of the magazine “Behind the Wheel” in 2008.
Systems for intercepting and processing a signal from a car alarm console are conventionally divided into groups:
- – Scanners (for security systems with a static code, which were produced until the mid-90s);
- – Code grabbers (for security systems with a floating code, which began to be produced since 1995).
- The main questions put to the expert in the appointment of such examinations:
- – What is the functional purpose of the device provided for research?
- – Does the device submitted for examination correspond to its functional purpose — the car alarm console “(model name)”?
- – Is the device provided for research suitable for use as a car alarm control panel for a car “(car model)”, state number (state number)?
- – Can the provided device be used to scan car alarm information to the car “car model”, state number (state number) (off and on signal)? If so, how?
- – Is information about car alarm codes stored in the device submitted for research? If so, is there among the stored information — codes for switching off and on car alarms installed in the car “car model”, state number (state number)?
Study of technical and technological aspects of development, implementation and operation of telecommunication systems, in particular:
- – Fixed (fixed) and mobile (mobile) communication.
- – Telecommunication networks, including television networks, wire and radio broadcasting networks, radio relay networks, etc.
- – Technical investigation of traffic termination – establishing, maintaining a physical and/or logical connection, passing traffic between the telecommunications network from which the call is received or the connection is initiated, and the terminal equipment to which the call is directed or the connection is initiated.
- – Technical analysis of the interconnection of telecommunication networks, – the establishment of a physical and/or logical connection between different telecommunication networks in order to enable consumers to directly or indirectly exchange information.
- – Study of information security of telecommunication networks – the ability of telecommunication networks to provide protection against destruction, distortion, blocking of information, its unauthorized leakage or violation of the established order of its routing.
- – Investigation of telecommunication channels – a set of technical means designed to transfer electrical signals between two points of the telecommunication network, and which is characterized by a frequency band and/or transmission rate.
This list is not exhaustive, since this type of research includes all technical issues related to the provision of services in the field of telecommunications (telecommunications), namely: transmission, emission and/or reception of signs, signals, written text, images and sounds or messages of any kind by radio, wire, optical or other electromagnetic systems.
From the above list of tasks of forensic examination of telecommunication systems (equipment) and means, it becomes clear why this is a separate type of forensic examination, which cannot be covered and/or absorbed by a somewhat related type of engineering and technical examination – forensic computer and technical examination, as some experts believe.
