Police 'frustrated by deleted text messages'

Law enforcement is at the mercy of mobile phone manufacturers, according to University of Cambridge researchers.

Unlike PCs, where 'deleted' data can still easily be accessed, information wiped from a mobile phone's internal memory can be almost impossible for the police to recover, according to Tyler Moore, a researcher at the University of Cambridge Computer Laboratory. This can hinder police investigations due to a lack of evidence.

Speaking at the Workshop on the Economics of Information Security in Cambridge on Monday, Moore warned: "Standard forensics tools don't address the less popular types of phone. Sixteen per cent of phones are not accessible beyond the memory on the SIM card. This is a consequence of using proprietary as opposed to open standards."

When a user tries to delete data on a PC, the information is not actually removed. Instead, the pointers to the data are deleted but investigators can still recover it. While mobile phone data is typically treated in the same way, the proprietary nature of the mobile phone market means that information is stored and handled in non-standard ways. This makes investigations more expensive and uses up valuable resources, according to Moore.

Interface commands of proprietary phone technologies also vary widely, which means it isn't economically viable to make forensics tools for less popular types of phone.

Moore said: "Developing technologies for extracting proprietary data has a higher fixed cost. Inexpensive data extraction is only possible if common storage formats and procedures are adopted."

However, computer security experts did not agree that the police are hindered in their investigations by proprietary phone technologies, since it is also possible to gather evidence about mobile use from the network provider.

Peter Sommer, who has appeared as an expert forensics witness in several court cases, said: "Why bother with examining deleted text messages when you can get data of who is talking to who? With the right warrant, you can also read traffic in real time.

"Nearly all crimes also exist in the physical domain - real people with real houses, and real cars [which can be tracked] moving around. Police correlate both real and virtual data in an investigation."

However, Moore argued, most crimes don't occur when a suspect is under surveillance. "A lot of crimes aren't premeditated," he said. "There's a difference between getting a warrant and keeping them under surveillance rather than arresting someone at the scene of a crime when they haven't been under surveillance."

Tom Espiner writes for ZDNet UK