National Cell Phone Forensics Team

From CAPipedia
Revision as of 04:40, 14 August 2021 by Jerad (talk | contribs) (The Civil Air Patrol National Cell Phone Forensics Team)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The Civil Air Patrol has a National Cell Phone Forensics Team which assists Search and Rescue teams across the continental United States and Alaska in locating aircraft and missing/lost/injured persons through analysis of historical cellular data records.

History

Patch of the National Cell Phone Forensics Team

The National Cell Phone Forensics Team, typically referred to as the "Cell Team" got its start in 2006 when then-1st Lt Justin Ogden was participating in a mission searching for an aircraft that was presumed to have crashed. Ogden had set up a portable repeater and was running radios at a mission base when someone involved with the search contacted a cell carrier and requested data. Ogden was involved in verifying the data's accuracy which lead to contacting a cell carrier directly and meeting one of their engineers. Ogden's analysis of the data showed searchers were in the wrong area and his analysis was within 300 yards of the eventually located crash site, accuracy that was unheard of at the time.

Eventually now-Maj Ogden's ability to review cell phone data and devise search areas gained popularity in aircraft searches. The Air Force Rescue Coordination Center (AFRCC), which tasks the Civil Air Patrol with assisting with Search and Rescue (SAR) missions, began to request Ogden's help more frequently. This lead to Ogden developing a number of tools from scratch which significantly sped up the process of analyzing the data provided by cell carriers. He also developed tools to help communicate with searchers and objectives, allow objectives with working smart phones to provide GPS position information, and automated a number of mission start-up processes to maximize efficiency.

Initially Ogden was named the "National Cellular Search Operations Liaison" for his work in cell phone data analysis. After a move to Arizona put him in touch with Col Brian Ready, Col Ready helped bring Ogden's talents to the attention of senior CAP leadership. Working together, they were now the "National Cell Phone Forensics Team" and eventually other members of the Arizona Wing joined the team.

The Cell Team went from less than 5 missions a year the first couple of years to averaging a mission per day in 2017 and 2018. Once a last resort effort, most agencies that request support for searches from the AFRCC solely ask for the Cell Team's support and request no other federal resources. Once smart phones became ubiquitous, searching for phones became the de-facto first step in nearly every search. A vast majority of the finds and saves that the AFRCC credits to the Civil Air Patrol each year are due to the Cell Team's participation. Branching out from just missing aircraft searches, the Cell Team now supports a multitude of search types for agencies throughout the continental United States and Alaska.

Maj Jerad Hoff (L), Maj Justin Ogden (C), Col Brian Ready (R)

Capabilities

Using tools developed by Ogden, the team can analyze historical cellular data to develop a Most Likely Area (MLA) for a phone at a given timeframe. Most searches involve phones that are no longer communicating with the cell phone network because they have moved out of the coverage area, have been turned off, or have become damaged. Looking at historical data allows for MLAs to be created that show where a phone likely was at a certain date and time, search organizers can use that information to extrapolate the likely travel paths the objective could be on. At the very least it provides a starting point for the search.

In addition to working with cell phone carriers, the team also works with Google and Apple to obtain position information about their smart phones. While Apple's privacy policies limit their usefulness only to iPhones that are on and communicating with the network, Google general possess a tremendous amount of historical position information on Android based phones.

In some searches the objective may have called 911 but for an unknown reason, the position provided was inaccurate or missing. The Cell Team works with the two primary providers of 911 service in the continental United States and is often able to obtain accurate GPS-based position information that the Public Safety Answering Point (PSAP) missed.

Tools

Locator Link

A custom link that when accessed by the objective, queries their smart phone's GPS and reports their position to the Cell Team. This is used in scenarios where the objective is lost but able to call for help.

Patch of the Air Force Rescue Coordination Center

The Communicator

Invented by Ogden, The Communicator provides the ability to determine if a phone is currently on the network and communicating. Additionally, it allows for the automation of the creation of a Locator Link and texts the link to the objective.

The Communicator allows the team to text a person but have all messages appear from the same phone number. It also facilities calling people from the number to reduce confusion of the person being contacted. Instead of getting calls and texts from a different number for each person on the team, everything is unified into one contact point.

Map To Target

If specific coordinates are developed for the objective, a specialized link can be sent to searcher's smart phones that essentially gives them a line to follow on a map to the target location.

Most Likely Area

A custom tool developed by Ogden, a web-based utility that converts raw historical cell phone data into KML files for easier analysis. When Ogden started he had to plot by hand each transaction provided by a carrier, which can easily be hundreds of transactions. Now several days worth of data can be plotted in seconds.

Coverage Mapping

One analysis point that really sets the Cell Team apart is the use of computer models that map the coverage area of individual cell towers. Combined with the plots of cell transactions, the two data points combined together and usually decrease the size of the Most Likely Area of a phone.