MetroPolitan Security

Phone log & Coronavirus – Solution (February 2020)

Tracking possible COVID -19 infection and epidemic outbreak areas

The analysis of telephone records belonging to persons affected by pathologies such as the coronavirus (COVID-19) can pinpoint geographical areas of possible infection and outbreak of the disease.

A blueprint of potential investigative interest can be charted by linking all the cell towers connected to their phones and thus proceed with the appropriate health procedures to contain the epidemic.

The following figure describes a hypothetical scenario loaded with randomized data.

It displays an example of connections to cell towers and movements made by two telephone devices used by two separate subjects found to be affected by the virus. One is displayed in red and the other in green.

Note the areas of possible contact, where the cells displayed in red and those in green are close to each other, and the areas where the green subject moved on the map.

 

 

phonelog 1

 

      Figure 1: Example of the display of cell tower connection and movements for two separate users (RANDOMIZED DATA)

 

Information drawn from telephone records is based on hard and defined facts, not on the testimony of persons infected with the virus or people in contact with them: these depositions may be sketchy at best, influenced by an altered or self-protective state of mind, given the potential of hysteria typical of cases of viral outbreaks.

Worse of all, this type of investigation is time consuming when in fact time is not an option.

The use of this resource is therefore necessary in order to efficiently harness movements and meetings retroactively, and quickly optimize health procedures focused on searching for other potential infection zones and limiting the spread of a virus.

 

Once an area of interest has been traced out, an added and useful activity is defining the real coverage of the cell towers connected to the subject of an investigation.

There is a difference between what is assumed as being the area in which a cell tower operates and what in reality may be the real geographical coverage of that cell tower. This is critical when defining a red zone.

Performing coverage surveys with dedicated tools, called BTS Trackers, and verifying where cell towers actually are able to connect to mobile devices is critical in a well-performed investigation.

For instance, a tall glass building can completely affect a cell tower signal and possibly reflect coverage to another zone which should not be part of that tower’s theoretical coverage area. In this case the device will have no possibility of generating traffic in the theoretical area but be in contact with that cell tower somewhere else.

This means a person could have been in a different part of a city, in contact with other persons not contemplated by a less detailed investigation scenario.

As an example, in figure 2 the theoretical cell tower coverage is highlighted in blue, whereas the red points show the real coverage generated by the same cell as surveyed by a BTS tracker.

In these positions, the cell tower can accept calls made by the user of interest, even though theoretically there should not be a signal in those areas at all.

This careful and thorough analysis allows investigators to refine and expand an area of possible contamination, by understanding whether or not the cell tower connected to the user’s device covers, as an example, the inside of a public building and consequently verify the hypothesis that that person may have been there.

 

phonelog 2

       Figure 2: example of a cell tower’s theoretical coverage as opposed to its real coverage

 

Some background information of Call Detail Records analytics and BTS survey technology

A Call Detail Record is produced by service providers with information relative to calls and data traffic generated by landlines and cell phones: the device identification, transmission date, time, duration, completion status, source and destination number, amount of data transmitted or received, relative to a requested period.

For billing reasons, carriers store a phone’s activity, an incredible source of the highest level of inalterability compared to others. These data are normally used in digital investigations in criminal cases, for the resolution of the many types of crimes.

Integrating this knowledge with sound facts collected on how and where the cell tower infrastructure actually spreads its signal is the canvass on which an investigation can spot the movements and interactions of a person of interest not only in the digital environment but in the real world.

A wider view and use of this information, objective data that is automatically created when using mobile phones, can be highlighted as being an additional means to help those tasked with the responsibility of enhancing the national security of citizens around the world.

-------------------------------------

Metropolitan Security is a digital forensics company specialized in developing technology for the analysis of Call Detail Records and cell tower real coverage investigation.

The team cooperates with law enforcement agencies and digital experts committed to the examination of electronic devices and related data, providing them consultancy as well as support and training.

Phonelog is a software solution created from the imagination and desire of Nicola Chemello and Massimo Bastianon, two young IT engineers who in 2010 set out to create a system which would help investigative forensic data analysis: not a highlighter, a pen, and stacks of paper phone records, but a user-friendly, modern and efficient tool to save time and create strong forensic analysis.

The result is able to absorb, analyze and correlate data from different sources: call detail records, cell tower data, mobile extractions, GPS logs, and more. It simplifies the investigative task offering many ways to manage, organize and show visual results in a simple and efficient fashion.

Phonelog offers a variety of functions which range from map positioning to defining user habits and interactions with other entities.

 

BTS tracker is a hardware device designed to scan an area of interest and define its radio environment. It specifically searches for all the cell towers active in that area and logs their real coverage: this helps an investigator define and understand the how cell towers really perform and connect to mobile devices and have a deeper understanding of the digital environment that surrounds us and fine-tuning research and the mapping of a device’s movements.