SMS, Instant Message (IM) or Cell Phone Video/Audio Evidence
Electronic Record Subpoena, Preservation, Authentication & Chain of Custody
Computer (including cell/mobile phone) text messages are sometimes used as evidence in legal proceedings. So what is the best way to save a text (or photo/video/audio) record as evidence? In other words, how can an investigator secure digital evidence today so he can prove its chain of custody later in a court?
Suppose your estranged spouse (husband/wife) cell phones you a photograph or text message relevant to a future divorce hearing. Or suppose a business partner (or manager, boss, politician, government official) sends you a video important to a dispute/lawsuit -- sexual harassment, employment discrimination, breach of contract.
There is no perfect way to save electronic evidence, but some techniques are better than others. The more you freeze the data to prevent its deletion and deter its modification, the better. And the more you capture timely information about its source, the better.
Update 2011: See
1. new methods for preserving web evidence.
2. How to make a Gotcha! video with your smart phone.
To use the service, you need to store the content of the text message in a computer file like a pdf, a doc or a jpg. Then you upload the file (or if you're a techie, a hash of the file) to the service, and you record a statement about where the evidence came from, how you captured it and so on. The service calculates a "signature code" for the file. Then it allows you to speak a voice statement that says you sign the evidence, together with the "signature code" as of a stated date. Finally, the service sends you a self-explanatory archive showing that you authenticated the evidence with your unique voice.
If after that the evidence file is changed, it will no longer match the signature code contained in your dated voice record. Thus the service reliably links you (as evidence collector) to the evidence and establishes the existence of the evidence as of a date. This information can be invaluable when assessing evidence months or years later, such as in a lawsuit, when memories have faded or possibly when you are no longer available to vouch for the evidence.
 |
| Click Here |
Update February 2013: Forensics to recover deleted logs, images, geolocation and text messages,.
Update: Legal subpoena for information from Facebook.
Update July 2011: See discussion about recovery of text messages from service providers.
--Benjamin Wright
Mr. Wright teaches data security and investigations law at the SANS Institute.
[Nothing on this blog is legal or technical advice for any particular situation. It is not a substitute for counsel from a lawyer or a technical professional. If you need help, go get it from someone who knows what they are doing. If you need legal or technical advice, you should consult an attorney or a technical expert. Remember there can never be any assurance how evidence will be used or interpreted for legal purposes, if it is used at all. Also the above may not be a complete analysis or the best for a particular situation. For example, a person preserving a message with My Electronic Evidence may also need to preserve the message in its original state, such as in cell phone flash memory, even though that would be inconvenient and the value of the message data in that state can diminish as time passes.]
I canot find any info on HOW TO store the content of the text message in a computer file like a pdf, a doc or a jpg--apparently the first step. I have tried to forward to my e-mail address without success. In this case it is my phone and I am trying to make a permanent record befopre the text mesage is deleted. I use Verizon, if that makes any diference.
ReplyDeleteIn the personal experience I described above, my wife's phone allowed me to forward a stored text message to my yahoo e-mail address. Once it got to my yahoo e-mail, and was viewable through my web browser, I used Adobe Acrobat software installed on my PC (and integrated with my browser) to "print" the e-mail as a pdf.
ReplyDeleteThat's how I did it. I have no idea whether you can do the same with the hardware, software and services available to you. You may want to hire an expert to help you. --Ben
if a supeona was gotten for someones text messaging records, does the cell company release all text messages or just the text messages for the two people involved in the criminal case
ReplyDeleteT-mobile companies do not release any text messages without a warrant, and those are not stored anyway. For a serious crime a Warrant has to be issued for them...and it has to come from a judge.... All that is contained in the administrative subpoena is the numbers that called in and called out. unless a serious crime in under investigation ... the released records will not release any GPS info or Text messages. I just confirmed with tmobile legal so ...basically it.s a waste of time....all the person will see is the call logs....which if they were in contact themselves, and were not suppose to be .. they could end up incriminating themselves...because records will show the incoming calls too....i just found this out.
DeleteThey do keep photos though......
DeleteSo if my text messages were court ordered from 2008 through Tmobile, only the date and times would be released, not the content of the message?
DeleteAnonymous: I do not know the answer to your question, although maybe another reader does. Service providers like Tmobile are not always consistent in their behavior on these issues. Also, the behavior of a service provider may depend on (a) which court issued the order, (b) precisely what the order said, and (c) other factors. --Ben
DeleteI don't know. It may depend on the wording of the subpoena. Some subpoenas are broader than others. --Ben
ReplyDeletecan a spouse really pull records? doesn't the electronic communications Privacy Act prevent even your spouse from pulling your records without their authorization? wouldn't that also apply to the cell phone companies if he/she requested them?
ReplyDeleteThat is a good question, and the answer is complex. This blog is not the place to get a complete, definitive answer to that question (or any other question), and this blog does not provide legal advice to anyone. With that said . . . I pulled off the shelf the Second Edition (originally released 1995) of my book The Law of Electronic Commerce. I turned to Section 20.5.2. That section generally discusses the idea that under the Electronic Communications Privacy Act a subpoena may justify the release of electronic communications (such as maybe text messages) stored more than 180 days by an "electronic communication service." Please note: if you wish to fully understand this topic, you need to know a lot more than what I just said in the immediately foregoing sentence. Thanks for asking the question. –Ben
ReplyDeleteIn the state of Washington, text messages stored by your phone provider can only be retrieved by a supeona. The cell phone companies will not release them any other way.
ReplyDeleteIn the State of Washington, copies of sent text messages are stored by the cell phone companies, but can only be retrieved by supeona or court order.
ReplyDeleteI found this whilst googling "text message evidence". I reported the man I was in love with for the confessions he'd made to me about underage girls he's in all senses abused, of course he doesn't see it as that he just sees it as perks of his job (a rockstar), but someone got my laptop and destroyed it because it had the instant message conversations saved in which he made this confessions or boasts as they came across to me. Are aol instant message conversations saved on a server anywhere?
ReplyDeleteIt is true that copies of sent text messages are stored by the cell phone companies, but can only be retrieved by supeona or court order.
ReplyDeleteHowever, Verizon, for example, only stores text messages on their server for three days. Good luck on that one.
So if someone has 2 phone/text accounts...1 Verizon & 1 AT&T, does that mean there is ABSOLUTELY NO WAY to retrieve text messages from prior to 3 or 4 days ago?
ReplyDeleteSomeone made a fake profile of me on a social networking site saying a whole bunch of personal stuff, like I was a recovering alcoholic, had psychiatric issues, etc. Every word the person(s) said were true, but it was really humiliating and some were secret things about my health that I never told anyone before. Was this illegal on their part? I've heard it said the best defense to a charge of slander is the truth. What can I do?
ReplyDeleteAnyone that can help
ReplyDeleteMy wife has left me for another man. She confessed her relationship on my iphone. She now denies everything she confessed. She is currently filed a PFA against me. The recordings I have prove my innocents. Can you advise me on how I can legally use the recordings? Our court date is September 8th 2009.
can the contents of a text message be modified by the person receiving them? If so does it depend and/or matter what phone the receiver uses? In other words can the content of a message be considered to be 100% accurate with no chance of it being modified or manipulated by the receiver? Given the fact that the message is obtained only on the received phone?
ReplyDeleteGoing through a divorce & custody battle. I hacked my wife's yahoo account and found a ton of evidence of her affair! Can I subpoena those emails so I can use them legally???
ReplyDeleteHi there,
ReplyDeleteI have text messages from a client who sexually harassed me. For some reason, and I don't know if it's my switching my SIM to a new blackberry, all of the messages show at the same time (2:22), and my messages back to him are missing. is there any way to retrieve them, either from my old phone, my new one, or T-Mobile? It could go to court and I would like to know my options.
You may need to get legal or technical advice from hired experts. -Ben
ReplyDeleteOur problem is the exboyfriend is sending the text to his email and altering it and printing it off as what was said....How do you handle these situations?? This can easily be done...any solutions? I don't think text messages should be allowed if not on the actual phone and then, they can send to themselves, open, alter and save....
ReplyDeleteHow hard is it to get a court ordered subpoena for texts? I'm on the verge of filing a retaliation case and know little about it. I'm 99% confident that proof lies in a few key managers texts. I have a LOT of emails, financial retaliation docs without the texts. Can a quality lawfirm get a subpoena if their opinion alone is that there is a strong case for the plaintiff?
ReplyDeleteThank you very much
To the two most recent anonymous posters above: I don't know. You may need to hire and consult a professional. --Ben
ReplyDeleteI have found that no emails can be submitted as evidence. I did this to
ReplyDeletesee if this was possible and it is VERY easy to do. I got a regular text from a friend, took a screen shot of text string from IPhone and forwarded it to my email. I copied the text into word, changed the entire wording of the message. I then copied back into email and saved as PDF. A friend had a bunch of texts saved in bodies of emails and the judge wouldn't consider looking at email or text messages. Just too easy to manipulate.
If you're looking to see your husband's deleted cell text
ReplyDeletemessages, then this is absolutely the way to go. It's fast,
effectively and does no damage to the cell phone and it will
give the answers you're looking to know what your husband is
up to.
retrieve text messages
legal documentation requires date and time stamp. so far other than having a smartphone or data phone, there isn't a way to save date/time stamps on text/picture messaging.
ReplyDeleteHow far back can Verizon give a cour text message archives with a court order? Specifically, how long do they keep those archives? How far back CAN they go? Thank you!
ReplyDeleteHas anyone here heard of text message retrieved via subpoena from t-mobile? Officially they say that they do not store that content but unofficially I have heard stories on how they have it all, either in storage or backed up on CDs. Can someone tell me how to send a preservation request to (and afterwards obtain text message content from) a phone company (t-mobile) that doesn't even claim to have them to begin with? Anyone aware of any cases where text message content was retrieved from T-mobile? If someone can let me know or email me at forest786@hotmail.com I would be most grateful.
ReplyDeleteCan an actual cell phone be admitted as evidence without having the text message subpoenaed?
ReplyDeleteAnonymous asked: "Can an actual cell phone be admitted as evidence without having the text message subpoenaed?" My answer is that I don't fully understand the question. A lawyer would have to know more about the case to answer the question in a meaningful way. . . . The literal answer is that yes, physical evidence like a cell phone can be admitted as evidence in a court, and the messages stored on the phone do not first need to be subpoenaed.
ReplyDeleteHowever, that answer is probably not telling you very much. I have questions about who owns the phone, how it came to be offered as evidence, why it is being offered as evidence, what aspects of it are apparent to the court, whether it is functioning and so on.
To simply enter a phone as evidence (so that the judge and jury can view it) does not necessarily make any of the data on the phone accessible to the judge and jury.
[Remember: None of my public statements are legal advice for any particular situation. If you need legal advice, you should consult a lawyer. My public statements are for general public education and discussion only.]
--Ben Wright
Thanks !
ReplyDeleteMr. Wright, as part of a research assignment I'm trying to find out if the cell providers store the content of multimedia messages (photo/video/etc.) in the same manner as texts? May these items be subpoenaed and reproduced in a legal proceeding? Is the period of storage by the provider regulated by the FCC or is it set by the providers themselves?
ReplyDeleteFish: Thank you for your comment. I don't know the answers to your questions, except this: Generally speaking, if records exist, such as in the hands of a service provider, methods are available for causing those records to be produced for legal proceedings. Those methods are not always easy to invoke.
ReplyDeleteHow can you turn text messages which you received into court evidence?
ReplyDeleteIf my ex and his mother (through a sworn affidavit) quoted my mother from text messages in my custody case, can we produce the entire text conversation as a defense to their false allegations?
ReplyDeleteHi, can I use a video recording as evidence in court that the person who issued me a bounced check received my demand letter and notice of dishonor. I was able to record our meeting on my cellphone and is wondering if this can be used in court as evidence in case she denies receipt of the demand letter
ReplyDeleteThe use of any piece of evidence in court depends on many factors (Is the evidence relevant? Can it be authenticated? Has it been tampered? Was it captured illegally? And so on.) However, good video evidence is often very powerful in legal proceedings. See tips on how to make good video evidence. --Ben
ReplyDeleteVoice messages? I don't know. You may find some relevant information in the discussion about records retained by mobile carriers. If a voice message were saved on a mobile device, and then deleted from the device, a forensic expert might be able to retrieve some or all of it. --Ben
ReplyDeleteMy Jan 18, 2012 comment above was in response to an anonymous comment about retrieving deleted voice messages. I accidentally deleted the anonymous comment.
DeleteHow hard is it for police to obtain a subpoena for cell phone records? Would this only be used when the person is a suspect? How long does the process usually take?
ReplyDeleteDepending on the case, it is very possible that police would attempt to obtain phone records of a person who is not a suspect. The fact that a phone customer is not a suspect does not, in itself, prevent police from obtaining records under due process of law.
ReplyDeleteMr Wright,
ReplyDeleteI wanted to look back at some of my OWN texts but sprint is telling me I need a subpoena to receive them... Is it even possible to get a subpoena for your own records without filing some sort of case?
I cannot comment on the specifics of your situation. But sometimes police can issue a subpoena. Sometimes, certain other government officials (like the inspector general at government agency) who are conducting an investigation can issue a subpoena.
DeleteMajor Update 2012: New do-it-yourself video on how to capture and preserve an important or legally-significant text/cellphone message.
ReplyDeleteDear Mr. Wright-
ReplyDeleteI have a question that I hope you might be able to answer. It is regarding requesting a subpoena for a person's cell phone records. If the records are acquired can you then determine and pinpoint if the phone user was web browsing at a specific point in time? Can you also determine exactly what web pages the person was viewing?
Thank you!
Anonymous: I don't know the answer to your question. Here's a mere guess: The kinds of records that are retained will vary from one phone to the next, from one carrier to the next and from one app to the next. Records on the phone itself are (my guess) more likely to contain specific browsing history. But maybe the carrier will have some of that information, and maybe the app maker/operator (like the browser maker/operator) will have some of that info. I don't know. Maybe some other readers here will know something specific.
DeleteDear Mr. Benjamin Wright:
ReplyDeleteSir can I ask a question. I am about to file an annulment to my husband. Lately, his text messages harrasing me. Then he have text messages that he told me he get my personal text messages from one of the network companies here in our country (Philippines). We are in democratic country. My question is his message his true? that the private Network companies here will give the my previous messages from my mobile number? I'm just curious because I read about telecommunication laws about the privacy of any text messages that will come and goes to the message center of my sponsored network. Please help me sir to understand. Because my ex husband said that the network give him the necessary documents without appealing to court and only one day he get that...it's just he's text message because he don't want me to file an annulment. Thanks and bes regards.
Dear Anonymous: Also, you may be wise to seek the assistance of a lawyer or government agency in your country.
DeleteDear Anonymous: Thank you for asking your question. I do not know the answer. The answer could be yes; the answer could be no. The answer may be very complex, and may depend on many different factors.
ReplyDeleteThere are many text message providers in the world. They behave differently, one to the next. The laws that apply to them are complex and sometimes confusing. --Ben Wright
Hey Mr. B!
ReplyDeleteI was wondering if a actual PHOTOCOPY of the phone displaying the txt message & showing the date, time, and phone # will work for evidence?
My my carrier is a prepaid provider so they "cant" send a transcript understandably. And i agree that the email can be manipulated.
So i have photocopied about 200 images of my phone displaying the actual text messages. How legit is this?
The messages are legible as i had enlarged the image to fit just about the whole page and as i get a new text i just keep on photo copying... lol
what do you think? thanks =)
http://hack-igations.blogspot.com/2011/10/how-to-make-gotcha-video.html
DeleteHey Mr B! Thanks for they reply!
DeleteAre you saying i should make a video documenting the correspondence of texts at w/e location i am receiving/send texts or documenting the photocopying at w/e location i am copying the text at?
sorry words are better for me, the video can be interpreted many ways... lol
thanks =)