Wi-Fi Devices Invaluable to Forensics Investigators

Wi-Fi Devices Invaluable to Forensics Investigators

This post is also available in: heעברית (Hebrew)

Timely access to Wi-Fi devices at crime scenes could provide police with vital evidence, including placing suspects at the scene.

This is possible due to their ability to record information from mobile devices, including successful or failed attempts to log into a network, de-authentication times and MAC addresses.

A MAC address is a unique identifier that provides information such as mobile device make and model and even what you’ve named it.

Edith Cowan University Ph.D. candidate and Western Australia Police technical advisor Dan Blackman suggests Wi-Fi devices could be equally or more valuable than GPS.

“These devices could hold a lot of information, but we’re not capturing it,” Mr. Blackman says.

“If we were to look at it from a purely legal perspective, we might be able to place a specific person at a specific location at a specific time, which is gold in terms of evidence for a court setting.”

However, a number of challenges need to be overcome, including how little time investigators might have to act.

“A lot of these devices and personal routers have a limited amount of information and memory,” Mr. Blackman says. A series of tests revealed that older devices had as little as 204 kilobytes of storage, which filled in seven and a half minutes and led to overwriting of memory.

Even newer devices were limited, filling within eight minutes when faced with sustained authentication attempts. And turning the unit off makes the problem worse.

“If we power off the Wi-Fi device we lose a heck of a lot of data, which causes issues with seizure,” Mr. Blackman says. This limitation makes getting the device to a police lab difficult.

The solution may involve modifying a faraday bag — enclosed carrier units that block connectivity to cellular networks, Wi-Fi and Bluetooth — to accommodate power cords or USB power strips.

Contamination is another issue, as several of the examined devices had both external and internal antennae. This could lead to unexpected and unwanted network traffic from forensic investigators and scene guards.

However, Mr. Blackman says the ever-increasing reach of Wi-Fi, especially in public areas, makes the technology a potential game-changer.