Cell Site Analysis

Cell Site Analysis is the investigation of electronic data records obtained from a mobile service provider to determine the location of a mobile phone SIM card and/or handset at the time voice calls, short messages (SMS), multi-media messages (MMS) or data connections were made.

Cell Site Analysis (CSA) is used to reconstruct the physical movements of a mobile phone or other communication device. Such evidence can be used by investigators to establish a connection between individuals, proximity to a crime scene, a suspect’s movements and as a means of testing the strength of an alibi.

It is important that Cell Site Analysis is undertaken following strict guidelines set down by the Association of Chief Police Officers (ACPO) so that best practice is maintained.

The Technology

Mobile phone networks are based on short range radio communication between the handset and the transmitter/receiver, known as the Cell Site. The UK alone is covered with thousands of such Cell Sites. Every event which requires communication between the handset and the Cell Site such as a voice call or messaging will leave a record, primarily for the purposes of billing.

Cell Site Analysis (CSA) information can be used by an expert, in conjunction with data about the transmitter masts, to build up a pattern of usage for the mobile phone under investigation. This data can build up a picture of the phone’s location and usage during any given time period.

CSA, What is Possible

Cell Site Analysis (CSA) can ascertain the likely location of a mobile phone using detailed examination of historic voice call records, used in conjunction with mobile network analysis. The conclusions are used to predict the location of the mobile phone under analysis at specified times as part of an investigation.

While a mobile phone and SIM card may be registered to a particularly subscriber, it is essential to understand that because they are mobile, they could be used by somebody else. Further evidence is required to attribute the phone with a user, such as the voice call log and text messages.

Mobile Phone Forensics

Mobile phone forensics is the acquisition of the digital evidence held on a mobile phone device using forensically sound procedures. This branch of forensics can be expanded to include other mobile devices, such as PDA’s, GPS devices and tablet computers.

Mobile devices are now used almost every day by a majority of the population for many different activities. A mobile device can now be used to stored many types of personal information such as contacts, calendars, notes, messaging systems. Some devices such as smartphones may also contain email, web browsing data, emails, videos, photos, location data and social media information.

Need for Mobile Phone Forensics

With more transactions and communication being done via mobile devices, the need for providing forensic analysis is extremely important. There are a number of reasons for this:

  • Mobile phones used to store and transmit, both personal and business data
  • Mobile phones are often used for online transactions, such as mobile banking
  • Mobile phones can now be used for cardless payments in some stores

Types of Evidence

There are three basic types of evidence which can be gathered for use by the investigator. Internal memory on the phone which is now usually flash memory will need to be imaged. Any external memory is also required, which covers devices, such as SIM cards, SD cards, MMC cards, CompactFlash and Memory Sticks.

The third type of evidence, Service Provider logs is not technically part of mobile phone forensics, but may be a useful tool when used alongside the evidence taken directly from the mobile device. Such information will be records of call details and sometimes text messages. Service Provider logs can only be used when a request from the appropriate law enforcement agency has been issued, allowing the data to be released.

Mobile Forensics Process

The first step of the process is data acquisition from any internal and external memory on the mobile device. Once the data has been acquired, it can then be processed so that the data can be used by an investigator to search for any information that has been held on the device.

The investigator will examine all the data and produce a report, in a clear concise manner, which can be used as admissible evidence in court. Any Service Provider logs, if requested will also be used as part of this evidence. The investigator can also appear in court as an expert witness if required.

Computer Forensics

The DiskEng forensic specialists use the guidelines set down by the Association of Chief Police Officers (ACPO) to ensure that integrity of the evidence is maintained. This ensures that the data and information gathered using our services is forensically sound, providing evidence which is admissible in a court of law.

Forensic imaging

Using advanced hardware and software capabilities developed over a 10 year period, we are able to forensically image any digital storage media with a digital fingerprint for authenticity, which is fully admissible for legal purposes.

Processing of imaged data

The DiskEng in-house proprietary forensic software enables fast and efficient processing of all data stored on the digital media including active, deleted, lost, unused, slack, compressed and encrypted data for subsequent investigation.

Forensic data investigation

Our in depth knowledge of operating systems, file systems, storage technology allows DiskEng forensic engineers to accurately establish the activities performed on a computer, from the past right up to the last day of use.

Forensic investigation reports

DiskEng forensic engineers are experienced in reporting the findings of an investigation in an engineer’s report, which is admissible for legal purposes and can be fully backed up with court appearances as an expert witness.

Contact DiskEng the UK recognised experts in Data Recovery and Data Forensics. Call 01865 469 468 today for a confidential consultation to discuss your computer forensic requirements.


Computer forensics is the application of investigation and analysis techniques used for gathering and preserving evidence from a computing device in a way which is suitable for presentation in a court of law. The goal of computer forensics is to examine digital storage media in a forensically sound manner with the aim of identifying, preserving, recovering, analysing and presenting facts and opinions about the information stored on the media.

Use as Evidence

In court, computer forensic evidence is subject to the same stringent requirements for digital evidence. This requires the information be authentic, reliably obtained, and admissible. Different countries have specific guidelines and practices for evidence recovery. In the United Kingdom, examiners usually follow the guidelines set down by the Association of Chief Police Officers which help ensure the authenticity and integrity of evidence. While voluntary, these guidelines are widely accepted in British courts.

Need for Forensic Services

Due to our expertise in processing data stored on digital storage media, we have been approached by many law enforcement agencies, solicitors and forensic investigators, who require computer forensic analysis.  Computer forensics can be required for a wide range of crimes where data is held on digital media, through to private investigations.