← Back to Day 5

Detective Michael Baumann

He is employed by El Paso Sheriff’s Office as a digital forensics detective. His job is to find and preserve data that may be evidentiary on electronic devices such as phones, computers, DVRs.

Background

• He used devices to gather data.
• With computers and phones they use Cellebrite and Graykey and Axiom for extracting data.
• Cellebrite is a combo of hardware and software and plugs into the USB on your computer. It has a second function to go through data and turn it into readable and sortable data.
• Regarding his training: he has 3 Cellebrite certifications (Cellebrite advanced smartphone analysis is the highest level.) The first two together was a week long, the third was a week long. They specifically dealt with using that tool; a hands on program.
• To analyze a phone you enable developer options - it depends on whether it’s Android or iPhone - plug it into the Cellebrite software, go through the steps on the screen. Then you set up permissions so you can download data off the phone.
• Pictures, text messages, instant mesaages, internet searches, activity data, locations are all extracted and put on a disc. A Cellebrite report is created.
• The detective that submits the phone can give guidance of what to extract but he usually tries to get as much as he can and let the detective go through it all and decide what is pertinent to their case.
• A Cellebrite report is accessible by detectives who can then read it and search through it.
• Baumann uses IMEI numbers to identify which phone goes with which extraction. IMEI is a unique identifier assigned to cell phones.
• A rose gold iPhone 8 was analyzed.
• Exhibit 222 is a BluRay disc labeled Tecia’s iPhone.
• During the analysis process Cohen inspects the phone for physical damage and denotes it in his report.
• There were no major defects on Letecia’s iPhone.
• Exhibit 224 is a 2nd phone.
• No damage was noted on the report about the 2nd phone.

Cross Examination

• Cellebrite can sort through 400 of 4 million applications.
• It will pull years of information if your phone is that old or if you’ve pulled information from another device onto your new phone.