Call Record Analysis

&
Geo-Fencing

By:
Nauman Ashraf Bodla
Deputy Director Forensics
CTW/FIA
 Sequence

 Call Record Analysis

 GEO Fencing
 Case Studies
Call Record Analysis
 Call Record Analysis
 Following important information is available in Call Data
Record (CDR).
 Calling Number
 Called Number
 International Mobile Equipment Identifier (IMEI)
 International Mobile Subscriber Identifier (IMSI)
 Time / Date
 Cell ID / Tower Location
 CDR contains very useful information to identify the
following:-
 Frequent Callers.
 Patterns of Calls.
 Location of Subscriber.
 Identify Groups.
 IMEI Analysis
CELLULAR COMPANIES OPERATING IN
PAKISTAN…

Mobilink

Ufone Warid

Telenor Zong
 LIMITATIONS OF MOBILE
COMPANIES

≡ Lac updation.
≡ Angle of arrival.
≡ Power of uplink and downlink.
≡ Warid can not provide incoming calls
and SMS.
 MOBILE COMMUNICATION
NETWORK
GMSC

Access Network MSC

databases

BTS BSC

BSC

BSC
BTS BTS : Base Transceiver Station.
MS BTS BSC : Base Station Controller.
MSC : Mobile Switching Center.
GMSC: Gateway Mobile Switching Centre
CELL ID / SECTOR OF A BTS…

 A cellular network or mobile network is a

radio network distributed over land areas
called cells.
 Each cell has a fixed-location, known as a cell
site or base station.
 In a cellular network, each cell uses different
sets of frequencies from neighboring cells, to
avoid interference and provide guaranteed
bandwidth within each cell.
TOWER WITH CELL ID / SECTOR…
 VISUAL ANALYSIS OF CALL DETAIL RECORDS
(BTS DATA)

 With huge amount of communication data

being captured daily by cell phone
companies, the capacity building to
understand and analyze these interactions
has become important for law enforcement
agencies.
 The time, location and frequency of
communication activity can reveal facts about
an investigation.
 Call Record Analysis of 05 Suspects

Hasnain Gul
Arrested Qari Ismail
RWP
0 0

0
Abad ur Rehman, R/O Malakand
Absconder
Lower Dir
0
Nasrullah
Focal Person - RWP
Killed in Mohmand Agency

Rafaqat Hussain
Arrested 0
0 11 Abad ur Rehman, R/O Malakand
RWP
 Movement of Nasarullah, Rafaqat, Hasnain, Bilal (SB) &
Ikramullah (SB)
(As per Confessional Statements of Rafaqat & Hasnain)
Committee 15:08
Chowk 15:10
Daewoo
Terminal 17:10
12:45
00:44
00:54

Liaqa
t
Bagh

b er s 10:19
B om h Tipu Road
i c ide rulla
Su Nas
y h
a wa w i t
Misrial Road ook long
T a e
14:02 e cc
14:27 orR
F

Took 14:16
aw ay
along Suicide B For Night Stay
w i th o
Nasru mbers Residence of Rafaqat Hussain
l l ah
Ahmadabad
Quaid-e-Azam Colony
GEO Fencing
 GEO FENCING…

≡ Geo-fencing is a technique that defines a virtual

boundary around any geographical area.

≡ A geo-fence can be dynamically generated in a

radius around any point of interest

≡ Geo-fence can be a predefined set of virtual

boundaries.
 APPLICATION IN PAKISTAN
Personal Tracker:
An employee’s smart card sends a predefined alert to security
staff if he attempts to enter an unauthorized area. It is
combination of GPS and GSM wireless networks.
GSM Based Vehicle Security System:
A Geo-fence may be created around a city. When a vehicle
attempts to drive out of that city, a predefined SMS alert is
generated.
Asset Management System:
An RFID (Radio Frequency Identification) tag on an article can
send an alert if the article is removed from the store without
authorization
Marketing
Any one can trigger a text message with any marketing statement to a
potential customer who enters a defined geographical area.
 APPLICATION IN PAKISTAN

As
 GEO-FENCING FOR LAW ENFORCEMENT
AGENCIES…

≡ Virtual boundary is drawn around a specific

area to collect virtual data related to
cellular activities of the suspects.

≡ It goes from marking wild guess to the

identification of the suspects through
collection and subsequent analysis of the
virtual data.
 GEO Fencing
 Geo fencing is used to identify suspects on
the basis of cell phone communication of the
area.
 Suspects are identified on the following
basis:-
 Unusual Numbers.
 Unusual Timings.
 Known Suspects Numbers.
 Calls Connected to Known Suspects Numbers.
VERAGE AREA OF BTS IN PAKISTAN (ALL COMPANIES)
TOWER AND SECTOR ON GOOGLE
MAP…
REFERENCE TOWER TO LOCATE
MOBILE…
STEPS TO BE TAKEN AT CRIME SCENE…

COLLECTION OF DATA FROM CRIME SCENE

INTERVIEW OF THE COLLECTION OF
VICTIMS
Timing when event CELLULAR INFO
LAC
occurred
Cell IDs of all
Any activity on phone by
companies through
the culprits
android application
Pattern of beep while
Neighboring Cell ID
making call (if possible)

Point / place where

2 G or 3 G network
culprit used mobile

Call timing & its duration

…STEPS TO BE TAKEN AT CRIME SCENE

≡ Identify possible access route of the suspect to

draw a virtual fence.

≡ Identify the Lac, Cell ID, and Sector of the

area.
A

CRIM
D E
SCENE
B

C
INVESTIGATIVE STEPS FOR GEO FENCING…

If suspect used
Yes mobile at crime scene No
• Obtain data of

1
previous and the
• Analyze Data 1 next day of the
accordingly incident

2
• Prepare • Compare the data
against the day
Suspect List 2 of incident at the
same time

• Prepare Suspect
3 List
IDEAL SITUATION FOR GEO-FENCING…

≡ If suspect uses more than one BTS

for incoming or outgoing call/ SMS.
≡ Accuracy of Data
≡ If suspect receives or sends any call/
SMS at the crime scene.
 WORST SITUATION FOR GEO-FENCING…

≡ If Suspect has no mobile phone or didn’t use it.

≡ If one BTS of each company cover the crime

scene.

≡ If investigator couldn’t find any witness.

≡ If time bracket couldn’t be ascertained within

which incident might have occur.
Obtain BTS data from all companies
 Data Management

Case
Case folder.
folder.

MOBILINK
MOBILINK UFONE
UFONE TELENOR
TELENOR ZONG
ZONG WARID
WARID

BTS
BTSdata
data BTS
BTSdata
data BTS
BTSdata
data BTS
BTSdata
data BTS
BTSdata
data
AAparty
partydata
data AAparty
partydata
data AAparty
partydata
data AAparty
partydata
data AAparty
partydata
data
BBparty
partydata
data BBparty
partydata
data BBparty
partydata
data BBparty
partydata
data BBparty
partydata
data
Pictures
Pictures Pictures
Pictures Pictures
Pictures Pictures
Pictures Pictures
Pictures
Important
Important Important
Important Important
Important Important
Important Important
Important
data
data data
data data
data data
data data
data
 DATA
MANAGEMENT …
SORTIN
G
INVESTIGATIVE STEPS FOR
GEO FENCING…
Case Studies
 Terror Attack
 Calls of the local cell numbers were intercepted
and a US landline number was identified.
 Further investigations to trace the originator
revealed that:-
 Handlers were continuously giving instructions
to the executors using VoIP Connections.
 The VoIP calls were being routed from three
different countries.
 Handlers used specialized software to hide
their identity.
 Finally the country from where the calls using
VoIP were being made was identified.

33
 Terror Attack
 GPS devices recovered from the possession of
terrorists were forensically analyzed which
revealed waypoints and locations of their
hideouts and training camps.
 During further investigation call record of two
cell phones of the accused was analyzed
 The analysis identified multiple calls to a land
line which was traced to a Bank
 Account of the accused was identified in the
same branch which further led towards arrest
of accused and identification of financiers.

34
Qu e st io n
?s