You may not realize it, but your smartphone contains a wealth of information. Everything from texts and e-mails to where you go, plus health and sleep information.
That includes data you’ve deleted.
“Even though you’ve deleted the content, it’s actually still there, and the file system still can see it,” said James Aquilina, a former federal prosecutor.
That data has become a source of debate as law enforcement fights device-makers like Apple for access for the purpose of criminal investigations.
No matter where you stand on privacy issues, law enforcement has many tools to recover deleted information.
“We can…create essentially a time line of how the phone was used and where the person was at any given time,” said Aquilina, who now leads cybersecurity consulting firm Stroz Friedberg’s digital forensics practice.
Stroz Friedberg works with law enforcement and private clients to recover data from smartphones, both legacy and newer devices. They invited CNBC into their forensics lab to see how it works.
As soon as a device is brought in for recovery, it’s placed inside what’s called a Faraday box
“It blocks the signals to the device, so that, for example, it can’t be remotely wiped.” Aquilina explained.
This is especially important, he said, if the device is owned by a suspect in a criminal case, who may try to delete critical information.
The box is made of grounded metal, which blocks wi-fi and cell signals. On the smartphone is safely secured inside, technicians put it in airplane mode using gloves and a window on top.
Next, if the device has a password lock, the team needs to crack the code – or break in to the device.
For some older models, tools can circumvent passwords.
In fact, the new security metrics have law enforcement agencies scrambling to adapt, and find new ways to crack the codes.
When investigators cannot get past a lock code, or when a phone is too damaged to turn on, they can use a method called chip-off, which solders the memory chip from the board to recover data.
Stroz Friedberg was able to recover data from a device that had been completely submerged under water using chip-off.
“We were able to recover not just the chip, but also information off the chip that include all kinds of information about the user,” Aquilina explained.
Once a phone is unlocked, investigators plug it into a device that downloads and then analyses the data.
Law enforcement commonly uses a device made by mobile technology company, Cellebrite, for this purpose.
Currently, there are more than 30,000 Cellebrite devices deployed to law enforcement, according to the company.
But even when law enforcement cannot physically access a phone, there is still a chance to recover its data.
“These devices are synced to so many places, whether it’s the cloud, or to a computer… usually we can get to it somewhere else where we can find it replicated,” Aquilina said.