As attorneys, we battle a variety of challenges in the courtroom—and no two cases are exactly the same. One challenge is establishing the facts of the accident. If you’re lucky there are reliable third-party witnesses to the accident. But it’s easy for our brains to play tricks on our memories of events. Human witnesses can be less than reliable on the stand.
This is where technology comes into play. Over a quarter of all motor vehicle accidents involve the use of cellphones. Distracted driving is a real problem, but smartphones can also serve as our best witnesses to the facts leading up to an accident. Mobile device forensics is a growing field that more and more attorneys are turning to during trial prep.
What is mobile device forensics?
Mobile device forensics can be a factor in a variety of cases. But we’ll focus on how the Internet of Things is becoming our most reliable witness of the moments leading up to an automobile accident.
Forensically analyzing a mobile device starts with a successful acquisition of the devices involved during the discovery phase of a legal battle. A technical expert can use software to capture an image of the device’s physical memory. With the prevalence of the cloud being used for back-ups and data synchronization, it’s also important to attain credentials for logging into cloud platforms that are present on the device.
Once the data is retrieved, an emulator is used to create a virtual version of the smartphone. With appropriate account credentials, the usage history of the device can be retrieved.
How can I retrieve device information from a device that was destroyed during the accident?
Car accidents are violent. Smartphones can be destroyed due to an impact with another surface, or a fire caused by leaking fuel from a vehicle. In many accidents, the phone ends up on the floor of the vehicle or jettisons through the windshield. In a rush to exit the vehicle and reach safety, the owner may not remember to secure their device.
In these types of cases, service provider and cloud-based records are vital to establishing the circumstances of an accident. Both Google (Android) and Apple (iOS) provide cloud-backups and synchronization to their users. And cellular service providers (Verizon, T-Mobile, etc.) maintain both Call Detail Records (CDR) and billing records for their subscribers. Social media can also be a valuable tool in showing communication and app-interaction history.
It is critical to secure login credentials for these potential data troves. It is usually possible to rebuild the majority of the phone’s data, even if the device is unusable.
Car-mounted technology can serve as another witness after an accident.
Most modern vehicles have an Event Data Recorder (EDR). It has been colloquially referred to as the “black box”—a reference to the Flight Data Recorders used by the FAA to understand the circumstances leading up to a plane crash.
Infotainment systems and GPS systems can also provide a treasure trove of data. The legality of accessing this data following an accident varies from state to state. In the state of California, accident investigators must receive consent from the registered owner of the vehicle prior to accessing the data stored onboard the vehicle. If the owner refuses, a warrant must be secured.
The data usually consists of the five seconds leading up to an accident. Driver input and vehicle performance can be extrapolated from the data. Combined with GPS data, a vivid picture of the moments leading up to the incident can be created.
According to The Washington Post article mentioned above, the data collected includes:
- Engine RPM
- Length/severity of crash
- Braking during crash
Legal teams have access to a treasure-trove of data. The challenge is winning access for a full-fledged electronic discovery (e-discovery). There are legal penalties for individuals that maliciously destroy their data. Judges have sanctioned individuals and companies that fail to maintain data that is relevant to a court case.
But, in the end, the most reliable step litigators can take is to find ways to secure access to the data stored on any device potentially involved in the accident. This includes smartphones, cloud-based accounts, social media, and vehicle-stored data.