In our investigations oftentimes the question we get is “how can you get a text message if it’s been deleted? If I delete my text, well then how can it can come back to haunt me?”
Well, when a text message is sent, the digital records of that event of that transaction aren’t only on your phone. When you delete it really you’re just deleting that one piece of it that’s on your phone. Those texts may exist in dozens of other places that can still be retrieved.
Where are those places? When we do investigations on recovering digital records or digital forensics, here are the sources that can be checked to see if the record exists:
First of all, the other side of that conversation is the recipient of your message. Their phone has a copy of it. When you delete the text on yours it doesn’t delete it on theirs. A lot of people think that’s the case when you delete your text, the other person’s screen’s gonna go blank. So how it works is you’re just deleting it off of your screen, not on the other person’s screen. In between your phone and their phone, you know, there are many places where text messages can exist.
First of all your carrier, let’s say you have Verizon. Well, Verizon has a copy of that text message on their server. When you deleted it off your phone it doesn’t go away from its server. In fact, many cell phone providers keep digital records forever. They never delete them. They have backups just like you have backups on your computer, the major carriers keep cell phone records forever. How many times have you watched some crime show on TV or some lawyer show on TV, and they talk about a cold case where they retrieve old messages? It could be from months or years earlier. The cell phone company keeps the digital records. Now they’re not gonna give them out to anybody. You have to go through a process in order to extract those digital records, but there may even be other places depending upon how you have your phone set up.
You may have a copy of all of your digital records in the cloud. Android, Apple the major carriers all have a cloud backup option that you may have turned on by default. The photos that you take, even if you delete them from your gallery on your phone, may be stored in your cloud account. If that’s the case, think of whatever else could be in there. Your text messages, your phone call records, your voicemails. How many calls do you get a day? Maybe you get 10 or 15 calls a day, people leave you voicemail and you delete the voicemail. The same thing happens with voicemail. You deleting it just deleted from your phone. The original voicemail message, which was a sound recording is a file just like any other file. A picture, a photo, a PDF file. It’s just a computer file that happens to be a voice. When you delete it, it just deletes it from your phone. Your cloud server may still have it. In fact, the only reason why your phone prompts you to delete it is to free up space on your phone. Those voicemail messages also many times last forever in your cloud or at the carrier of your phone system.
Where else could it exist? Well, it could also exist in third-party backups. If you are working with a company like DropBox or Google Drive, many times you have an automatic setting to save those digital records. Save those documents. Save those voicemails. Even things like vehicle infotainment systems. Your car is probably one of the biggest computers you use every day that you don’t even know about. It could be bigger than your phone if you don’t use a desktop computer every day. Your car could be your biggest computer that you have regular access to. If you connect by Bluetooth to your car, your vehicle infotainment system could be capturing and saving many things that you’re not aware of like text messages, phone calls, images, and more importantly map information.
Here’s something that people don’t realize: all of your mappings, if it’s done on your GPS on your car, will save breadcrumbs will save tracks will save waypoints. Your phone will do the same thing. How many times have you been on Google maps and you type in a restaurant or you click on a restaurant and it said you were here two months ago? How does it know that? It records where you’re at.
Here’s what else you should do: go on Google maps and find a town that you visited, let’s say a year ago. A town that you don’t go to all the time. Maybe you went there a year ago on vacation or a trip doesn’t have to be far away could be close by. Think of a place that you went to in that town a restaurant or a store. A commercial place, not a house or a private location. On that map zoom into the area where that restaurant is don’t zoom in too far, just start zooming it very gradually to the neighborhood where that restaurant is. That neighborhood is going to have maybe a dozen restaurants 10 or 15 restaurants. They don’t all show up, they don’t all start popping up on the map. You’ll see the streets, you’ll see the street names, and then you’ll start to see a few commercial businesses show up on Google maps. Some of them will be major ones, some would be more popular. For the ones that people click on more Google has an algorithm that decides what information to show on your map as you zoom in. I can guarantee you that one of the things that will show up as you zoom in was the restaurant you went to because it remembers that you were there and it thinks, well you might want to know about where this place is. As you zoom in you’ll see it there, now click on it and see if it says you were here two years ago or you were here one year ago. We had one that we looked at it says you were there four years ago. It knew that the person was at that location four years earlier. So Google remembers things. The saving and recording of the data are happening without your active participation. Photos. Maps. Emails. Text messages. Website connections.
Here’s another one. Many times if you are in a distant location from your house, your phone will ask you, Do you want to connect to this Wi-Fi network? It’ll give you a list of the networks. Even when you drive away and you go somewhere else the networks will still show up on your phone. So you can actually get information about where somebody was located by just looking at the Wi-Fi networks on their phone. Your phone is constantly pinging Bluetooth devices all around you. That’s how air tags work and tiles work, they always ping Bluetooth devices. So you can get a sense of where devices have been by what other devices are being connected to them. It doesn’t allow a connection unless you give permission, but it’s always pinging them. And that goes for Wi-Fi networks. So if you go into a restaurant or business that has a Wi-Fi network even if you don’t connect to that network, that network knows your phone is there because it pings your IP address and says Hey, I see this phone. Let me give you my information in case you want to connect and you look at your phone and it says, Hey here’s a network. Joe Schmo coffee shop, do you want to connect yes or no? You don’t have to, but your phone knows that it’s there and in that network knows that your phone is there.
How long does that last? Well, some Wi-Fi networks save all this data in the chip on the router and that modem for a very long period of time. Some commercial networks download it and save that backup. So you may find, you may be able to find that a person was at a location just by going through their history of what’s on their Wi-Fi router and find Hey here’s the IP address of this phone. That phone was there on this day at this time. Even if you didn’t use the Wi-Fi network it pinged it and it created a record. Now if you used that Wi-Fi network, you may be opening up another can of worms. It might be tracking the phone numbers that you call because when you call sometimes from a Wi-Fi network it goes through the internet and not through your mobile minutes. It tries to save you mobile minutes that even though most are unlimited now the phone will default to Wi-Fi so it doesn’t have to eat up the network bandwidth for the phone.
You may not be aware of it but your phone is constantly putting out information and gathering information every single day. Those are all of the sources that can be used for digital forensics to find out what’s been on a phone what’s been deleted where the phone was what it sent what it received. It doesn’t matter what you delete off your phone. It’s creating a paper trail digitally of all your activity by connecting to these other devices on a regular basis. No matter where you are right now if you looked at your phone’s network activity, it’s probably trying to connect to a dozen different devices even in your office you have different networks, and different Bluetooth or Wi-Fi networks. Your TV is probably Wi-Fi and it’s probably trying to connect or at least giving you an option. So the sources of digital data to track a person’s phone and activity go well beyond what you think you’re deleting from your phone at any given time.
Wanted: The Truth
Active Intel Investigations is here to help you with every aspect of your investigation, from conducting the investigation to preparing evidence to provide it in court.
Get started with your investigation, browse our video library for investigative resources, or schedule a no-obligation consultation with a licensed private investigator to discuss the specifics of your case.