I discovered a serious error in Secure View while doing a forensic examination of an LG Fusic (LX 550) on a drug overdose case. It turns out that the call records as downloaded by SV, are showing a +3 hr (to EST) time offset. This caused detectives to focus their interviews on individuals that they believed were lying to them. This information was also sent to other agencies including the DEA. There was even a call on the phone that showed up in SV that wasn’t in the call records (this software doesn’t get deleted data).
Unfortunately, SV is the only software that downloads the Fusic (BitPim downloads raw data). We were unable to validate the data that SV had downloaded until the call records came in (yes we should have looked at the phone itself 🙂 ).
After sitting down with the phone, the call records and the SV report, I discovered the above. SV did have the time right just three hours more than it should have been.
Also, I discovered a couple of interesting anomalies in the call records as downloaded by SV. These are in addition to the 3 hour difference.
- Dialed Calls-The time showed in the dialed calls shows the end time of the call and the duration. The call records show start, end and duration
- Received calls show the beginning time of the call. The call records show start, end and duration.
- Missed calls show the end time of the call and only one missed (from the same number). The call records show start, end and multiple entries if there.
The carrier on this phone is SPRINT. I hope this is just an anomaly limited to the Fusic. However, I think it prudent that all downloads using SV be validated to make sure errors are not occurring.
I have been in contact with Susteen and have made them aware of this problem.