Handset evidence could take months to ID rioters

The UK police may be unable to properly access mobile phones taken from arrested rioters for weeks.

That could rule out attempts to quickly identify ringleaders in the hopes of preventing a repeat of last night’s widespread looting spree.

With more than 400 hundred rioters arrested since Saturday evening there is a mounting body of electronic evidence, which could reveal any organisational structure to the riots, following rumours they are being orchestrated via mobile messaging.

But according to an IT forensics expert who works with the police, a shortage of analysts means there will be a backlog of phones, and any attempts to look for a quick fix by browsing Twitter or messaging history could see rioters walk free from court.

“From a forensics perspective, by grabbing the phones off as many people as possible, they can then go into Twitter or other communications apps to work out who they are and who they have been communicating with, and who’s been responding and retweeting and whatever else,” said Simon Steggles, director of forensics at data recovery specialist Disklabs.

If all the official ACPO procedures haven’t been followed it brings doubt into the equation – it has to be beyond reasonable doubt

“The problem is that for each handset you’re talking a day’s work per analyst. And they’ll have, maybe, 10, at the Met. They outsource bucket loads of work, but at least three of the companies have gone out of business or aren’t taking any more Met work.”

It’s unclear at this stage exactly what the police are doing with confiscated mobile phones and whether they are looking for communications patterns – the force’s communications team is understandably overwhelmed today.

Slow process

Operator logs at mobile phone companies, including BlackBerry, may be a quicker way of identifying ringleaders.

However, if investigators follow normal procedures then it will be months before incriminating data from handsets becomes available.

“Just to get it to a central booking area takes time,” Steggles said.

“It will go initially to an evidence store at the police station, then be centrally collected and taken to the mobile phone HQ in Southwest London, and from there it would be allocated to police personnel or civilians in the force or be sent out to an analyst,” he said.