How do police extract data from phones in the UK?

Are you concerned that the police may seize your phone or have they already taken it as evidence?

The police can extract all sorts of data from your phone which they can potentially use as evidence against you in a criminal investigation.

In this article, we’ll discuss how the police extract data from your phone, what data they can extract, and what to do if you find yourself in this situation.

 

Types of data extraction

The police pick the phone data extraction method which is most proportional to the situation. Sometimes they just need examples of texts or images. Sometimes they need to dig a lot deeper.

 

Manual extraction

Manual extraction is very straightforward. The analyst will assess your phone without any specialist tools. Your phone must already be unlocked and they will manually go through the visible files, including your messages, call logs, emails, photos, and content from your apps. This method is used in less serious cases.

 

Logical extraction

Logical extraction requires specialist tools. The analyst will copy specific files/directories from your phone without making any alterations to the phone’s file structure. It gives them access to readily available, live data at the time of extraction, like your call history, messages, images, internet history, and so on. They can then analyse these selected files over and over as they have a copy.

 

Physical extraction

This is the most advanced method of extraction. The analyst creates a complete copy of the phone’s memory, including hidden and deleted information which aren’t accessible through manual or logical extraction. It can bypass some encryption/security features, but this is more difficult on the latest mobile phone devices.

 

Cloud data access

The police can get a warrant to access your phone data that is stored in the cloud. They can request the data directly from the company that hosts your cloud data (Google, Apple, Microsoft, etc). Your phone may be automatically backing up your data to the cloud, including your photos/videos, messages, call logs, location data, and more.

 

Interception

With the right legal permission, the police can intercept your messages and listen to your calls in real-time. They can work with your network provider/Internet service provider to tap your phone calls, intercept your messages, access the metadata behind your calls/messages (timestamps, numbers dialled, etc), and monitor your browsing history/app usage, amongst many other things. They don’t need direct access to your phone to get all of this information.

 

 

Non-destructive vs destructive data extraction methods

Depending on the situation, the extraction method used will be non-destructive or destructive, meaning your phone will be usable or unusable afterwards.

 

Non-destructive extraction

Non-destructive extraction methods are always the first choice. Manual and logical techniques are usually non-destructive. The police have access to specialist tools like Cellebrite (mainly used for Android phones) and Graykey (mainly used for iOS phones) which help them hack into the phones and view/extract data without damaging them.

 

Destructive extraction

Destructive extraction methods are used when the phone is already heavily damaged or where non-destructive methods fail due to extensive encryption and other security measures. Destructive methods often render the phone partially or completely non-functional afterwards.

 

JTAG method

JTAG (Joint Test Action Group) is a destructive method where the analyst accesses the phone’s internal memory. During production, manufacturers include test points on the phone’s circuit board to test it. The analyst disassembles the phone and connects these test points to a JTAG interface using special fine wires/probes/soldered adapters. They can then retrieve the data from the phone’s memory. They can remove the adapters afterwards but the phone may not work the same anymore.

 

Chip-off method

The chip-off method involves physically removing the memory chip from the circuit board for direct analysis. They use a specialist reader to extract data from the individual chip. This renders the phone unusable afterwards. The chip-off method often cannot be used on the latest model of phone as they have advanced encryption directly on the chip.

 

Can the police still extract data from my phone if it is broken?

Yes – even if your phone has been smashed, dunked in water, or burnt to a smithereen, the police can still extract data from it, as long as the phone’s chip is not damaged. If the phone’s chip is damaged, they can’t extract any data.

 

What data can police extract from my phone?

The police can extract a massive range of data from your phone, split into different categories. The table below shows just how extensive the data is, and this is not even a complete picture of what is available to them:

 

Device Data	App Activity	Web Activity	Location Data	System Data	Cloud Data
SMS/MMS messages.	Messages from messaging apps	Browsing history (even Incoghnito)	Location history (Google/Apple Maps)	IMEI number	Synced photos/videos/files
Call history	Social media activity	Saved passwords	Wi-Fi connection logs	Phone model	Message/call log/app data backups
Contacts	Emails	Downloaded files	Cell tower connection logs	Software version	Backed up location data
Photos/videos/audio files (and file metadata)	Banking/payment app information	Website bookmarks	Bluetooth connection logs	App usage history	Backed up notes
Documents	Fitness app data			Deleted data	Backed up calendar entries
Notes	Data about paired devices			Clipboard history
Calendar
Deleted data

 

Can the police extract deleted files?

Yes, the police are able to extract a great deal of deleted data. Often this information isn’t truly deleted. Sometimes it is completely deleted, for example the contents of text messages after some time has elapsed.

 

Can the police extract my web browsing data if I use a VPN?

Yes, the police have ways of working around VPNs. It may be more time consuming and difficult, but they have the means to extract your data even if you’re using a VPN.

 

Can the police intercept FaceTime calls or WhatsApp messages?

FaceTime calls and WhatsApp messages are end-to-end encrypted so the police are unable to intercept these in real time. They could access your FaceTime calls if they had already interfered with your handset, allowing them to monitor the calls. They can also request information about your messages from WhatsApp directly, as long as they have the right legal warrants for such data.

 

How long does it take the police to extract data from my phone?

There is no set time for how long it may take. It could be several hours to several weeks or even months. They may not immediately analyse it if they have a backlog of devices to examine. They can keep your phone for investigation indefinitely.

 

 

What should I do if the police want to extract data from my phone?

As soon as you are aware you may be embroiled in a criminal investigation, you should seek legal counsel immediately. A criminal defence solicitor is essential for advising you on the best way to conduct yourself and how to build a defense case based on what you know may be found on your phone.

At Holborn Adams, we specialise in pre-charge engagement (see the video below), a process where you present a case to investigators reasoning why you should not even be charged with a crime. Please contact our pre-charge solicitors today for help defending yourself before you’ve even been charged.

---