All digital evidence is identified in our forensic laboratory, which adheres to international standards. Our forensic engineers, who have years of experience in their field, perform these identifications in a reliable and auditable manner, and the results are reported in compliance with the Turkish legal system.
HTS, CGNAT, GPRS, and Base Station
Examinations
With our HTS, CGNAT, GPRS, and base station examination services, we analyze communication data to support forensic investigations. We provide comprehensive reports with reliable data.
HTS (Historical Traffic Search) Analysis
HTS (Historical Traffic Search) analysis examines signal data from communication records that the Public Prosecutor’s Office and/or the Courts request. These records, showing the history of traffic searches, can be requested by mobile phone number or by the IMEI number of the mobile phone used as a communication tool.
The HTS table generally includes records of calls made and received, messages sent and received, time data for these records, and location information of the relevant operator’s base station at the time these records were created.
HTS records also contain data about internet usage, which come in two types: GPRS/WAP records and CGNAT (Carrier-Grade NAT) records.
GPRS/WAP records show the IP address through which internet traffic was made for the requested number, the accessed page, and the time frame in which data transfer operations started and ended.
CGNAT records include the IP address where the internet access request for the requested number was made, the time information when this request was initiated, and the location information of the relevant operator’s base station at that time.
Examining and evaluating these records requires technical skills and experience. Experts can use these records to shed light on cases involving migrant smuggling, human trafficking, organ or tissue trafficking, intentional homicide, torture, sexual assault, child sexual abuse, aggravated theft and robbery, qualified fraud, drug production and trafficking, counterfeiting money, establishing a criminal organization, gang crimes, organized crime cases, prostitution, bid rigging, usury, bribery, laundering assets obtained from crime, undermining state unity and territorial integrity, crimes against the constitutional order and its functioning, crimes against state secrets, and espionage.
Let’s discuss how an HTS analysis is conducted with a specific case example.
In the well-known FETÖ cases, one of the issues under investigation and prosecution is the request for CGNAT records of phone numbers that accessed the IP addresses of the Bylock program’s server addresses, starting with 46.166.
Upon receiving the CGNAT records, the first step is to identify the time period when the records were requested, determine the dates when access requests were made, and conduct a special and technical examination to identify suspicious and contradictory records.
Subsequently, a similar examination is carried out on GPRS data along with CGNAT records. Analyses are conducted to determine whether these two tables overlap. There are certain prerequisites for the overlap to occur; these issues are detailed in the reports prepared by us. The findings resulting from the examination and analysis of these two tables are interpreted with concrete reasons. The examination aims to determine the necessary conditions for identifying whether a person is a Bylock program user based on these records.
By consulting the Celsiusweb team, you can request an expert opinion/report following Article 67 and Article 293 of the Criminal Procedure Code (CMK) to be used in a possible case.
For additional services provided by Fordefence in digital forensics click here.
