Taking First-generation Imagery on an iPhone

CSAM investigations​

With iPhones privacy, detecting whether an image is a first-generation image can be a challenge, but S21 LASERi-X made all the difference, in this case.

An investigator was challenged in court to prove that an image had been generated from a suspect device. One of the challenges with the iPhone is that the serial number information is not embedded inside of the image or video files created.

Using S21 LASERi-X and traditional investigation techniques, the investigator had already identified that the file names between the last image on the device and suspect image were in sequence and only separated by 3 other images. The investigator had shown a link between the suspect and the victim depicted in the image, that the same device model was used to capture both files, and that the GPS position and time between the two images was only a couple of hours apart and within a few hundred meters.

The investigator presented the image name sequence, GPS, time/date, device model and links between the suspect and investigator … but it wasn’t enough. Through the advanced EXIF/metadata, S21 LASERi-X was able to identify how long each device would have been turned on when each image was taken. Comparing the time difference between each image from the GPS time/date, and then using the information about how long each device had been turned on, revealed an exact time match – meaning that the devices that took the two images, would have had to be turned on in the exact same millisecond in time. 

Presented with this new information, the defence changed their plea.

Be the hero, who finds more victims today