The Order of Things – Timeline Analysis of a Complex Investigation

This case study looks at the importance of validation of timelines and log processes in a complex investigation. It is concerned with piecing together the activities of a person of interest.

The case study will consider extractable logs from an iPhone 5c circa late 2016, billing records in which shortcuts have been made in billing mediation, a phone with a manually modified clock, a massive thunderstorm and state-wide blackout, suspicious gaps in the record, and anomalous records after securement of the scene.

The case study is real, presented with sanitised data. It demonstrates the importance of understanding the big picture of a complex telecommunications system – the links between data sources and the subtleties of their compilation.