Cell towers and call records: court case analysis

Table of contents

• What is a cell tower
• What are phone and internet records
• Analysis of cell towers and call records
• How to use call records during investigations

In the world of cyber security and digital investigations, cell towers and phone and internet records are essential tools for reconstructing movements, communications, and suspicious activities.

This article will guide you through what they are, how they are collected, analyzed, and used within judicial investigations, providing real-world examples and technical explanations.

What is a cell tower

A cell tower represents a mobile network coverage area served by a specific antenna or Base Transceiver Station (BTS). Mobile networks such as GSM, UMTS, LTE, and 5G divide the territory into small areas called “cells” to efficiently manage mobile connections.

Each cell consists of:

• A physical antenna (or group of antennas) located on towers, buildings, or dedicated infrastructures.
• A geometric coverage area, ideally hexagonal but irregular in real life.
• Specific radio frequencies to minimize interference with adjacent cells.

Technically, a cell is identified by:

• Cell ID (CID)
  Unique identifier for the cell.
• Location Area Code (LAC)
  A larger area grouping multiple cells.
• Mobile Country Code (MCC)
  Country code (e.g., 222 for Italy).
• Mobile Network Code (MNC)
  Mobile carrier code (e.g., 01 for TIM, 10 for Vodafone).

Other useful parameters (especially in LTE/5G):

• TAC (Tracking Area Code)
  Used for tracking in LTE/5G networks.
• eNodeB ID
  Identifies the physical site of the antenna.

Practical functioning

When you turn on your phone, the internal modem searches for the tower with the strongest signal. The connection is dynamic: if you move, your device may switch to another tower via a handover, essential to maintain active calls and data sessions.

Each connection (call, SMS, data session) is logged by the operator with:

• Timestamp
• Cell ID
• LAC
• Type of event
• Device IMEI/IMSI

This information can be analyzed to reconstruct a phone’s location retroactively.

Practical example

Imagine:

• Location
  Piazza Duomo, Milan.
• Antenna
  CID 12345, LAC 6789.
• MCC/MNC
  222/01 (Italy, TIM).

A user makes a call. The resulting log might be:

Timestamp: 2025-04-26 10:32:15

CID: 12345

LAC: 6789

MCC: 222

MNC: 01

Event: Outgoing Call to +393481234567

Duration: 00:05:32

During the call, if the user moves toward Porta Venezia, the phone could hand over to CID “12346”. This handover will be registered without call interruption.

Python Code Example (Simulation)

Here is a simple example to simulate tracking movements through cell towers:

import time

# Cell tower data

cell_towers = {

    "12345": "Piazza Duomo, Milan",

    "12346": "Porta Venezia, Milan",

    "12347": "Central Station, Milan"

}

# Simulated user movements

user_movements = [

    ("12345", "2025-04-26 10:30:00"),

    ("12346", "2025-04-26 10:45:00"),

    ("12347", "2025-04-26 11:15:00")

]

# Simulate tracking

for cell_id, timestamp in user_movements:

    location = cell_towers.get(cell_id, "Unknown location")

    print(f"{timestamp} - Connected to Cell {cell_id} at {location}")

    time.sleep(1)  # Simulated pause

Output:

2025-04-26 10:30:00 - Connected to Cell 12345 at Piazza Duomo, Milan

2025-04-26 10:45:00 - Connected to Cell 12346 at Porta Venezia, Milan

2025-04-26 11:15:00 - Connected to Cell 12347 at Central Station, Milan

What are phone and internet records

Phone records and internet traffic records are critical tools in digital investigations and judicial inquiries. These are documents provided by telecom operators, listing the phone and internet activities associated with a specific mobile number.

What phone records contain

Phone records log information related to voice calls and SMS. Specifically, each record includes:

• Calling and called numbers
• Date and time of communication
• Duration of the call
• Type of communication (outgoing call, incoming call, sent or received SMS)
• Cell ID where the device was connected
• Call status (answered, missed, busy)

Phone records never contain the content of communications, only the metadata.

What internet records contain

Internet records refer to the usage of mobile data and include:

• Internet session timestamps
• Public IP addresses assigned
• Wi-Fi network access logs
• Mobile applications accessing servers

Similarly, the content of web pages or messages is not preserved, only the metadata regarding the connection.

Practical example of a phone record

A typical phone record might look like:

Each line represents an event (call or SMS) and allows investigators to reconstruct communication activity and approximate location.

How internet traffic records work

In internet usage, a record could show:

Such data help establish that a user was using mobile data, linked to a specific device and session.

Python example for analyzing call records

Here’s a basic simulation to analyze call records:

# Simulated call records

call_records = [

    {"timestamp": "2025-04-25 14:32:00", "type": "outgoing", "number": "+393491234567", "duration": 332, "cell_id": "12345"},

    {"timestamp": "2025-04-25 15:01:00", "type": "incoming", "number": "+393451234568", "duration": 135, "cell_id": "12345"},

    {"timestamp": "2025-04-25 16:20:00", "type": "sms", "number": "+393481234569", "duration": 0, "cell_id": "12346"},

]

# Analysis: total time spent in calls

total_time = sum(record["duration"] for record in call_records if record["type"] != "sms")

print(f"Total time spent in conversations: {total_time // 60} minutes and {total_time % 60} seconds.")

Output:

Total time spent in conversations: 7 minutes and 47 seconds.

Such analysis can be expanded on larger datasets to map communication habits of a subject.

Analysis of cell towers and call records

The analysis of cell towers and phone and internet records is a key practice in forensic and judicial investigations.

These tools allow investigators to reconstruct movements, communications, and behaviors of individuals involved in criminal proceedings.

Objectives of the analysis

The analysis aims to:

• Reconstruct the movements of a mobile device through the connection to different cell towers.
• Verify the communications made or received by a user.
• Identify relationships between different users by cross-referencing data.
• Corroborate or challenge alibis provided by suspects.

Methodology of the analysis

The analysis follows several key phases:

1. Acquisition of records
   Upon request by judicial authorities, telecom operators provide call and internet records.
2. Normalization of data
   Records, often received in different formats, are standardized for processing.
3. Geolocation of cell towers
   Each Cell ID is associated with geographic coordinates.
4. Temporal analysis
   The chronological sequence of events is reconstructed.
5. Mapping visualization
   Movements and communications are graphically represented on maps.

Practical example

Imagine analyzing a suspect’s movements on the day of a crime. The records reveal the following connections:

This data indicates that the device moved from Piazza Duomo to Central Station within two hours, useful information for confirming or refuting the suspect’s statements.

Python code for analysis

Here’s an example of a Python script that analyzes call records and visualizes movements on a map:

import pandas as pd

import folium

# Cell tower data

cell_towers = {

    '12345': {'lat': 45.4642, 'lon': 9.1900, 'location': 'Piazza Duomo, Milan'},

    '12346': {'lat': 45.4750, 'lon': 9.2010, 'location': 'Porta Venezia, Milan'},

    '12347': {'lat': 45.4840, 'lon': 9.2040, 'location': 'Central Station, Milan'}

}

# Simulated call records

call_records = [

    {'timestamp': '2025-04-25 08:00:00', 'cell_id': '12345'},

    {'timestamp': '2025-04-25 09:00:00', 'cell_id': '12346'},

    {'timestamp': '2025-04-25 10:00:00', 'cell_id': '12347'}

]

# Creating the map

map_view = folium.Map(location=[45.4642, 9.1900], zoom_start=13)

# Adding markers

for record in call_records:

    tower = cell_towers[record['cell_id']]

    folium.Marker(

        location=[tower['lat'], tower['lon']],

        popup=f"{tower['location']} - {record['timestamp']}"

    ).add_to(map_view)

# Saving the map

map_view.save('movement_map.html')

This script creates an interactive map showing the locations associated with the connected cell towers, allowing a clear visualization of the subject’s movements.

How to use call records during investigations

Using call records and cell tower data in judicial investigations must follow strict procedures to ensure the validity and legality of the collected evidence.

Investigators must adhere to key steps:

• Justified request
  Authorities must explain why the records are necessary, specifying the alleged crime and the relevance of the data.
• Acquisition by decree
  Records can only be obtained under judicial authorization.
• Data custody and integrity
  Records must be stored without any alterations, maintaining the chain of custody.
• Forensic analysis
  Analysis must be conducted by experts able to testify in court about their methodology.

Practical applications

During a drug trafficking investigation, call records may reveal repeated contacts between individuals, while cell tower analysis may show that the phones were at the same location at the same time. This enables investigators to hypothesize about meetings between dealers and customers.

In terrorism or organized crime cases, tracking multiple devices can help map the entire logistical network of a criminal organization.

Questions and answers

1. What is a cell tower?
   A portion of territory covered by a mobile network’s base transceiver station.
2. What is the purpose of a call record?
   To chronologically reconstruct calls, SMS, and related data for one or more phone numbers.
3. Can a person be located via a cell tower?
   Yes, but with an error margin depending on the area’s network density.
4. How accurate is cell tower location data?
   It varies: within hundreds of meters in urban areas to several kilometers in rural areas.
5. How long are call records stored?
   In Italy, at least 24 months for voice communications and SMS.
6. Who can request call records?
   Only judicial authorities or law enforcement agencies with authorization.
7. How is a call record analyzed?
   Through forensic analysis software that cross-references time, location, and contact data.
8. Can call records be used as the sole evidence in court?
   Rarely: they usually need to be corroborated by other evidence.
9. What does Cell ID indicate in records?
   It is the unique identifier of the cell tower used during the communication.
10. What’s the difference between phone and internet records?
    Phone records involve calls and SMS, while internet records involve online activities.