In January, I started attending police-led training on CDR analysis through the International Association of Crime Analysts. This topic is particularly fascinating for anyone with a background in working with telcos and their data, as records can contain all sorts of valuable information. Especially when it comes to solving crime through time series analysis.
What is CDR?
- CDR stands for Call Detail Records. These are logs maintained by telecom operators that capture metadata about phone communications. These records typically include the calling and the called number, timestamps, call duration, the location of the cell towers (LAC/CI or GPS), IMEI (device identifier), IMSI (SIM identifier), and call type (voice, SMS, data).
Unlike phone call interception, CDRs do not contain the content of communications, just metadata. Typically, police would need a warrant to obtain this information from telcos and undergo a formal process to get only the data relevant to the crime investigation.
What is crime series analysis?
Crime series analysis refers to the study of a set of crimes that are believed to be related due to similarities in method, location, offender behaviour, or timing. It’s often used to detect patterns, predict future events, and identify likely suspects. When applied to Call Detail Records (CDR), the analysis becomes a powerful tool in:
- Linking suspects across multiple crimes
- Understanding criminal networks
- Identifying geographical and temporal patterns
Applying crime series analysis to CDR
Applying crime series analysis to CDR can be used in multiple ways to solve crime:
- Pattern recognition across cases
- Temporal and spacial correlation
- Clustering and network analysis
- IMEI and SIM swap detection
Time series analysis
Among all the techniques law enforcement uses to extract information from CDR, time series analysis seems to be one of the most effective ways to place or exclude a suspect at the crime scene at the time of the crime.
- Time series analysis of cell tower activity from CDRs is a key technique to track suspect movement and correlate presence with criminal events. Its goal is to reconstruct the suspect’s movements over time using CDR tower logs and determine whether their device was in the vicinity of crime scenes at relevant times.
Performing time series analysis involves several steps. First, it consists of structuring the time series using the log timestamps in the CDRS. You might also have to resample or aggregate the data by meaningful intervals. This will provide you with a chart like the one you see below.
You would then map the movement through time (tower-to-tower plotting) and analyze its compatibility with the crime timeline.
Is the time series compatible with the crime?
The result of the analysis will be a compatibility check against the crime based on the following factors:
- Distance to the crime: was the suspect near the crime scene?
- Timestamp match: was the phone in range within a possible window?
- Movement feasibility: does the time/distance make sense physically?
- Consistency: is there repeated appearance near multiple crime scenes?
Time series analysis with R
Several tools allow for time-series analysis and geospatial location. Analysis can get complicated depending on the underlying CDR data and their precision, geographical characteristics, and the presence of more events to be tracked.
However, understanding the process will go a long way in getting started without complex software. In this case, I used R to create a model that extracts the necessary data from a CDR sample and tracks a suspect’s activity compared to the crime scene. In merely 60 lines of code, you can have a working prototype with simulated data. This can then be tweaked and adapted for more complex analysis.
From use cases to a service
As my training progresses in CDR forensics, we implement time series analysis in our service offering. Analyzing data dumps from phone carriers is a fascinating activity with many practical applications, and I look forward to perfecting our models with more case studies and techniques.