According to WBRC News, Trussville Alabama Police recently recovered a laptop during a narcotics raid that reportedly contained over one million stolen identities. Police located the computer when suspect Fred Collins fled during the raid, dropping a bag containing the laptop as well as blank cards with magnetic storage strips and what they believe to be a machine to encode the cards.

Digital forensic investigators who reviewed the computer explained the laptop was seemingly being used to purchase the stolen identities from the dark web. These id packages contained personal information including names, birthdates, social security numbers, email addresses, passwords and credit card numbers. Another source referenced a “beginners guide to credit card fraud” that was also found at the residence. While authorities did recover the laptop, Mr. Collins was able to escape. He is wanted in connection with the incident.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

KLTV in Texas recently reported on the arrest of Roland Gaines in Tyler, Texas. Mr. Gaines has been accused of recording video of a woman and her husband without their consent while they were staying in a guest room at his home.

Gaines knew the woman from years earlier when he and his wife sponsored the then young girl in Columbia through the humanitarian organization Compassion International. After she grew older, Gaines began to go on yearly trips to Columbia to visit. After another trip to Columbia in 2016, Gaines’ wife discovered inappropriate photos and videos of the woman on his personal computer. Initially she deleted them and later reported the incident to police. Upon hearing that his wife had contacted the police about the images, he reportedly took all of the household computers outside and shot them in an attempt to destroy their contents.

Also, apparently in 2016, the Gaines’ invited the woman and her husband to visit them at their home in Texas. Years later, in 2019, Gaines’ wife uncovered photos and videos of the couple from their guest room. This time she turned the computer over to police for a digital forensic examination. The police examiners located thousands of photos and videos of the couple seemingly taken without their knowledge.

Investigators then reached out to the couple in Columbia who were able to confirm they were not made aware of the camera in their guest room during the 2016 stay in Texas. The woman also went on to describe a number of inappropriate and unsettling actions taken by Gaines during the 2016 trip to Texas. Gaines has been charged with Invasive Visual Recording and at the time of the report was being held on a $100,000 bond.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Thomas Santos, a 30-year-old from Bethlehem, Pennsylvania, was formally charged with delivering controlled substances that resulted in a death, according to Lehigh Valley Live. The matter involved significant amounts of electronic evidence that helped solve the case involving the death of a 29-year-old woman.

The victim was found dead inside her vehicle in late March, with a blue pill marked “M” on one side and “30” on the other. After a review by the Northampton County Coroner, it was determined the victim overdosed on fentanyl. Also contained in the vehicle was a cell phone. The phone was analyzed by digital forensic experts and the outcome of the analysis provided a suspect, Thomas Santos.

Text messages revealed that Mr. Santos had engaged in a conversation with the victim regarding the pills prior to her death. The pills, which turned out to be fentanyl disguised as Oxycodone, were given to the suspect hours before her death. The texts also indicated that Mr. Santos had mistakenly given the victim three pills instead of two.

Police stated that Mr. Santos had been a suspect in a previous overdose case involving the same pills, where Mr. Santos was ultimately not charged. However, this time he was not as lucky. Police arrested Mr. Santos and while doing so located drug paraphernalia in his possession, including heroin. A preliminary hearing is scheduled for June 1^st.

A reoccurring theme we see in modern day casework is the use of electronic evidence in helping convict suspects. In this case, the victim’s phone contained valuable digital evidence that helped bring clarity, and potentially down the line, a conviction.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Back in 2018, mobile forensic firm Grayshift released their password cracking tool GrayKey. Strictly for law enforcement, the device possesses the capability of cracking a four-digit passcode in minutes, and a six-digit passcode in less than a day. However, for more complex passcodes, ranging from 8 to 10 digits, the device could take years to find the successful combination.

As reported by NBC News, Grayshift has developed new software that has the capability to reveal an iPhone’s passcode much quicker. The software, named Hide UI, has the capability to be installed on an iPhone via GrayKey and has the ability to track a user’s passcode when entered on the device. This means the device must temporarily be put back into the hands of the suspect. For example, suppose the device was given back to the user or suspect in order to speak with their attorney or write down phone contacts. Once the user enters the passcode, the tracking software records the passcode and reports back to law enforcement when plugged back into the GrayKey software.

Ethical concerns have arisen from news of the tool, including the potential for the software to be used without a warrant. In addition, there is a limit to the information known about the new software, since GrayKey requires their users to sign NDAs before fully explaining their software’s potential.

News of the tool comes at a time when Apple is constantly trying to keep iPhones secure and patch any known vulnerabilities. Additionally, while the software may assist in determining the iPhone’s password, extreme caution must be used when putting potential evidence back into the hands of a suspect.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

George Lythgoe of The Mail reports on the work that the Cumbria Constabulary’s Cyber and Digital Crime Unit (CDCU) has performed since its inception a year ago. The cybercrime unit focuses on crimes that range from child sex exploitation to fraud in Cumbria, England. Since the unit was formed, it has worked on 90 cases total, 43 cases dealing with fraud and 47 cases dealing with online child abuse. Due to their diligent work, 51 suspects in the cases have been arrested and there have been 18 criminals charged.

The Digital Forensics Unit, a part of the larger Cyber and Digital Crime Unit, has assisted with 355 cases across the police force, performing examinations of the seized electronic devices. The Cumbria Police and Crime Commissioner, Peter McCall stated “The CDCU is an essential part of the Constabulary helping track and arrest online predators and fraudsters as well as assisting in the location of evidence within electronics such as mobile phones and laptops.”

Detective Inspector Ian Harwood, who leads the CDCU, is quoted stating “These figures show how busy the unit has been in its first year and the important role it is playing in catching cyber criminals and protecting the public.”

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Mark Shenefelt of the Standard-Examiner reports that Jon Lee Arends has had obstruction of justice charges filed against him. Arends was charged recently with offering a woman free rent in exchange for sex and has now been accused of tampering with evidence by remotely erasing data from his iPhone before law enforcement could finish their search. 

Arends was arrested Wednesday May 13,and has been charged with three counts of intent to engage in sexual activity for a fee after allegedly placing three ads on the internet. Two of the ads were offering women room rentals in exchange for sex and the third asked for a woman to model a bra for him in person. Police seized Arends’ iPhone upon his arrest,retrieved some evidence from the device and locked the phone up, with the intent to continue their review the following day. Arends was released from jail just hours after his arrest with the posting of his bail.  A detective at the Weber County Sheriff’s Office stated that the next morning data had been wiped off of the device and it was restored to factory settings. Investigators believe that Arends used the “Find my iPhone” feature or an iCloud account to remotely wipe data off the device, as the physical device was in possession of the Sheriff’s Office.

Remote wiping capabilities are certainly possible with many mobile and other devices which is why it is imperative that network communications and connections are restricted or blocked when conducting an analysis or examination of the contents. Items such as Faraday bags, cages, etc. assist in blocking these network connections as well as enabling, especially on mobile devices, the airplane mode feature, which helps to restrict connections.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to the Arkansas Democrat Gazette, digital forensic experts were recently called in to assist in an investigation of an email breach potentially exposing sensitive information about the State’s largest government retirement system.

The email breach at the Arkansas Teacher Retirement System occurred in early February of this year and an internal investigation was immediately launched. Independent computer forensic investigators were also hired to assist in determining the extent of the information which may have been exposed. The system manages retirement plans for over 100,000 members, both working and retired, and was valued at $17.5 billion at the end of the 2019 fiscal year. At the recent conclusion of the forensic investigation, it was noted that there was no evidence that data from the email account was viewed or utilized by the attacker. The Arkansas Teacher Retirement System has still chosen to notify approximately 50,000 of its potentially affected members and is offering free identity protection and credit monitoring for those members.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, according to the Evening Echo of Cork, police stopped Gary Cambridge of Cork, Ireland while leaving a train station with over €100,000 worth of heroin in his backpack and pocket. There had been tips provided to Detectives that Cambridge had been making regular trips between Dublin and Cork to transport the drugs. Authorities further believed he had ties from a high level all the way down to street level dealing.

However, when he was stopped at the train station, while he was co-operative admitting to having drugs to police, he attempted to minimize his apparent involvement. In an interview he explained that he was moving the drugs under duress in an attempt to pay off his own drug debts. A forensic review of his mobile phone appeared to show otherwise with lists of names, nicknames and aliases of others involved. There were even text discovered in which he appeared to be recruiting others to assist in dealing the heroin. According to the Evening Echo, Cambridge has been sentenced to seven years with the last year suspended by the Cork Circuit Criminal Court. 

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A walk in the wooded area of Tuolumne County, California proved almost fatal for one hiker looking forward to a day trip hike, as reported by Digital Journal.

The hiker completed a nearly 6-hour walk, and then realized she had lost her way. With night falling quickly and realizing that her cell phone was close to dying, the hiker placed a phone call to a family member informing them of her situation. Shortly after the call was placed, her phone battery was depleted, and the device powered off. Once family members contacted the police, a “ping” attempt was performed. However, due to the fact the device was powered off, the ping attempts were unsuccessful.

The initial search was called off due to weather conditions and difficult terrain. The following day, an investigator was hired to examine and map the cell phone records. The call detail records combined with the device’s last location allowed for several “geo-locations” to be determined. These locations displayed areas where the hiker was most likely to be found.

Once first light arrived, rescue teams were dispatched to the specified geo-locations and found the stranded hiker alive.

With the call detail records, which proved vital in the hiker’s discovery, disaster was prevented. This outcome proves how cell phone records can greatly assist in locating missing persons.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Lenore Sobota of The Pantagraph reports that evidence found on the cellphone of a former University of Illinois police offer led to further charges of sexual assault, abuse and intimidation involving four separate victims. Jerald Sandage was arraigned on five counts of criminal sexual assault, one count of criminal sexual abuse and two counts of intimidation for incidents dating back to June 2012. Sandage, was arrested on the new charges on Wednesday, April 22. Bond for the new charges has been set at a total of $3 million, with each of the new charges being $750,000 each.

The incidents all allegedly occurred while Sandage was a member of the U of Illinois Police Department. Charges for official misconduct allege that Sandage used a police data system to search for information about people that he could then use for personal advantage. Evidence from Sandage’s cellphone during the initial investigation as well as additional information from people led to the new charges against Sandage. Evidence from the cellphone includes photographs of the alleged incidents among other information gathered.

The case has been continued to Friday May 1, while Sandage consults an attorney about the new charges. No plea was entered as Sandage had yet to retain an attorney.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics