KSHB, a local news channel in Kansas City, Missouri, recently gave us all an interesting look into the world of the FBI’s digital forensic capabilities. To put their story together, they spoke with Sarah Lucas, the director of one of the FBI’s Regional Computer Forensics Laboratories. Ms. Lucas shared that along with the equipment stationed in the lab the FBI has vans fitted with enough high tech gear to conduct forensic preservations and analysis in the field.

The article described the van as “a lab on four wheels with five computers inside”. Lucas went on to explain that the examiners are working on all types of cases including homicides, gang activity, corporate hacking and crimes against children. The mobile lab allows the FBI’s examiners to take their equipment to the crime scene and quickly turn around devices once preserved, protecting user’s data while still collecting all the evidence needed to help solve crimes. 

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a recent write up on jdsupra.com, a California Judge has denied a motion requesting the modification of a discovery order which grants Apple the authority to have full forensic images made of 10 iPhones. The plaintiffs made the motion as a response to concerns about the private data that would be included in a full forensic image of their devices. This data includes content such as photos, text messages, contact lists and passwords. Instead the plaintiffs requested that the scope of discovery be narrowed to include only “limited diagnostic data”. Counsel for Apple maintained that full forensic collections would be necessary for their case.

In the end the court denied the plaintiffs motion. The court found instead that because the plaintiffs “put the performance of the devices at the center of the lawsuit” and that because the order requires a neutral third party create the images and conduct the performance testing, any privacy violation was significantly lessened.   

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Police have obtained a search warrant for any recordings that occurred on multiple Alexa-enabled devices found in an apartment where a death occurred. As reported by TechSpot, police are hoping the recordings obtained during the timeframe of the incident will provide assistance in determining accidental death versus murder.

The 32 year old victim, Silvia Galva, was impaled with a 12-inch blade after an altercation with her boyfriend Reechard Crespo. Mr. Crespo claims the death happened as a result of him trying to drag Ms. Galva off his bed, and Galva grabbing a spear with a 12 inch blade attempting to stop herself from being pulled. He says the spear broke and impaled her chest. Crespo claims he pulled the blade out in an attempt to save her life but Galva died from the injuries.

This is not the first time police have requested data from Amazon’s Echo device in order to assist in a murder investigation. Amazon has stated their devices do not record unless they hear the work word “Alexa.” While chances are slim, the device may hold recordings vital to solving the case.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

With the wide array of Apple products available, ranging from computers, tablets, watches, and so on, it may be difficult to keep track of the devices you are currently signed on to with an Apple ID. Failing to keep track of these registered devices presents a potential security risk to the personal data stored on your account. It is possible to manage your list of registered Apple ID devices and remove suspicious or previous devices from your account altogether.

There are multiple reasons to perform a security check up on the Apple devices associated with your account. If a previous Apple device was lost, stolen, or given away, it is best to remove the device from being associated with your Apple ID to prevent unauthorized access to your personal data.

To check your registered devices on a computer, navigate to iCloud.com. From there, you will be prompted to login with your Apple ID credentials. Once logged in, you will select Account Settings. Under the My Devices section, you will see all devices signed in with your Apple ID.

Clicking on each device will give you additional information regarding the device such as the last five letters and numbers of the device serial number. You will also have the option to remove the device from your account, therefor disassociating it with your Apple ID.

To perform this checkup on an iPhone, navigate to the Settings application and click on your name at the top which contains your Apple ID information. From there, you will see the list of devices associated with your Apple ID account with the option to remove devices you don’t need anymore.

It is recommended to enable two factor authentication in order to access information stored on your Apple ID account. Doing so will send a verification code to devices currently signed in to your Apple ID account to provide an extra layer of security when authenticating users.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A plea deal was accepted Tuesday October 29^th between prosecutors and the defense for Richmond attorney Claire Carr who killed three people on Route 288 last year.

The accident occurred on the night of June 27^th, 2018 when driver Linli Xu was traveling along Route 288 and hit a deer, causing her Mercedes vehicle to come to a stop in the left lane of travel. Two people stopped their cars and came to assist Xu. Prosecutors stated all three were off the roadway when the vehicle driven by Carr approached. The vehicle swerved to avoid hitting the disabled Mercedes, but instead drove into the three victims causing their death.

Presented evidence showed Carr using her cellular device to send an emoji “seconds before the collision.” Prosecutors added that according to Virginia distracted driving laws, it is “difficult to prove criminal negligence in cases like this one.”

Often, it is possible to obtain information stored on cellular devices leading up to a crash. By combining the time of the crash, and the timeline of events occurring on a cellular phone, a conclusion may be reached that the driver was distracted by their device.

Eventually, a plea deal was reached and Carr entered a guilty plea to one count of reckless driving with a one-year jail sentence. After acceptance of the plea deal, Carr will immediately begin serving her time in jail with release to work privileges during the week. In addition, Carr’s driving privileges were suspended for six months.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

On Monday October 21^st, a guilty verdict was handed down to Levente Lazar for the murder of his mother, Athena Valentiny. Electronic evidence, including GPS coordinates, Internet searches, and a burner cell phone, assisted the prosecution in establishing its case against the defendant. Jury foreperson Geri Lundy called the amount of evidence displayed “overwhelming.”

During the trial, the District Attorney’s Office alleged that Lazar stabbed his mother to death in order to obtain an inheritance before marrying his girlfriend.

The evidence presented included coordinates showing that Lazar drove from his home in Bloomington, IL to Grover Beach, CA where his mother worked as a nurse. The coordinates were obtained from a burner cell phone used by Lazar. An examination of Lazar’s past online searches showed multiple references to murder and inheritance. On his return trip home, he searched for news articles about the death of his mother before her body had even been discovered. Surveillance footage showed Lazar driving up to his mother’s condo and later in the day leaving her condo followed by her dog, which has not been located.

Jury foreperson Geri Lundy stated the evidence collected made the case against Lazar clear. Lundy went on to say “technology convicted him.”

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Last month, Wakulla County School District in Florida discovered a ransomware attack on their information systems that made their data inaccessible through a layer of encryption. WCTV reported a prompt was displayed on the computer systems seeking a ransom to access their data. The school district was forced to pay the ransom after the attack significantly impacted the district’s transportation program, food service program and library program.

Email accounts on the system were impacted as well; however a digital forensics team worked closely with school district officials to get the email systems restored within a couple of days.

Once it was decided the encrypted data could not be accessed, the district’s insurance company instructed officials to negotiate with the individuals responsible for the attack in order to obtain the decryption key. Ultimately, a deal was reached for an undisclosed amount.

The superintended of the school district stressed the importance of obtaining cybersecurity insurance as well as the need to keep all employees up to date with training and upgrading systems which are responsible for backing up the district’s data.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

So you need to provide a mobile device to a forensic examiner for preservation purposes but you are not sure what exactly to do. Let’s face it, for most this isn’t a common situation. Not to worry. By following the advice below you or your client should be able to avoid the common pitfalls involved in mobile device evidence transfer.

The first and most important thing to do once it is clear a mobile device will need to be forensically preserved/analyzed is to stop using the device. Continued use of a device, even for simple tasks like text messaging or web browsing, has the potential to overwrite older data that may be important. To preserve the data on the device it is best to place it in airplane mode to isolate it from the network and then turn it off.

Once the device has been isolated from the network, you will need to determine the best way to get it to your forensic examiner of choice. If the need for analysis stems from a legal matter, chain of custody will be critical. Keeping chain of custody documentation in mind, the user may want to hand deliver the device for analysis. If this isn’t practical, shipment via a reputable delivery service such as FedEx, UPS or USPS with tracking information is also acceptable. It is best to check with counsel and learn the details of any established protocols or orders when making this decision.

If you are shipping it is important to remember electronic devices like cell phones are delicate and susceptible to damage in many different ways. When shipping a mobile device you will need to be sure to protect it from shock and vibration. One way to accomplish this is to use thick pliable packaging material such as bubble wrap, crate paper or foam blocks. Packing peanuts are often not an ideal choice as the device tends to find its way to the bottom of the box placing it directly against the outside box edge with no shielding on one side.

You will also want to protect their device from possible water damage in transit. To keep a device dry, use simple plastic bags or better yet sealed bubble wrap envelope mailers. Finally, while not as obvious as physical shock and water damage, it is possible that as a device is jostled in transit damaging levels of static electricity could build up and cause damage. To avoid this and have the highest level of protection, you can employ an anti-static bag as the first layer of packaging. These types of bags are available from online retailers and many electronics stores. Shippers like FedEx, and UPS also often have them available along with specialty electronics packaging with anti-static measures already incorporated.

To Review:

• Stop using the device as soon as practical
• Put it in airplane mode and/or turn it off
• Keep chain of custody in mind
• If shipping, remember to adequately protect the device

By following these guidelines, you should be able to easily navigate the first crucial steps in any matter involving mobile device preservation and analysis.   

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Police detectives at the University of Central Florida are utilizing digital forensics software to assist in investigating daily casework. UCF Police Detective Melissa Guadagnino told Click Orlando that cell phone evidence plays a role in virtually every case.

Recently, a man was accused of recording a video up the skirt of a young woman at a graduation ceremony. When confronted, the man who recorded the video deleted it and claimed it didn’t happen. Guadagnino obtained a search warrant to perform a forensic examination of the phone and located several videos of him recording up females’ skirts. The evidence led to him being convicted and a sentence of five years on probation.

Additionally, an earlier case involved a police tip that a 19 year-old sophomore had modified his assault-style rifle into a fully automatic machine gun. After an examination, Guadagnino discovered evidence of the student purchasing parts to transform a semi-automatic weapon into a fully automatic one. The student was ultimately banned from campus.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Due to new capabilities within forensic software, a case involving a missing woman concluded last month with a conviction of second-degree murder, according to The Maui News.

Moreira “Mo” Monsalve was last seen on January 12, 2014 in Wailuku, Hawaii. After Monsalve didn’t show up to work or respond to phone calls, she was reported missing. On January 16, 2014, some of her personal belongings were located in a nearby trash can. One of the personal belongings was a cell phone that had been destroyed.

Multiple years passed with no available updates. In 2017, a Cyber Crime Unit was established with grants to help purchase hardware and software to examine electronic evidence. The cell phone was restored and data extracted from the device which provided helpful details regarding the timeline of events.

After reviewing the digital evidence, Monsalve’s ex-boyfriend Bernard Brown became a prime suspect. Mr. Brown left Hawaii and moved to Northern California after Monsalve’s disappearance.

Mr. Brown was arrested at his home in Sacramento, CA by the FBI Violent Crime Task Force and the Sacramento Police Department. His bail is currently set at $1 million.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics