A recently published FBI.gov article documents the importance of digital forensic laboratories when dealing with modern day criminal investigations.

An interview with Steven Newman, an FBI Special Agent, highlighted the vast amounts of electronic evidence that occurs in casework. “Every single case now involves some sort of digital evidence.”

Newman is the director of the New Jersey Regional Computer Forensics Laboratory, dealing with digital evidence and cyber investigations. In May of 2018, a tip submitted to the FBI lead to the investigation of three men in a suspected connection to the terrorist organization ISIS. Once the suspect’s computers and mobile devices were examined, a wealth of crucial electronic evidence was reported that showed steps taken to view “ISIS materials, maps, and videos, including videos that depicted executions.” Evidence was also presented that documented the men’s desire to join the organization and ultimately disguise their online activity. Each man received a jail sentence ranging from eight to fifteen years.

Modern communications are changing and subsequently complicating the way digital forensic examinations are performed. More and more online communication is subject to encryption, where investigators are required to search for alternate routes in order to obtain information of interest. An emphasis is places on the ability to keep up with rapidly evolving technology and the tools that assist in the examination of electronic media.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Several instructors at Fayetteville Technical Community College were released from their positions after they alleged the school was tampering with student grades in order to receive a higher pass rate. The former instructors are now seeking a digital forensics expert to examine computer records belonging to the college for evidence to back up their claims.

The lawsuit, originating in 2016, made claims that the school’s administration team began “pressuring instructors to start giving D grades to failing students instead of F grades so that the students would pass their classes and stay in school.” The alleged order was received after laws were passed that allowed for additional college funding for schools with high retention rates. Instructors claim that if they had low retention rates, they were subjected to low performance reviews and were unable to teach additional classes.

When the instructors spoke with the head of the Human Resources department, their concerns did not receive a response. When it was time to sign annual teaching contracts, the instructors claim they were not offered positions due to their stance on the grading policies. Fayetteville Tech released a statement saying the instructors’ claims are not valid and they have never asked instructors to inflate student grades.

Fayetteville Tech’s computer records have been requested by the plaintiffs in order to search and extract documents relevant to the investigation. Previously, a judge approved the order to hire a computer forensics examiner to receive a complete copy of the computer system in question. A Court of Appeals Judge later denied that order due to the fact that the records could include sensitive documents that are protected by law, including correspondence between the school and its lawyers.

Currently, the court is deciding how to allow for an examination of Fayetteville Tech’s computer records without jeopardizing confidential data.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The Internet allows for anonymity when connecting with users around the world. When that capability is abused, digital forensics may be used to assist in determining the identity of the person behind the keyboard. In the case of Rahul Joshi, a forensic investigation led to his arrest for sending threatening messages using an anonymous profile, the FBI reports.

The case began in December of 2018 when federal law enforcement agents received a complaint from a female Snapchat user, who had allegedly been receiving threatening messages across multiple applications from various users that all seemed to be connected. After further investigation, multiple victims across multiple states were discovered to have been experiencing the same situation.

Law enforcement began their investigation by analyzing the threatening messages. When using digital forensics software, it is possible to determine additional information that is not contained in the eye-level message content. Often, it is possible to determine location data, dates and times, and user profile information. After a thorough examination, the messages were traced to Rahul Joshi, a former student at the University of Texas now living in Richardson, Texas.

According to investigators, the victims in the case were subjected to daily harassment and were living in a constant state of fear from the messages that were being sent. The content of the messages are currently unknown; however, U.S. Attorney Joseph D. Brown commented on the severity of the messages: “these were extreme messages, and no one should have to put up with that kind of nonsense.” If convicted, Joshi could face up to five years in federal prison for the crime.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Digital evidence is at the forefront of the Grant Amato Murder Trial, as reported by FOX 35 Orlando. Defendant Grant Amato is accused of killing three family members in January of this year. The cause of the murders stemmed from a dispute involving a large sum of money Mr. Amato paid to an online webcam model. During trial, the prosecution alleged that after the three murders, Amato copied files from his computer to a USB flash drive in an attempt to hide evidence.

The USB drive contains pictures of a Bulgarian webcam model identified as Silvie. Amato is said to have spent around $200,000 on the relationship that he had with the model. Mr. Amato’s mother, father, and brother confronted him about the online relationship. Initially, Amato agreed to cut ties with the model in order to continue living at the family residence. When contact with the model continued, it is alleged that Amato killed the family members after they tried again to end the relationship.

Digital forensic investigator Geraldine Blay, employed with the Seminole County Sheriff’s Office, testified that the USB drive was plugged into Mr. Amato’s computer around 11:30PM on January 24^th, the same evening of the murders. Additionally, it was determined one of the victim’s phone was plugged into the computer belonging to Mr. Amato and later put into recovery mode. Ms. Blay believed this was an attempt to factory reset the device.

On July 31^st, 2019, the jury reached a verdict of guilty on all three counts of murder, after deliberating for more than eight hours. The sentencing phase begins on August 12^th, with Amato facing the death penalty or life in prison.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Researchers at Check Point Software Technologies LLC, have identified a new variant of malware for Android devices, that they have called “Agent Smith.” The application is reportedly disguising itself as Google related applications. It appears to be that most of the victims of the malware are located in India or other Asian countries, but a number of infected devices in the U.S., U.K., and Australia have been reported as well.

Researchers have determined that the malware is currently acting to display fraudulent advertisements for financial gain. However, the malware could be used for more intrusive or harmful purposes. The malware has the ability to hide its icon from the user as well as impersonate existing user applications. It is reported that the malware can infect smartphones that have been updated past Android v.7.

This version of malware has the ability to infect other predetermined common applications that could be on the device, by checking the installed applications. Applications such as WhatsApp, MXplayer and more may be potentially exploited by the malware. The malicious application was originally downloaded from a third-party app store called 9Apps. Many third-party app stores lack security measures to check apps on their store for malicious payloads.

Check Point recommends that if you suspect you have downloaded an application that could contain the “Agent Smith” malware, immediately navigate to your device’s application manager and uninstall the application. If you are unable to find it, they recommend uninstalling all recently installed applications. It is also recommended that you keep your device up to date with the latest version of the operating system available as they frequently release updates and patches to fix known vulnerabilities. As a reminder, experts suggest that you only download applications from trusted sources.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The Mueller report produced in March, which totals 448 pages, is continually being analyzed and broken down. An article written by Kevin Collier details the use of encrypted messaging applications used by the parties investigated by Mueller and his team, and what that meant for the investigation.

Collier’s article details how Mueller and his team were able to gain access to some conversations/communications by obtaining the proper legal documents to seize and examine some of the recipients’ devices. One of the issues that Mueller and his team encountered was that several of the secure messaging applications used do not retain messages for an extended amount of time unless the user chooses to save them. It was discovered many communications during the timeframe of interest were deleted, along with any potential backups.

Encrypted messaging applications such as WhatsApp and Signal can be difficult to recover existing communications from let alone deleted communications. These applications utilize the Signal Protocol, which ensures that communications are sent and received in an encrypted format. These applications also allow for the user to delete their message history, individual chats, and single or multiple messages in a thread, all while storing the information on encrypted databases on a device. In some cases, decrypting the databases is possible but highly unlikely without the proper decryption key.

Without the communications to back up stories relayed to the special counsel and investigators, there was not much that could be done to prove if what they were being told was accurate or not. A quote from Mueller’s report, detailing communications between former White House Chief Strategist Steve Bannon and American businessman Erik Prince reads: “The conflicting accounts provided by Bannon and Prince could not be independently clarified by reviewing their communications, because neither one was able to produce any of the messages they exchanged in the time period surrounding the Seychelles meeting.”

One of the methods that we employ when attempting to recover or retrieve communications that occurred through encrypted messaging applications is to analyze potential backups that were made. The capabilities to generate a backup of messages vary depending based on the messaging service used.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The highly publicized Kevin Spacey trial concluded last week with prosecutors dropping all charges against the actor.

Spacey faced criminal charges of indecent assault and battery in an accusation that the actor groped a young man at a Nantucket bar in 2016. Text messages and videos were presented by the accused to corroborate the claim and ultimately resulted in felony charges brought against Spacey.

During pre-trial hearings, it was determined the mother of the accuser had deleted pertinent information from the cell phone prior to a forensic examination being performed by the police. A voluntary admission from the mother allowed the defense team direct access to the accuser’s phone contents to examine the device for deleted messages. When attempting to retrieve the phone from the prosecution, it was pronounced “irretrievably lost” and not able to be turned over. The accuser’s family alleged they could not remember if the police department had ever returned the phone after the examination. When questioned, it was discovered the police department responsible for the examination did not maintain a chain of custody form documenting the change of possession and had no signature to verify the return of the device to the accuser’s family.

Without access to the physical device, defense attorneys compared the forensic report to the screenshots of the messages that assisted in the felony charges brought against Spacey. A comparison concluded that important parts of the conversation were deleted before the phone was turned over to investigators.

During the accuser’s testimony, he was asked directly if he was aware it was a crime to delete evidentiary data from a device in a criminal trial. The accuser’s response stated that he was not aware of that. A short recess followed, after which the accuser decided to invoke his Fifth Amendment rights to protect against self-incrimination and subsequently declined to give any further testimony. Nantucket District Court Judge Thomas Barrett stated he was unsure how the case would continue without testimony from the key witness.

Dealing with a crumbling case, prosecution attorneys decided to drop all charges against Spacey last week. Some very important topics in digital forensics and proper evidence handling arose from this story. Not maintaining a proper chain of custody form and evidence tampering highlight the importance of using best practices and applying proper documentation when handling electronic evidence. This is how cases involving digital forensics are lost and won.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

A blog post from Google has confirmed that recordings from devices enabled with Google Assistants have been leaked online. The data leak raises privacy concerns about the use of virtual assistants, increasingly being integrated into “smart homes” worldwide.

The Google Assistant software comes pre-installed on Google Home, Nest Thermostats and other smart devices. Any recordings obtained from the device are subject to review from Google contractors, which monitor the recordings to assist in developing and improving the speech recognition technology. Google addressed the steps used to protect user data during the review process and stated: “Language experts only review around 0.2 percent of all audio snippets. Audio snippets are not associated with user accounts as part of the review process, and reviewers are directed not to transcribe background conversations or other noises, and only to transcribe snippets that are directed to Google.”

Consumers weary of the audio reviews performed may want to avoid Google Assistant devices altogether with the news that some recordings reviewed by contractors have leaked. A party in possession of the leaked files described the recordings as “bedroom conversations, conversations between parents and their children, but also blazing rows and professional phone calls containing lots of private information.”

The possibility of strangers listening in on your private conversations have some thinking twice about employing this assistant. If data privacy is a concern, it is possible to disable the software within the settings of your specific Google device.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Kelcie Miller, 26, previously worked for the Madison County Public Defender’s office as an attorney, despite failing the bar exam twice, from October 2018 to May, 2019. Her legal carrier is now over.

After six months on the job, Ms. Miller was terminated because she was not the licensed attorney that she claimed to be. A court reporter double-checking the spelling of the attorney’s first name against a state list of licensed attorneys noticed made the discovery and reported the discrepancy.

Ms. Miller has been charged with felony theft, false impersonation of an attorney and forgery. The authorities investigating the case have collected computer evidence of a forged law license used by Ms. Miller. Officers were able to obtain a search warrant in May and took possession of several items used by Ms. Miller during her employment with the Madison County government, including a cellphone.

The Telegraph reports that forensic analysis of web browser history was performed and identified several searches for “practicing law without a license,” a log-in to the Illinois Attorney Registration and Disciplinary Commission website, and an image of a fellow attorney’s ID card. It is alleged that Ms. Miller asked attorney Daniel Harrow for a photo of his ID card so that she could show her mother a picture of what the ID card looked like. The computer evidence showed that a fake ID card image was created on May 20, 2019 which is the same day that Madison County Public Defender. John Rekowski confronted Miller about her credentials.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

As we wrote on June 4, actor Kevin Spacey and his attorney made spoliation claims against the accuser. This week,  NBC News reported that the accuser has invoked his Fifth Amendment right in regards to testifying about the missing cellphone evidence. Counsel for the accuser told Judge Thomas Barrett of the Nantucket District Court that they have been unable to find the missing phone.

While on the stand, the accuser stated that he had not altered or deleted potential evidence on the phone in question back in 2016. Spacey’s defense attorney, Alan Jackson, reminded the accuser that altering evidence is a felony.

In response to the invocation of the Fifth Amendment, defense counsel argued that the entire case should be dismissed. As of now, Judge Barrett has not dismissed the case but did mention that the case could be dismissed due to the sole witness invoking his Fifth Amendment rights and not being able to testify. The judge set the next hearing for July 31.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/