According to Infosecurity magazine, digital forensic analysis is underway after a recent data breach that has potentially allowed hackers to access the personal data of millions of users of an online guitar school based in Florida. The website TrueFire.com was apparently compromised in early August 2019 but the breach was not discovered until January 10^th, 2020. This left hackers with months of access to the site during which time they may have been able to harvest not only the current user data but the payment information for ongoing purchases. Luckily, the website did not store payment information long term so only payment information used during this period is thought to have potentially been affected, however, the breach is still under forensic investigation.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Back in 2003, mobile device sales surpassed personal computers for the first time. The extreme growth saw no signs of slowing, and a recent study performed by the International Telecommunication Union indicated that mobile devices in use today currently outnumber the world population. 

From a forensic examiner’s perspective, computer evidence is more prevalent in casework. However, the number of cell phone matters is rising each and every year. Improvements in cell phone storage size, and even screen size, have allowed people to transition into using a mobile device as their “go to” method of connectivity. This shift has increased the amount of potential evidence mobile devices can offer.

In 2019, there were an estimated 7.7 billion people living on Earth. 1.1 billion of that number are estimated to have no access to electricity, making owning a phone difficult if not impossible.

Trying to explain the reasoning behind the massive amount of phones in use is challenging. It is possible the number of working adults with multiple phones may be the reason for this trend. Also, it should be noted the study includes all cellular devices and does not distinguish between feature and smart phones.

The Chart below, obtained from TheAtlas.com gives a visual description of cell phone adaption rate vs. the world’s population growth.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Exploring your options for creating a new app? There may be a topic you want to avoid. Several developers have mentioned that Apple is now rejecting new apps from hitting the App Store if they are related to the COVID-19 coronavirus.

The applications were developed to highlight statistics about which countries have confirmed cases of the new virus. One of the developers reached out to Apple to ask why the app had been rejected and received a statement saying “that anything related to the coronavirus must be released by an official health organization or government.” CNBC says another developer got a written response stating “Apps with information about current medical information need to be submitted by a recognized institution.”

Apple’s restriction seems to be focused on preventing misinformation from unverified sources regarding COVID-19. This serves as a teaching moment that when you are downloading apps from either an iPhone or Android device, it is important to review the app for (1) what information they collect, (2) what permissions they have, and (3) how factual their content is.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Carly Kempler of NBC 29 reported that the Albemarle County Police Department (ACPD) has created a new lab specifically for the investigation of cybercrimes. The lab’s unveiling was March 10, 2020. Located inside the police department headquarters, the new lab has various new equipment to assist officers in their task of identifying, collecting, and examining digital evidence. ACPD Detective Michael Wells said “Two of us are generally working full time every day in here to try and get caught up, because it is very time consuming and time sensitive to get some of this material analyzed.”

Many of the crimes that the lab investigates are case related to child sex exploitation; however, additional digital evidence in other cases is examined in the lab as well. “Most recently we had a shooting case that we’re currently working, and we were able to take the cell phones from the folks that were involved, download that data, and actually gain intelligence” Wells stated.

The creation of the new cybercrimes lab is sure to be helpful addition, the previous lab only had one machine equipped to perform analysis, while the new lab has three computers. The ACPD also plans on training additional detectives to work in the new lab, and estimates that the project cost is more than $100,000. The official release from the police department, which can be found in the NBC 29 article, states that the funding for the lab came from asset forfeiture and grant funds from partners such as the Southern Virginia Internet Crimes Against Children (SOVA ICAC) and from the U.S. Secret Service. The department received around $60,000 from the SOVA ICAC task force for equipment, training and operations.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The Fairfax County Police Department recently displayed their new Mobile Forensics Lab  which assists with their onsite forensic analysis. The new mobile lab allows for examiners to get started on the analysis of evidence collected on the scene of the crime without the need for transporting the collected evidence back to their lab. The use of the mobile lab allows for the investigators to rapidly analyze critical evidence so that they can quickly capture criminals and exonerate those under suspicion. The article by Brain Trompeter quotes numerous Fairfax county officials, one being Maj. Christian Quinn, who states “When serious crimes occur, the opportunity to examine evidence fresh at the scene cannot be recreated.” Maj. Quinn is in charge of the department’s cyber and forensics bureau.

The mobile lab has many unique features, such as a self-contained generator to power the equipment, and a retractable awing that spans 18 feet to protect the officers from the elements as they work. The lab also has stabilizer jacks to ensure that the lab sits on a level surface, even when it is on an incline. The vehicle is a 39 foot long freighter truck which has been outfitted with all the items that an examiner could need while at a crime scene. The equipment for the forensics processes was shipped directly from the manufacturer to the truck manufacturer for installation. Additional features on the mobile lab include an eye-washing station, a decontamination shower, fingerprinting stations, stations for digital evidence, and much more.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently Cellebrite, one of the leading companies in mobile device forensics, released an exciting update to their mobile phone collection solution UFED Physical Analyzer. The new method, referred to as “checkra1n” leverages a recently discovered vulnerability known as “checkm8”.  An interesting aspect of the vulnerability being exploited is that it is not an easily patched software bug but instead built right into the hardware of many recent iPhone and iPad models. Using the new checkra1n extraction allows an examiner to extract the full file system from compatible devices.

Cellebrite UFED Physical Analyzer has long been able to extract most of this data from iPhones and iPads so if you are simply interested in common data like the contact list, text messages or pictures and videos, this may not really bring much new to the table. However, if you are interested in some less common cellphone data, it is important to know that in many cases this new extraction method allows an examiner to copy additional device location data, battery statistics, and more application specific data. 

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Quentin Bird, of Tennessee, has been charged with two counts of first-degree premeditated murder based on allegations he killed an ex-girlfriend, Allison Tenbarge and their unborn child. Tenbarge was found dead, having been stabbed over 20 times, in Bird’s apartment the morning after she had planned to pick up belongings left following their breakup. Tenbarge arrived at the apartment with a friend who stayed in the car with Tenbarge’s phone. Bird had accused Tenbarge of cheating and her friend choose to let them discuss that in private.  After some time, Tenbarge’s phone in the car began to receive text messages from Bird’s device that appeared to be from Tenbarge delaying leaving and eventually sending the friend on a shopping errand. When the friend returned, Bird’s car was nowhere to be found.

The Kentucky State Police were able to locate the car, partially torched, and Mr. Bird in a Kentucky campground. His mobile phone was recovered and analyzed by a mobile forensic examiner, Debra Kolofsky. During her review, Kolofsky discovered deleted web browser history interspersed with the text messages, also deleted, exchanged during the meeting. The phone had been used to search Google and even YouTube multiple times for phrases such as “How to hang yourself”.  Further web browser history on how to commit suicide was recovered throughout the day of the murder.

On February 27, 2020 Bird was found guilty on both counts and sentenced to life in prison without the possibility of parole.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A man has been found guilty of murder after information transmitted from his partner’s vehicle linked him to the scene of the crime, as reported by the BBC.

The 74 year old victim, Gerald Corrigan, was struck by a crossbow and later died as a result of the injuries. Initial inquiries led investigators to suspect Terry Whall. However, the police did not have enough evidence to pursue any charges at that time. After looking into the vehicles accessible to Whall, they discovered a Land Rover Discovery owned by his partner. The vehicle was equipped with technology that relays data to Land Rover such as car location, movements, and the opening and closing of vehicle doors.

Armed with this information, police requested the data from Land Rover and received a full report of the vehicle’s history. The newly acquired information showed the vehicle parked a short walk away from the victim’s home the night of the attack. The trunk was also shown to have been opened shortly before the crossbow attack occurred. In addition, the data showed the vehicle visiting the scene the night before. Additional research by police showed traffic cameras photographing the vehicle on its way home. With the new evidence, Mr. Whall was found guilty of committing the crime.

The data provided by vehicles, GPS navigation systems, and mobile devices can often provide a hotbed of information, which is why police are increasingly relying upon electronic evidence to assist in their investigations.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

This week has served as a reminder that even celebrities aren’t immune to phishing attacks. TV personality Barbara Corcoran, widely known for her role on NBC’s “Shark Tank”, lost nearly $400,000 after an email scam fooled a staff member responsible for Corcoran’s finances.

It is alleged someone created an email address similar to the one belonging to her assistant. The only difference was that the email was misspelled by one letter. The email requested that Corcoran’s bookkeeper wire a total of $388,700 for a real estate deal. Since the bookkeeper failed to notice the fake email address, she completed the wiring transaction. Once the mistake was caught, the scammer who created the email account had disappeared and Corcoran has stated she won’t be getting any of the money returned. Authorities are currently investigating the situation.

Phishing attacks are on the rise with the total amount of money stolen increasing daily. Manor Independent School District, located in Texas, lost over $2.3 million dollars due to a similar email attack. However, not all phishing attacks are created equal. CNN reports that Americans lost nearly $143 million dollars last year due to online romance scams.

Clicking on unknown links, accidently installing malicious programs, or giving banking information to unverified sources are all activities to steer clear of when using the internet.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The use of police dogs to track and find evidence is not a new concept, however more and more police forces are enlisting the use of canines to sniff out electronic devices that may otherwise not be found. Lake County, IL has one of these specially trained canines, Browser, and he recently helped police search the home of Parrish Livingston. Livingston has now been charged in an identity theft scheme that has more than 100 victims, CBS Chicago reports.

His handler, Carol Gudbrandsen, said this about the canine, “He found devices that we missed – in dirty laundry, hidden high up on a desk, on shelving units above a desk – he was able to find those.” Browser and Gudbransen work for the Lake County State’s Attorney’s office and have been a team for two years. In their two years, Browser has gone out on around 50 search warrants to sniff out electronic devices.

The canines receive special training to detect a chemical that is used in most electronics. Tod Jordan of Jordan Detection, handles the training of the dogs using the chemical Triphenylphosphine oxide or TPPO. These electronic detecting canines are not new, but the number of the canines being trained has increased tenfold in the U.S.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics