The riot that took place on January 6 around the US Capitol building eventually led to the rioters breaching the building and gaining access to various offices, as well as the House and Senate floors. Since then, many law enforcement agencies have been investigating and collecting evidence about the incident. Darrell West of the Brookings Institute recently published an article entitled Digital fingerprints are identifying Capitol rioters, in which he describes the various types of electronic evidence that can and is being collected by law enforcement.

In the article, West discusses items of evidentiary value such as social media posts, text messages and emails. The evidence that can be gathered from social media seems to be one of the main focuses of the article. West writes “Identifying rioters has been easy because many of them posted pictures of themselves inside the Capitol Building.”

Not only do the pictures assist in identifying these people but that also helps build a rough timeline of when something happened as posts to most social media sites are dated and timestamped as to when they were uploaded. Other information such as file metadata would be useful as well, especially with photographs where items such as device location, date and time of the photo, and other items can be found. The article is definitely worth a read and provides an insight into what information is assisting law enforcement with their investigations.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently NBC 4 Washington reported on a breakthrough made by the Kalamazoo County Michigan Sherriff’s office in the 2017 murder of Ronald French. French had been discovered dead in a cornfield in the county on June 26, 2017. His fatal wounds were consistent with having been strangled with a cord and dragged behind a car or truck.

Despite the Sheriff’s office best efforts, the case yielded no answers or arrests for French’s grieving family. However, their luck changed when recently one of the investigators learned of the potential gold mine of information that can often be extracted from the onboard computers of newer vehicles. French’s 2016 Chevy Silverado pickup had been stolen around the same time of the murder and later recovered. Focus shifted to what data it might still contain.

As luck would have it, a forensic examination of the truck yielded an audio recording of a man other than French using the hands free stereo system to play music which was time stamped at approximately the same time the murder had taken place. Police played the recording for a number of people close to French and they identified the voice of Joshua Wessel. Wessel’s voice was even identified by his wife according to police reports. Using this evidence, the police were able to put some of the other pieces of the investigation together and they have arrested and charged Wessel with the murder. He has pled not guilty and is awaiting trial.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The Turlock Journal recently reported on the arrests of three individuals by the Stanislaus County Sheriff’s Department stemming from a search warrant issued for a residence and vehicle in Waterford California.

The search recovered “a large amount of stolen mail” along with a loaded handgun, illegal drugs and digital forensic evidence that the sheriff’s department believes may point to an ongoing identity theft scheme. The parties arrested were Rebecca Reagan, Ryan Swindle and Brittany Dickerson. Reagan and Swindle appear to be the focus of the mail theft charges. Investigators from the United States Postal Service are working with the Sheriff’s office as they sort through the stolen mail which was apparently taken from communal mailboxes, like those found outside of many apartment buildings, in multiple jurisdictions in the area. Digital forensic investigators are tasked with reviewing the electronic devices and other digital evidence recovered from the residence in an attempt to identify those whose personal information may have been exposed by the theft.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Ronald French’s body was recovered from a cornfield in Michigan during the summer of 2017. He had gone missing three weeks prior. His body had extensive damage which led the medical examiner to conclude that he was murdered. French’s murder was investigated for more than two years without any arrests being made. That was until one of the detectives assigned to the case learned about the emerging field of vehicle forensics, NBC News reports.

Vehicle forensics involves the study of data stored and transmitted onboard cars, especially newer ones. In recent years, investigators have turned to this type of examination for the potential “treasure trove” of evidence this data can provide. It is often possible to determine a vehicle’s location at a certain date and time, which doors were opened, and texts and calls that were made while the cellphone registered to the car was connected.

Armed with this emerging analysis practice, detectives performed an examination on French’s 2016 black Chevy Silverado pickup truck. Time-stamped voice recordings were located within the onboard computer that showed a voice other than French’s giving a hands-free command to the vehicle to play music right around the time of French’s murder. The voice was analyzed and was determined to belong to Joshua Wessel, an associate of French’s.

Wessel has since been arrested and is charged with the murder of French. Wessel has pleaded not guilty and awaits an upcoming trial.

In a digital world, it is important to take into account the various mediums that can assist in a digital forensic investigations. Newer sources of data including vehicles, voice assistants, and smart devices may assist where traditional investigation techniques hit dead ends.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently The Guardian reported on the alleged hacking of a cell phone used by the international media group Al Jezerra. Earlier this year the phone was receiving anonymous calls and texts threatening Al Jezerra employees working on the investigative journalism program “The Tip of the Ice Berg”. The messages demanded, among other things, certain stories seen in show teasers not be run, at times even suggesting those working on the show might face the same fate as Jamal Khashoggi.

In an attempt to determine who was behind the threats, The Citizen Lab, based in Toronto Canada, was enlisted to forensically analyze the device and eventually to install a monitoring and tracking platform created by Citizen Lab. The phone was monitored for a number of months with no apparent abnormal behavior noted. Then a few days after the show aired a potentially sensitive story for the United Arab Emirates suspicious activity was detected. Eventually over 30 mobile devices at the company were determined to have been compromised as well.

In its report of the incident, Citizen Lab noted that they believed the attack was carried out using software from the Israeli private security firm NSO. Further, they identified a number of groups believed to be operating the software including a group from Saudi Arabia and another from the UAE. The software was alleged to have been deployed using an exploit that takes advantage of older Apple iOS devices. This exploit would not require any input from the victim’s end; however it seems this exploit has been fixed with new versions of Apple’s operating system.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Elliot Hirsch recently posted on the ELL Blog about a case where the court discovered that victim in a sexual harassment case created fake text messages. In summary, the case revolved around text messages that were sent between two colleagues that were engaged in a consensual sexual relationship.

Sarah Lee, the victim, alleged that Paul Sims and other employees continued to verbally and sexually harass her after she had decided to stop their relations. She was fired from her job and then filed a suit claiming gender discrimination and state law claims. 

Sims however, hired a computer forensic expert to look into the electronic evidence. The expert reviewed the evidence in the case and determined that Ms. Lee had fabricated text messages and that they were not sent when she said they were. A review of court documents in the case revealed that the expert hired to look into the messages discovered that of the messages that were provided in discovery, at least 44 of those messages resided in the phone’s unsent messages folder and that their date and timestamps were almost a year after the incident had taken place. After hearing testimony from the expert, the court concluded that messages were indeed fabricated. Hirsch writes “She obstructed discovery by not producing, in electronic format, the text messages.” More information about the case can be found here.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Liz Sawyer of the Star Tribune reports that photos from a teen’s cellphone were crucial in identifying the suspect in the death of 17-year-old Elijah Watson. On December 14, police responded to a call of a shooting that happened in the 500 block of W. Jessamine Ave at around 2pm. They found the body of Watson who had been shot. Witnesses reported hearing gunshots and seeing males run down the street and get into a black car. Another call of a suspicious person wiping down a parked vehicle before the person got in another car was also reported to police, where they discovered a stolen Pontiac G6 with blood on the door and window.

Investigators discovered a cellphone on Watson that contained photographs that were timestamped from an hour before the shooting took place. One of the photos showed Watson inside a stolen vehicle with three other boys, including the suspect in his death, Javeon Kohene. Security footage from a supermarket showed the boys entering the store and then returning to the stolen Pontiac G6. The next day a report of a teenager matching the description of Kohene approached a woman claiming he needed help jumping his car and made off with her purse and vehicle. Police found the stolen vehicle at Kohene’s home where they also found a .40-caliber handgun that forensic tests confirmed as the murder weapon.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

In South Carolina, The State Law Enforcement Division, “SLED”, is investigating the release of a video showing private moments involving Belton Mayor Tiffany Ownbey and an unidentified man. An attorney representing Ms. Ownbey claims she is a victim of “revenge porn” according to GreenvilleOnline.

The attorney for Ownbey has stated that a man secretly recorded the video of a “private and intimate encounter” with Ownbey many years ago and threatened to distribute the video if she broke up with him. The identity of the man who has been accused of recording the video has not been disclosed at this point.

“We continue to look into the situation, and we’re exhausting all forensics and investigative leads,” said SLED spokesperson Tommy Crosby.

Ownbey’s attorney also stated that they are waiting for the conclusion of the investigation before considering further legal action.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Sarah Coble of infosecurity-magazine.com reports that the Sonoma Valley Hospital notified 67,000 patients that their personal data may have been exposed in a cyber-attack.  The attack on the network happened in October of 2020, and Coble quotes “by what is believed to be a Russian threat actor.” The hospital experienced a ransomware attack which has been one of many such attacks on hospitals this year. The attack was apparently discovered on the day it occurred and the hospital IT staff took measures to shut down systems to minimize damage to the hospital network and devices. The hospital hired an external information technology and forensics company to assist the hospital cybersecurity team in conducting the examination and review of their systems. The external company advised the hospital not to pay the ransom demanded by the attackers and the hospital followed the advice of the company.

The forensic examination revealed that the criminals conducting the attack “could have accessed information including patients’ names, addresses, dates of birth, insurer group numbers, and subscriber numbers” writes Coble. Additionally, Coble includes that the forensic examination showed that other details such as “diagnosis or procedure codes, date of service, place of service, amount of claim, and secondary payer information” could have been accessed as well. It is reported that the analysis of the systems did not seem to indicate that patient financial information such as credit card info or social security numbers were accessed.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

On December 7, Patricia Mazzei of the New York Times reported that police officers seized the computer, cellphone and hard drives of Rebekah Jones. Ms. Jones was fired from her job as virus data manager in May, after which she filed a whistle-blower complaint against the state. The seizure of her electronic evidence is related to unauthorized access to the Department of Health’s internal messaging system. Among the evidence that was taken from her home were hard drives which Ms. Jones states “that had evidence of corruption in the state.”

Ms. Jones worked as a geographical information systems (GIS) manager in the Florida Department of Health’s division of disease control and health protection. She was fired in May for insubordination, and alleges that the termination was for refusing to manipulate coronavirus data to show that counties in the state were ready to reopen after the state’s lockdown. “The Department of Health has denied the accusation” Mazzei writes.

The Florida Department of Law Enforcement “said it served the warrant at Ms. Jones’s Tallahassee residence in connection to an investigation that began on Nov. 10, after Department of Health employees received an unauthorized message on their emergency alert system” explains Mazzei. The message apparently warned the department employees to “speak up before another 17,000 people are dead” the Tampa Bay Times reported of the incident. The message continues on to appeal to the employees that they know what is allegedly going on is wrong and that they should speak out before it is too late. A spokeswoman from the Department of Law Enforcement is quoted stating “[agents] believe someone at the residence on Centreville Court illegally accessed the system.” The investigation is ongoing and Ms. Jones has stated “I’m not a hacker. I wouldn’t know how to do that,” and “[it’] data science, not computer programming.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics