If you’ve ever wondered what mobile device forensics is, the goal of this post is to inform you about the basics of analyzing mobile devices and what you can expect to be retrieved from them.

Mobile device forensics refers to the collection and analysis of digital evidence or data from a mobile device such as a cellphone, smartphone, or tablet. As their availability has increased significantly, mobile device casework is more common than ever.

Mobile devices often provide the convenience to send and receive information from virtually anywhere in the world, allowing them to contain huge amounts of personal data.  The type of evidence that can be retrieved often depends on the make and model of the device.   

In general, the types of evidence that can be found on mobile devices includes:

• Messages (SMS/MMS, iMessage)
• Third Party Messaging Apps (Kik, Whatsapp, Facebook Messenger, etc.)
• Browser History
• Call Logs
• Pictures and Videos
• Location Data
• App Specific Data
• Active and deleted content

If you are looking to recover deleted data from the device, there are some factors that can limit the capabilities of recovery. The number one limitation is the make and model of the device. If the forensic tools used do not have support for the type of device, the likelihood of recovering data is limited. Another major contributing factor is the length of time that has passed since the content has been deleted and the amount of new data that has been written to the device since deletion.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, Enterprise Security Magazine released an article detailing the various branches that are encompassed by the term digital forensics. The article focuses on five topics within the term digital forensics, mobile device forensics, database forensics, computer forensics, network forensics, and forensic data analysis. While the article does not go too in-depth on the topics, it gives the reader a general overview of the topic and term, as well as provides the reader with some of the data of interest respecting the topic area.

If you are not familiar with what digital forensics is or what type of work can be performed on various electronic devices, this article is a great starting point and should be able to give you a quick glimpse into what potential evidence can be recovered or found. If you would like to know more about specific topics relating to digital forensics or digital forensic evidence, let us know.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The importance of digital forensic examinations has grown immensely in the past years alongside a growing need for forensic technologists that are suited to perform the analysis. A backlog of around 200 cases involving digital evidence has accumulated at the Virginia Department of Forensic Science as the Department battles staffing issues while attempting to complete examinations in an reasonable amount of time.

WUSA9 has reported that a years-long backlog of casework may be “delaying justice for victims” in criminal investigations.

The article highlighted the story of Basil John Chuppa, who was accused of strangulation and sexual battery. When he received a guilty conviction, investigators wanted a forensic analysis performed of Chuppa’s cell phone to determine if there were additional victims. His device was sent to the Forensic Science office in Richmond and has yet to be examined. Cases involving murder, arson, and drug investigations are some of the additional cases involving electronic evidence that are still waiting to have the devices analyzed.

The accumulation started when the staffing for the Department was insufficient. Now, the Department has all positions filled and is currently working to catch up with the large backlog.

When it is determined that cases will include digital evidence, it’s important to move quickly to have the evidence examined all while being sure to follow best practices.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The New York Times recently published an interesting piece on public defenders and their access to digital evidence and forensic expertise. The article highlighted how “the deck often is stacked against defendants” when it comes to technology. One of the organizations profiled in the write-up was the New York Legal Aid Society, a large Public Defender’s office in New York City. In order to better defend their clients, the Society built their own Digital Forensic Lab and equipped it with some industry standard devices and software from Cellebrite, Guidance software and Magnet Forensics. This was done at a cost of approximately $100,000, a price tag that is simply out of reach for most Public Defender offices. (Licensing fees will continue to accrue on a regular basis, believe us) To put that into perspective, the Manhattan district attorney’s office also recently built a forensics lab for around 10 million.

The information gained from performing digital forensic analysis can be invaluable for public defenders as they assist clients in assembling a defense. Having the opportunity to review the data from client or witness devices also allows them to better assess the strengths and weaknesses in a case. Without an independent forensic analysis, public defenders are often left to review reports provided by the government’s examiners but if there is a device of interest that was not analyzed by law enforcement or a data type that was not parsed by the government in many cases they are simply out of luck. The evidence might exist online or even on a mobile phone they can hold in their hand but they cannot access it without a forensic examination. At Sensei we often work with public defenders at the state and federal level and are cognizant of their financial constraints so we offer them a lower hourly rate.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Getting suspects to willingly unlock their devices may have just gotten a lot harder, at least in Pennsylvania.

When Joseph J. Davis was accused of the possession of child pornography and was asked to provide the password for his computer, he refused. The case went all the way to the PA Supreme Court where a 4-3 decision found that disclosing a password to the police is considered “testimony” and is protected by the Fifth Amendment.

Justice Debra Todd mentioned that “revealing a password is testimonial as it’s a ‘verbal communication’ that reveals your mind, not just a physical act like providing a blood sample.”

Electronic communication advocacy groups such as the Electronic Frontier Foundation approved of the decision, and wrote a friend-of-the-court briefing. The group shared that “people store a ‘wealth of deeply personal information’ on their devices, and that the government shouldn’t force people into a ‘no-win situation’ where they either have to reveal everything or resist a court order.”

This decision may be part of a growing trend. So far, similar decisions have been handed down in New Jersey and Indiana.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

On November 14, 2019 the William Hargrove trial displayed electronic evidence during court testimony, as reported by the Corvallis Gazette-Times.   William Hargrove is being charged with the murder and identity theft of Anna Repkina, in addition to two counts of theft. Repkina met Hargrove online and then came to the U.S. from Russia. The two rented an apartment in Corvallis and reportedly had plans to get married. On April 17, 2017 Repkina was found dead on a logging road after being fatally shot.

The prosecution alleges that Hargrove murdered Repkina to appease his married lover, Michelle Chavez. The defense insists that Chavez killed Repkina, not Hargrove. Chavez has not been charged with any crime. The first witness in the trial was Rhiannon Demings, a forensic analyst for the Eugene Police Department, with special training in video evidence. Additionally, Detective Christopher Dale from the Denton County Sheriff’s Office testified to digital forensic evidence. Dale examined 36 electronic devices in the case, including cellphones from Hargrove and Chavez, and Hargrove’s computer. Financial records from Repkina’s bank accounts were also obtained.

Most of the testimony from Detective Dale was focused on financial records from the time frame of interest. Records show that there were transactions made from Repkina’s accounts on the day in question, video footage of the accused was also provided, some of which show Hargrove making transactions. Additionally Det. Dale examined cellphones for location data, which put Hargrove in the vicinity of a Chase Bank around the time a transaction was made. He also testified to the fact that location data from Chavez’s cellphone appears to place her at her mother’s house. The trial is ongoing.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The UK Ministry of Justice is in the process of setting up a new digital forensics unit to examine seized mobile devices from prisons, according to John Oates of The Register. A 100 million pound investment is leading to increased security, which will hopefully lead to the seizure of more contraband devices. Claims of inmates using technology to access dark web sites, social media and send encrypted messages have arisen, with the improved security aimed at preventing these things.

This new digital forensics lab is reported to have the latest cutting-edge technology and aims to identify more prisoners who are using mobile devices while behind bars. One of the goals of the unit is to see how prisoners are using these devices and what potential role the device use has on criminal activity outside of prisons. The Register reports that yearly there are more than 20,000 phones seized from prisoners and approximately 1 in 3 phones are smartphones.

Additionally, the increased security investment will allow for prisons to have devices such as metal detectors, airport-style scanners, and phone blockers. The goal is to help crackdown on the criminals that continue to act criminally while incarcerated. In addition to increased security a 2.5 billion pound budget is being spent to increase prison capacity as well as create more modern and efficient jails, to aid in rehabilitation and reduce recidivism.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

KSHB, a local news channel in Kansas City, Missouri, recently gave us all an interesting look into the world of the FBI’s digital forensic capabilities. To put their story together, they spoke with Sarah Lucas, the director of one of the FBI’s Regional Computer Forensics Laboratories. Ms. Lucas shared that along with the equipment stationed in the lab the FBI has vans fitted with enough high tech gear to conduct forensic preservations and analysis in the field.

The article described the van as “a lab on four wheels with five computers inside”. Lucas went on to explain that the examiners are working on all types of cases including homicides, gang activity, corporate hacking and crimes against children. The mobile lab allows the FBI’s examiners to take their equipment to the crime scene and quickly turn around devices once preserved, protecting user’s data while still collecting all the evidence needed to help solve crimes. 

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a recent write up on jdsupra.com, a California Judge has denied a motion requesting the modification of a discovery order which grants Apple the authority to have full forensic images made of 10 iPhones. The plaintiffs made the motion as a response to concerns about the private data that would be included in a full forensic image of their devices. This data includes content such as photos, text messages, contact lists and passwords. Instead the plaintiffs requested that the scope of discovery be narrowed to include only “limited diagnostic data”. Counsel for Apple maintained that full forensic collections would be necessary for their case.

In the end the court denied the plaintiffs motion. The court found instead that because the plaintiffs “put the performance of the devices at the center of the lawsuit” and that because the order requires a neutral third party create the images and conduct the performance testing, any privacy violation was significantly lessened.   

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Police have obtained a search warrant for any recordings that occurred on multiple Alexa-enabled devices found in an apartment where a death occurred. As reported by TechSpot, police are hoping the recordings obtained during the timeframe of the incident will provide assistance in determining accidental death versus murder.

The 32 year old victim, Silvia Galva, was impaled with a 12-inch blade after an altercation with her boyfriend Reechard Crespo. Mr. Crespo claims the death happened as a result of him trying to drag Ms. Galva off his bed, and Galva grabbing a spear with a 12 inch blade attempting to stop herself from being pulled. He says the spear broke and impaled her chest. Crespo claims he pulled the blade out in an attempt to save her life but Galva died from the injuries.

This is not the first time police have requested data from Amazon’s Echo device in order to assist in a murder investigation. Amazon has stated their devices do not record unless they hear the work word “Alexa.” While chances are slim, the device may hold recordings vital to solving the case.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics