The Internet allows for anonymity when connecting with users around the world. When that capability is abused, digital forensics may be used to assist in determining the identity of the person behind the keyboard. In the case of Rahul Joshi, a forensic investigation led to his arrest for sending threatening messages using an anonymous profile, the FBI reports.

The case began in December of 2018 when federal law enforcement agents received a complaint from a female Snapchat user, who had allegedly been receiving threatening messages across multiple applications from various users that all seemed to be connected. After further investigation, multiple victims across multiple states were discovered to have been experiencing the same situation.

Law enforcement began their investigation by analyzing the threatening messages. When using digital forensics software, it is possible to determine additional information that is not contained in the eye-level message content. Often, it is possible to determine location data, dates and times, and user profile information. After a thorough examination, the messages were traced to Rahul Joshi, a former student at the University of Texas now living in Richardson, Texas.

According to investigators, the victims in the case were subjected to daily harassment and were living in a constant state of fear from the messages that were being sent. The content of the messages are currently unknown; however, U.S. Attorney Joseph D. Brown commented on the severity of the messages: “these were extreme messages, and no one should have to put up with that kind of nonsense.” If convicted, Joshi could face up to five years in federal prison for the crime.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Digital evidence is at the forefront of the Grant Amato Murder Trial, as reported by FOX 35 Orlando. Defendant Grant Amato is accused of killing three family members in January of this year. The cause of the murders stemmed from a dispute involving a large sum of money Mr. Amato paid to an online webcam model. During trial, the prosecution alleged that after the three murders, Amato copied files from his computer to a USB flash drive in an attempt to hide evidence.

The USB drive contains pictures of a Bulgarian webcam model identified as Silvie. Amato is said to have spent around $200,000 on the relationship that he had with the model. Mr. Amato’s mother, father, and brother confronted him about the online relationship. Initially, Amato agreed to cut ties with the model in order to continue living at the family residence. When contact with the model continued, it is alleged that Amato killed the family members after they tried again to end the relationship.

Digital forensic investigator Geraldine Blay, employed with the Seminole County Sheriff’s Office, testified that the USB drive was plugged into Mr. Amato’s computer around 11:30PM on January 24^th, the same evening of the murders. Additionally, it was determined one of the victim’s phone was plugged into the computer belonging to Mr. Amato and later put into recovery mode. Ms. Blay believed this was an attempt to factory reset the device.

On July 31^st, 2019, the jury reached a verdict of guilty on all three counts of murder, after deliberating for more than eight hours. The sentencing phase begins on August 12^th, with Amato facing the death penalty or life in prison.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Researchers at Check Point Software Technologies LLC, have identified a new variant of malware for Android devices, that they have called “Agent Smith.” The application is reportedly disguising itself as Google related applications. It appears to be that most of the victims of the malware are located in India or other Asian countries, but a number of infected devices in the U.S., U.K., and Australia have been reported as well.

Researchers have determined that the malware is currently acting to display fraudulent advertisements for financial gain. However, the malware could be used for more intrusive or harmful purposes. The malware has the ability to hide its icon from the user as well as impersonate existing user applications. It is reported that the malware can infect smartphones that have been updated past Android v.7.

This version of malware has the ability to infect other predetermined common applications that could be on the device, by checking the installed applications. Applications such as WhatsApp, MXplayer and more may be potentially exploited by the malware. The malicious application was originally downloaded from a third-party app store called 9Apps. Many third-party app stores lack security measures to check apps on their store for malicious payloads.

Check Point recommends that if you suspect you have downloaded an application that could contain the “Agent Smith” malware, immediately navigate to your device’s application manager and uninstall the application. If you are unable to find it, they recommend uninstalling all recently installed applications. It is also recommended that you keep your device up to date with the latest version of the operating system available as they frequently release updates and patches to fix known vulnerabilities. As a reminder, experts suggest that you only download applications from trusted sources.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The Mueller report produced in March, which totals 448 pages, is continually being analyzed and broken down. An article written by Kevin Collier details the use of encrypted messaging applications used by the parties investigated by Mueller and his team, and what that meant for the investigation.

Collier’s article details how Mueller and his team were able to gain access to some conversations/communications by obtaining the proper legal documents to seize and examine some of the recipients’ devices. One of the issues that Mueller and his team encountered was that several of the secure messaging applications used do not retain messages for an extended amount of time unless the user chooses to save them. It was discovered many communications during the timeframe of interest were deleted, along with any potential backups.

Encrypted messaging applications such as WhatsApp and Signal can be difficult to recover existing communications from let alone deleted communications. These applications utilize the Signal Protocol, which ensures that communications are sent and received in an encrypted format. These applications also allow for the user to delete their message history, individual chats, and single or multiple messages in a thread, all while storing the information on encrypted databases on a device. In some cases, decrypting the databases is possible but highly unlikely without the proper decryption key.

Without the communications to back up stories relayed to the special counsel and investigators, there was not much that could be done to prove if what they were being told was accurate or not. A quote from Mueller’s report, detailing communications between former White House Chief Strategist Steve Bannon and American businessman Erik Prince reads: “The conflicting accounts provided by Bannon and Prince could not be independently clarified by reviewing their communications, because neither one was able to produce any of the messages they exchanged in the time period surrounding the Seychelles meeting.”

One of the methods that we employ when attempting to recover or retrieve communications that occurred through encrypted messaging applications is to analyze potential backups that were made. The capabilities to generate a backup of messages vary depending based on the messaging service used.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The highly publicized Kevin Spacey trial concluded last week with prosecutors dropping all charges against the actor.

Spacey faced criminal charges of indecent assault and battery in an accusation that the actor groped a young man at a Nantucket bar in 2016. Text messages and videos were presented by the accused to corroborate the claim and ultimately resulted in felony charges brought against Spacey.

During pre-trial hearings, it was determined the mother of the accuser had deleted pertinent information from the cell phone prior to a forensic examination being performed by the police. A voluntary admission from the mother allowed the defense team direct access to the accuser’s phone contents to examine the device for deleted messages. When attempting to retrieve the phone from the prosecution, it was pronounced “irretrievably lost” and not able to be turned over. The accuser’s family alleged they could not remember if the police department had ever returned the phone after the examination. When questioned, it was discovered the police department responsible for the examination did not maintain a chain of custody form documenting the change of possession and had no signature to verify the return of the device to the accuser’s family.

Without access to the physical device, defense attorneys compared the forensic report to the screenshots of the messages that assisted in the felony charges brought against Spacey. A comparison concluded that important parts of the conversation were deleted before the phone was turned over to investigators.

During the accuser’s testimony, he was asked directly if he was aware it was a crime to delete evidentiary data from a device in a criminal trial. The accuser’s response stated that he was not aware of that. A short recess followed, after which the accuser decided to invoke his Fifth Amendment rights to protect against self-incrimination and subsequently declined to give any further testimony. Nantucket District Court Judge Thomas Barrett stated he was unsure how the case would continue without testimony from the key witness.

Dealing with a crumbling case, prosecution attorneys decided to drop all charges against Spacey last week. Some very important topics in digital forensics and proper evidence handling arose from this story. Not maintaining a proper chain of custody form and evidence tampering highlight the importance of using best practices and applying proper documentation when handling electronic evidence. This is how cases involving digital forensics are lost and won.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

A blog post from Google has confirmed that recordings from devices enabled with Google Assistants have been leaked online. The data leak raises privacy concerns about the use of virtual assistants, increasingly being integrated into “smart homes” worldwide.

The Google Assistant software comes pre-installed on Google Home, Nest Thermostats and other smart devices. Any recordings obtained from the device are subject to review from Google contractors, which monitor the recordings to assist in developing and improving the speech recognition technology. Google addressed the steps used to protect user data during the review process and stated: “Language experts only review around 0.2 percent of all audio snippets. Audio snippets are not associated with user accounts as part of the review process, and reviewers are directed not to transcribe background conversations or other noises, and only to transcribe snippets that are directed to Google.”

Consumers weary of the audio reviews performed may want to avoid Google Assistant devices altogether with the news that some recordings reviewed by contractors have leaked. A party in possession of the leaked files described the recordings as “bedroom conversations, conversations between parents and their children, but also blazing rows and professional phone calls containing lots of private information.”

The possibility of strangers listening in on your private conversations have some thinking twice about employing this assistant. If data privacy is a concern, it is possible to disable the software within the settings of your specific Google device.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Kelcie Miller, 26, previously worked for the Madison County Public Defender’s office as an attorney, despite failing the bar exam twice, from October 2018 to May, 2019. Her legal carrier is now over.

After six months on the job, Ms. Miller was terminated because she was not the licensed attorney that she claimed to be. A court reporter double-checking the spelling of the attorney’s first name against a state list of licensed attorneys noticed made the discovery and reported the discrepancy.

Ms. Miller has been charged with felony theft, false impersonation of an attorney and forgery. The authorities investigating the case have collected computer evidence of a forged law license used by Ms. Miller. Officers were able to obtain a search warrant in May and took possession of several items used by Ms. Miller during her employment with the Madison County government, including a cellphone.

The Telegraph reports that forensic analysis of web browser history was performed and identified several searches for “practicing law without a license,” a log-in to the Illinois Attorney Registration and Disciplinary Commission website, and an image of a fellow attorney’s ID card. It is alleged that Ms. Miller asked attorney Daniel Harrow for a photo of his ID card so that she could show her mother a picture of what the ID card looked like. The computer evidence showed that a fake ID card image was created on May 20, 2019 which is the same day that Madison County Public Defender. John Rekowski confronted Miller about her credentials.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

As we wrote on June 4, actor Kevin Spacey and his attorney made spoliation claims against the accuser. This week,  NBC News reported that the accuser has invoked his Fifth Amendment right in regards to testifying about the missing cellphone evidence. Counsel for the accuser told Judge Thomas Barrett of the Nantucket District Court that they have been unable to find the missing phone.

While on the stand, the accuser stated that he had not altered or deleted potential evidence on the phone in question back in 2016. Spacey’s defense attorney, Alan Jackson, reminded the accuser that altering evidence is a felony.

In response to the invocation of the Fifth Amendment, defense counsel argued that the entire case should be dismissed. As of now, Judge Barrett has not dismissed the case but did mention that the case could be dismissed due to the sole witness invoking his Fifth Amendment rights and not being able to testify. The judge set the next hearing for July 31.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Video from surveillance or CCTV systems can be a make or break component of a matter. Video recorded from an Oklahoma woman’s security system will likely take center stage as she deals with a charge of second-degree arson and discharging of a firearm into a dwelling.

As reported by KLTV, when fire investigators arrived at the scene of a condemned house fire in Del City Oklahoma, they were alerted of an ongoing feud between the owners of the home and their neighbor. A video surveillance system was noted on a neighboring residence and the device was taken into custody for review. The city police department’s computer forensic investigators were able to extract video from the system that showed the owner of the device shooting a pistol into the home over the fence that separates the properties.  The video goes on to show the woman throw a flaming bath towel into an open door starting the blaze. Luckily the home was vacant at the time of the fire, but hardly a neighborly thing to do!

These days, surveillance systems are popping up almost everywhere as their cost drops and home and business owners opt to install the devices. Digital video surveillance systems share more in common with modern computers than their VHS tape-based predecessors. Because of this, many of the digital forensic techniques Sensei uses to analyze computers can also be applied to these machines. We are able to extract and authenticate data from almost all systems and even attempt recovery of previously existing or deleted video.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The Cascade County Sheriff’s Office (CCSO) in Montana has just recruited a new member to their team, a furry, four-legged canine that will assist an electronic detection. The sheriff’s office believes that the addition of this new K9 unit will be extremely beneficial to the office as well as the community, KTVH reports. The K9 has been trained to find electronic evidence that could be pertinent to ongoing investigations.

The dogs main focus will be assisting the CCSO’s Internet Crimes Against Children (ICAC) Task Force, and assisting a detective in finding electronic devices, which can be extremely small and hard to find. The K9 has been trained to detect a chemical that is found in electronic devices. The chemical is located in standard device such as SD cards, micro SD cards, and laptops.

In many cases, electronic evidence is crucial, and having a dog that can help locate hidden electronic devices could prove extremely beneficial. Often, when searches for digital evidence are performed at residential and commercial properties, itcan be easy to miss evidence that has been concealed. Adding an additional layer of detection could prove beneficial to future search and seizure operations.

The CCSO is set to get their furry new friend in November, and hope to have the dog deployed on search warrant missions beginning in 2020.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/