A 12-year-old boy was pronounced dead in an Indiana hospital on May 24, CNN reports. The boy, Eduardo Posso, showed signs of prolonged abuse, neglect and starvation. Investigators from the Monroe County Sheriff’s Office, looking into the child’s death, found quite a bit of electronic evidence relevant to the investigation on both the father and stepmother’s electronic devices.

Through a probable cause affidavit, investigators found a video on the stepmother’s phone depicting the young boy restrained in a hotel bathroom. Investigators also uncovered pertinent text messages from the father’s phone, as well as a selfie of the Father with his son restrained in the bathtub. The two parents are alleged to have monitored the child remotely via video when they left the hotel room.

Along with the electronic evidence, investigators also retrieved cords, chains, restraints, and an electric shock collar underneath the bed in the hotel room. The boy’s father and stepmother are currently being held in the Monroe County Correction Center on $500,000 bond, and the three other children have been placed in the care of Child Protective Services (CPS).

Eduardo’s mother, who lives in Florida, was unaware that his father and stepmother had moved out of the state. She is encouraging others to speak up about child abuse after what has happened to her son.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The attorney for actor Kevin Spacey has asked the court for a swift trial, stating his client is “suffering” while the case plays out. Kevin Spacey is facing criminal charges for allegedly groping a young man in a Nantucket bar back in 2016, and with it, up to two-and-half years in prison. The Judge has tentatively said the earliest trial date that can happen is in the fall. Further complicating the matter, in a recent motion filed by the Defense, they allege that the accuser deleted messages from his cell phone that support Spacey’s claim of innocence.

The prosecution disagrees with the claims and stated they already have an arrangement to provide the defense with a copy of the information extracted from the cell phone.

Complicating efforts are statements from the boy’s mother who told police that she removed information from her son’s cell phone regarding “frat boy activities” prior to turning it over in 2017 for analysis. There are screenshots of conversations between the victim and his girlfriend that were provided to the police but are no longer on the device.

Spacey’s counsel has requested physical access to the cell phone in an attempt to recover additional deleted messages. It’s unclear what type of phone is involved or if deleted content has already been turned over by the prosecution in their report.

The Judge will rule on the defense’s request at a later date.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Within the digital forensics realm, it’s not uncommon for us to be asked whether or not we can determine if a photograph or image is fake or has been altered from its original state. Typically, the first place we look to analyze is the internal metadata of the file to determine if any of the values have been added, altered or been updated. Faking images is only getting easier to do, especially by the average user.

So, how do we combat this problem? Researchers at New York University’s Tandon School of Engineering recently authored a study – “Neural Imaging Pipelines – the Scorge or Hope of Forensics?” The basis of the study is that machine learning can be used to spot fake photos and suggests the detection method be included right into the source – the camera.

Essentially, every photo taken has a digital watermark to determine its authenticity, akin to a chain of custody, that can be used to determine whether the content is authentic. There is a lot of advanced technology in this study, including the usage of “neural imaging pipeline” that learns to include artifacts onto high-fidelity images during the processing of the image.

There are a couple of potential roadblocks to replacing well-established digital imaging technologies, and the foremost is whether camera manufacturers will employ photo processes using machine learning and the “neural imaging pipelines” needed to digitally watermark photographs during the imaging process.

There is a clear need to develop better processes to determine the authenticity of an image or photograph, but you can be sure the bad guys will figure out a way to circumvent the new technology.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

On May 17, 2019, a former CIA case officer was sentenced to 20 years in federal prison for transferring information to an agent of the People’s Republic of China (PRC). Kevin Mallory, of Leesburg, Virginia travelled to Shanghai to meet with an individual working for a Chinese think tank. Mallory quickly surmised that the individual was a Chinese intelligence officer working for the PRC Intelligence Service (PRCIS).

FBI investigators reviewed communications between Mallory and the Chinese intelligence officer on a Samsung Galaxy smartphone. Forensic analysis revealed numerous communications regarding classified information and that Mallory had succeeded in transmitting at least two documents to the intelligence officer. Communications about the documents were found as well.

Along with evidence recovered from his smartphone, evidence at the trial included surveillance video of Mallory at a FedEx store in Leesburg, Virginia scanning classified documents to a micro SD card. He paid the FedEx store to shred the physical documents, but after a search of his home, FBI agents were able to find the micro SD card containing the classified documents that he had previously scanned.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

A military prosecutor’s case may unravel after he purposefully sent an email infected with tracking software to the entire defense legal team.

The email, sent by Navy prosecutor Christopher Czaplak, tracks sent, received and forwarded email messages. The tracking software was sent to thirteen lawyers and paralegals involved in the Jacob Portier case. The email was also sent to a reporter with the Navy Times who had previously broken stories to the media regarding updates in the case. Previously, the Navy has acknowledged its investigation of document leaks in the case and it’s suspected the email tracking software was used in attempt to determine the source of the leaks.

The defense has demanded an investigation into the monitoring to determine who authorized the spying and what the limitations of the monitoring software are. Concerns have been raised that the tracking software is unethical and may have allowed access to other files on their computer systems and jeopardized confidential attorney-client communications.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

The CEO and owner of a Digital Forensics company (H-11 Digital Forensics) based out of Salt Lake City, Utah was arrested last June by the FBI as he attempted to board a flight to China. Ron Hansen was indicted on 15 counts of espionage and has since pled guilty to attempting to steal and deliver military secrets to the Chinese government. Hanson, a U.S. Army veteran and civilian contractor, previously worked for the Defense Intelligence Agency (DIA).

Evidence acquired by the FBI detailed communications, money transfers (no less than $800,000) and other interactions between Hanson and intelligence agents working for the Peoples Republic of China (PRC). The report states that he began communicating with Chinese intelligence officials starting in 2014 and was able to use contacts in the intelligence community to gather information to pass along to the Chinese. The FBI was able to recover electronic communications between Hanson and his American and Chinese contacts through digital forensic analysis of his devices and email accounts.

Sentencing for Mr. Hanson is slated for September 24. 2019 and he’s likely to spend at least 15 years in a federal prison for his crimes.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

A former contracted IT Specialist, has been sentenced to three years in federal prison, for hacking a previous employer according to a FBI press release. Mr. Edward Soybel illegally accessed the servers of W.W. Grainger Inc., based out of Lake Forest, Illinois back in late 2016. Soybel caused damage to the company’s automated inventory management program, which is responsible for secure access to products such as safety equipment. Soybel worked for the company as an IT contractor, until his termination at the start of 2016. He was found guilty and convicted on 12 counts and has been in custody since December of 2018, after he was found to have made threats of violence against law enforcement.

Soybel accessed the previous employer’s system through remote access using credentials from his previous coworkers. Once he gained access to the network, he started deleting information off of the information systems. Ultimately, Soybel was able to delete millions of records from critical databases and reset passwords of user accounts. The deletion of records caused critical outages and loss of data availability. Forensic evidence showed that Soybel carried out the attacks for a period of four months, starting in July of 2016. The damage cost the company close to $300,000 in responding to the cyberattacks.

What’s the lesson learned here? This company is no different than any other business. Users cannot share passwords and must be forced to reset them periodically. Server and network device logs must be retained longer than the default values, and were critical in the forensic investigation.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Riverhead Justice Court in New York is realizing its technological limitations with digital data, and new legislation is demanding change.

Riverhead Justice Court officials have begun the installation of Wi-Fi into the courthouse to comply with the new legislation, known as CPLR 4511. This new state law “expands the admissibility of all digital evidence in courts such as images, maps, locations, distances, or other information taken via tools such as web mapping or global image services.” Since attorneys tend to use tools such as Google Maps and web mapping services to find visual information for locations involved in legal cases, the law could allow for any objection to use such information to be overruled as long as the information “fairly and accurately depicts the evidence presented,” most often testified to through the usage of a digital forensics expert.

The additional bandwidth will allow attorneys and digital forensics experts the ability to present or stream data stored online, and the law aims to help the court comply with new state mandates regarding digital evidence in court proceedings.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

CBS13 of Sacramento has reported that an administrator in the Valley State Prison system was using his state-issued, work computer during business hours to watch and access thousands of YouTube videos. State investigators reviewed the employee’s internet usage and found that within a ten-month period, the employee spent “more than minimal or incidental time viewing YouTube content.” The administrator, using his admin credentials, was able to bypass security measures in place intended to prevent users from accessing certain websites.

It is reported that from September of 2017 to June of 2018, the employee accessed at least 2,256 YouTube videos on the work computer. Based on this volume, the administrator likely had not been clearing the browser history, which even if done, may have still been recoverable. This is a classic case of employee misconduct or misuse of work-related resources. CBS13 reports that it is currently unknown how long the administrator spent viewing YouTube videos. All major web browsers do not record how long a webpage is viewed or accessed.  However, based on the volume and frequency between page visits, it is claimed that the person in question spent all day, every day during this time period, watching videos on YouTube. On one of the days, forensic analysis has found that the administrator accessed a total of fifty-five videos in one day that were unrelated to his duties. The employee in question retired before any disciplinary action was pursued.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Harassing phone calls and text messages can be a real problem. This type of harassment is sometimes simply a minor source of annoyance, but all too often can be very unsettling and frightening to victims. In an extreme case out of Arizona, a woman has been accused of flooding an unidentified man’s phone with over 159,000 text messages.

What started this barrage of text messages? A single date.

Jacqueline Ades met the victim on an online dating website. There was never a second date.

Over the course of the next several months, Ades sent the man over 159,000 text messages, at a rate of over 500 messages a day. She is further accused of stalking and breaking into his home while he was on vacation. The break-in was caught on security cameras and when the police arrived, they found Ades taking a bath. She told the police that she wanted to make sushi with the man’s kidneys and take a bath in his blood.

Unsurprisingly, she was taken into police custody. Details regarding the matter only get more peculiar, and include a claim of abduction by Walt Disney (who died in 1966).

At a hearing this past January, Ades was deemed mentally incompetent to stand trial and is now being held while she is placed in a Restoration of Competency program.

While this is an extreme example of harassment, it does happen. There are steps a user can take to help prevent, limit or stop altogether ongoing harassing messages, including blocking the cell phone number, using carrier provided tools to assist with blocking content, or even installing apps such as Mr. Number.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/