Don Reid of The Daily Reporter reports that two Branch County (MI) men were arrested after evidence to plan and commit crimes was discovered on their cellphones. In response to a break in on January 12 at the America’s Best Car Wash, Quincy Police officer Estrada noticed that the door had been forced open. Through the use of a K-9 unit, the police were able to locate a parked car where Joshua Montgomery and Ray Hyde were found. Police discovered each man possessed a glass pipe which tested positive for meth. The car belonging to Montgomery was searched and additional drug paraphernalia was found as well as a bag containing 6.4 grams of meth. Montgomery admitted to selling meth and originally denied knowledge of the break in. Police seized the phones of both men on the scene. Analysis of the devices turned up evidence in text messages of the two planning several break ins to take money from businesses. A computer was also examined in the case where evidence was found that there were plans to travel to Battle Creek, MI to pick up drugs.

Montgomery was charged with possession with intent to deliver and using a computer to commit the felony, which both carry a term of 20-years. Additionally, he was charged with using a computer device to plan break-ins, conspiracy to break and enter a building, possession of burglary tools, and breaking into the car wash, all the charges carrying terms of 10-years. Prior convictions on Montgomery’s record could lead to a term of life in prison.

Hyde was charged with possession of meth, using a computer device to plan break-ins, conspiracy to break and enter a building, possession of burglary tools, and breaking in to the car wash, all which carry 10-year terms. Hyde was also charged as a habitual offender due to prior convictions of child abuse and possession of a firearm in commission of a felony, doubling his penalty.

Bond for both men was set at $100,000 each.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The city of West Des Moines Iowa has been experiencing serious issues with its servers and network recently. Reports indicate these issues are the result of an attack specifically designed to damage civic operations.  When the attack was first discovered, reports say that staff immediately shut down the network. This undoubtedly caused significant headaches for not only city employees but also citizens, vendors and contractors. With the network shut down, computer forensic investigators and cyber security experts were called in to investigate the attack. Law enforcement and the FBI have also been notified. While the network is reported to be back up and running now, it seems to be operating at a diminished capacity as a press report indicates “email may not be working consistently for all city staff or elected officials.”   

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Currency exchange company Travelex has recently fallen victim to a ransomware attack demanding a payment of 3 million dollars. Visitors of Travelex.com are greeted with a press release detailing the attack, alongside the steps the company is taking to get back up and running.

According to The Guardian, the hackers responsible for the attack are threatening to release personal information belonging to Travelex customers. This information is said to include social security numbers, dates of birth, and payment information.

The attack occurred on December 31^st, when Travelex discovered certain data from their systems had been accessed and ultimately encrypted. Upon discovery of the intrusion, Travelex took all their systems offline to prevent further unauthorized access. There is currently no evidence suggesting the encryption or exfiltration of customer data, however the situation is currently still under review. Travelex has hired a forensic team to assess the current extent of the virus and assist in getting their systems up and running.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to CloudNine, a Florida judge has issued a motion for inspection of a laptop belonging to a group of defendants for the second time. The defendants objected to the initial request, but were met with the same outcome as the judge held that a forensic examination was warranted.

The case, HealthPlan Servs Inc. v Dixit et al, involves copyright infringement and a breach of contract. Initially, the court required the defendants to turn over the hard drives in question to their attorneys and have the plaintiff designate an expert to examine them. When the defendants objected to the request for a forensic examination, the plaintiff contended the defense lacked an adequate reason to avoid an expert selection, and the refusal might constitutea way to cover up possible evidence spoliation.

The judge ordered that the laptop be examined in order to obtain specific metadata information from files of interest, citing that the metadata would not be available if provided in a PDF format.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Law.com has addressed the growing issue courts are facing in their article “Cyber Breach Forensic Reports: Is Your Report Discoverable?”  (sub. req.)

The article highlights the increasingly possible scenario of a firm encountering a data breach and hiring a forensic firm to perform an examination of the company’s information systems. Often,when the examination is complete, a findings report will be issued containing specific information including details of how the incident most likely occurred. This brings up a potential issue, whether or not the report is available to an opposing party.

Companies are likely to want to maintain control of forensic reports because of the potential value they could offer to a plaintiff. If a vulnerability within the information systems of a firm is highlighted in a forensic report’s findings, it is possible the company may have failed to maintain best practices to protect their data security. This type of negligence may result in a breach of protecting valuable client information.

The court system has held that forensic reports are often protected by attorney-client privilege. However, it is important to not accidently waive that privilege. If the report, or information contained in the report, is voluntarily shared with a third party, the report would likely fall into discoverable territory. It is suggested that attorneys consult directly with the forensic firms when discussing the matter and any work product materials.

If a report must be produced to a third party, such as insurance carriers, auditors, or affiliate companies, there are a few measures attorneys can take to make sure the work product protection is not waived. These measures include redacting unnecessary information from the report as well as signing a confidentiality agreement with the receiving party.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Text messages presented in a Calgary court case may result in a guilty verdict for a father accused of killing his daughter due to an impaired driving accident, Calgary Herald reports.

Meghan Bomford sent text messages to her mother before she was killed in a 2016 car accident. The nature of the text messages point to her father driving erratically, and ultimately causing a Jeep Liberty SUV to lose control, crash into the median, and eject all three passengers. A blood test performed at the hospital determined Mr. Bomford had alcohol in his system when the collection occurred.

The judge has stated “proof of the identity of the driver rests with the admissions (Mr. Bomford was the registered owner of the vehicle) and text messages.”

Digital forensics often plays a crucial role in determining additional information from the scene of an accident. Artifacts such as text messages, web browser history, and location services can hold a wealth of information regarding the specifics of the incident.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

If you’ve ever wondered what mobile device forensics is, the goal of this post is to inform you about the basics of analyzing mobile devices and what you can expect to be retrieved from them.

Mobile device forensics refers to the collection and analysis of digital evidence or data from a mobile device such as a cellphone, smartphone, or tablet. As their availability has increased significantly, mobile device casework is more common than ever.

Mobile devices often provide the convenience to send and receive information from virtually anywhere in the world, allowing them to contain huge amounts of personal data.  The type of evidence that can be retrieved often depends on the make and model of the device.   

In general, the types of evidence that can be found on mobile devices includes:

• Messages (SMS/MMS, iMessage)
• Third Party Messaging Apps (Kik, Whatsapp, Facebook Messenger, etc.)
• Browser History
• Call Logs
• Pictures and Videos
• Location Data
• App Specific Data
• Active and deleted content

If you are looking to recover deleted data from the device, there are some factors that can limit the capabilities of recovery. The number one limitation is the make and model of the device. If the forensic tools used do not have support for the type of device, the likelihood of recovering data is limited. Another major contributing factor is the length of time that has passed since the content has been deleted and the amount of new data that has been written to the device since deletion.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, Enterprise Security Magazine released an article detailing the various branches that are encompassed by the term digital forensics. The article focuses on five topics within the term digital forensics, mobile device forensics, database forensics, computer forensics, network forensics, and forensic data analysis. While the article does not go too in-depth on the topics, it gives the reader a general overview of the topic and term, as well as provides the reader with some of the data of interest respecting the topic area.

If you are not familiar with what digital forensics is or what type of work can be performed on various electronic devices, this article is a great starting point and should be able to give you a quick glimpse into what potential evidence can be recovered or found. If you would like to know more about specific topics relating to digital forensics or digital forensic evidence, let us know.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The importance of digital forensic examinations has grown immensely in the past years alongside a growing need for forensic technologists that are suited to perform the analysis. A backlog of around 200 cases involving digital evidence has accumulated at the Virginia Department of Forensic Science as the Department battles staffing issues while attempting to complete examinations in an reasonable amount of time.

WUSA9 has reported that a years-long backlog of casework may be “delaying justice for victims” in criminal investigations.

The article highlighted the story of Basil John Chuppa, who was accused of strangulation and sexual battery. When he received a guilty conviction, investigators wanted a forensic analysis performed of Chuppa’s cell phone to determine if there were additional victims. His device was sent to the Forensic Science office in Richmond and has yet to be examined. Cases involving murder, arson, and drug investigations are some of the additional cases involving electronic evidence that are still waiting to have the devices analyzed.

The accumulation started when the staffing for the Department was insufficient. Now, the Department has all positions filled and is currently working to catch up with the large backlog.

When it is determined that cases will include digital evidence, it’s important to move quickly to have the evidence examined all while being sure to follow best practices.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The New York Times recently published an interesting piece on public defenders and their access to digital evidence and forensic expertise. The article highlighted how “the deck often is stacked against defendants” when it comes to technology. One of the organizations profiled in the write-up was the New York Legal Aid Society, a large Public Defender’s office in New York City. In order to better defend their clients, the Society built their own Digital Forensic Lab and equipped it with some industry standard devices and software from Cellebrite, Guidance software and Magnet Forensics. This was done at a cost of approximately $100,000, a price tag that is simply out of reach for most Public Defender offices. (Licensing fees will continue to accrue on a regular basis, believe us) To put that into perspective, the Manhattan district attorney’s office also recently built a forensics lab for around 10 million.

The information gained from performing digital forensic analysis can be invaluable for public defenders as they assist clients in assembling a defense. Having the opportunity to review the data from client or witness devices also allows them to better assess the strengths and weaknesses in a case. Without an independent forensic analysis, public defenders are often left to review reports provided by the government’s examiners but if there is a device of interest that was not analyzed by law enforcement or a data type that was not parsed by the government in many cases they are simply out of luck. The evidence might exist online or even on a mobile phone they can hold in their hand but they cannot access it without a forensic examination. At Sensei we often work with public defenders at the state and federal level and are cognizant of their financial constraints so we offer them a lower hourly rate.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics