Does Your Law Enforcement Agency Need a Hand?
Law enforcement has a difficult task in working with and dealing with computer forensic related cases. First they must deal with the computer and internet related crimes in their jurisdiction. This could be anything from card skimmers to child pornography, online scams, and other internet related crimes. Second, they must also offer support to non-computer related crimes. This list can be any major crime you can think of. Because computers and more specifically cell phones provide so much evidence, it is easy for any department including the FBI to get very backed up. It is not uncommon for the FBI, or even your local departments computer forensic examiner to be backed up months.
Making a Case for Outsourcing Law Enforcement Digital Forensics
As an partner and co-founder of Decipher Forensics, I can attest how expensive digital forensics can be. To understand this, let me break down the three pieces of what makes up digital forensics.
- Hardware. Hardware is at the backbone of what we do. If we didn’t have computers as well as specialized equipment such as servers, laptops, cables, write blockers, forensic duplicators and boot loaders we would not have much of a job to do.
- Software. Software makes everything possible. Certain software is designed to handle broad amount of data. Other software is designed to take on a specific task. Some software is designed for iPhones and some is designed for strictly looking for internet history or volume shadow copies. Others are designed to be a backbone piece of equipment meant to handle a little bit of everything. It is imperative to remember that only D.O.J. approved software and hardware be used when conducting examinations. It is easy to find low cost and free software that will in fact get the job done on cases, but testifying to the authenticity of that software can get your evidence thrown out of court quickly.
- Knowledge. Knowledge of computer forensic principles and practices, along with the knowledge of how to operate not only the hardware, but the software as well, rounds out the trifecta of computer forensics. It is the most important aspect of the three in my opinion. No single examiner knows everything. All examiners require training of various types. Training to understand how to conduct a solid digital forensic exam, as well as certification to the tools you are using. This is a constant challenge for examiners. Technology is always changing and updates to software are completely normal. Understanding how to examine between an iPhone and an Android are essential in doing an examination correctly. Attending seminars, webinars and training’s are all very helpful. The most important aspect though is just straight experience. You can learn something new on almost every case you work. You take that experience onto the next case and the next. You get the picture.
The next aspect to look at is the cost of having a forensic examiner. For some departments it makes perfect sense, for others it would never even be a possibility. Some departments fall right in the middle. Here is what to consider when looking to have your digital forensics in-house or outsourced.
Lab set up costs are a huge upfront expense. From enterprise grade servers and top of the line laptops to all of the needed cables and write-blockers the cost can easily exceed 80,000 dollars to just set up a small forensics lab. In our own lab, we have far exceeded that cost to date.
Software is another huge area of expense. With the average flagship forensic software costing between five thousand and six thousand dollars and mobile device forensics costing over nine thousand dollars this is just the start. Internet specific software can cost several thousand dollars as well. The costs can just keep going up and up to properly perform an examination.
Training and Salary. Training for an examiner should take place on an annual basis and should happen more than once a year. Most law enforcement officers typically get a grant and are sent to Alabama for three weeks for a crash course in digital examinations. On top of that you have certification training courses for Encase, FTK, IEF, Cellebrite, Green Lantern, X-Ways to just name a few of the top ones. Each of these classes can typically average five thousand dollars each.
Licensing Costs. On top of having to spend the upfront money on the software, you then have the annual cost of keeping up the software licensing. This can typically run a lab anywhere from eight thousand to twenty thousand per year.
Never Use One Tool for a Case. One of the most common mistakes I see in any type of case is only using one tool from an examination standpoint. If you are only using Cellebrite for mobile device examinations then you are missing evidence. This is not a knock on Cellebrite. We love Cellebrite, but when you rely on a single tool, you are missing evidence. For an example we had a simple case where we were asked to pull graphics off of a single smartphone. Cellebrite was able to carve and pull 366 graphics. We ran the image through another tool and pulled over 3000 useful graphics for this case. Never, ever rely on a single tool. If the defense attorney has his expert run the forensic image through another tool and they find evidence to exonerate the suspect, how will you look and how will you explain that?
This is where Decipher Forensics has assisted numerous law enforcement agencies from across the country.
Decipher Forensics has worked with various law enforcement agencies on numerous occasions. During our time in business we have performed examinations on cases involving homicide, missing persons, stalking, child exploitation, missing children, online solicitation of a minor, kidnapping to name several of our more notable cases.
We have worked with law enforcement agencies in Florida, Texas, Oklahoma, Illinois, Kentucky, Georgia and Utah. Decipher Forensics’ examiners have received training from The FBI as well as AccessData, Guidance Software,Cellebrite and The State of Idaho Criminal Investigations.
With the amount of cases that pile up on the desks of law enforcement computer forensic examiners, it is no wonder that a back log ensues. Depending on the law enforcement agency, that back log can exceed six months or more of waiting just to have a particular case enter into the beginning phases of the examination.
Typically Decipher Forensics can turn most law enforcement cases around in under two weeks or less. This makes us a viable option when time is of the essence, or questions need to be answered as fast as possible. We follow all standard protocol that one would expect in a criminal computer forensics case.
Co-Founder Mike Johnson testified in court for a successful conviction in the case listed below.
Joshua Karr, 32, of Allen, was sentenced to two life sentences for sexual assault of a child and online solicitation of a minor, announced Collin County District Attorney Greg Willis.
At trial, evidence showed that Karr and the 16 year-old victim communicated online constantly over the course of a year. Although the victim told Karr that she was 16, their online conversations became sexually explicit in nature. The jury reviewed skype chat logs showing Karr grooming the victim by calling her “wifey” and telling her how much he loved her, while becoming increasingly controlling and manipulative throughout their conversations.
On December 20, 2013, after the victim had a fight with her parents about her online conversations, Karr picked her up outside her school in Pasadena, Texas. He took her to his mother’s home in Allen where he hid her for two weeks. During that time, he had sex with her on multiple occasions. He also had her alter her appearance by removing her braces and dyeing her hair. As a result of investigations by the Pasadena Police, the Allen Police, and non-profit organizations, Karr was identified and, on January 3, 2014, the victim was found in his bedroom.
After the jury found Karr guilty, he agreed to life sentences for sexual assault of a child and online solicitation. The charges were enhanced because Karr, a registered sex offender, had previously been convicted for possession of child pornography and attempted aggravated kidnapping. Karr also pled guilty to additional charges of possession of child pornography and attempted escape from the Collin County jail.
Assistant District Attorneys Lauren Hopkins and Crystal Levonius prosecuted the case, assisted by District Attorney Investigator Stephanie Strickland. The case was investigated by Allen Detective Investigator Joe Anders. Judge Ben Smith presided over the case.
Another case that we are particularly proud of is this one below. We were not only able to catch this predator and help the Sheriff’s Department, but also uncover a much larger illegal operation in the process. Again our thanks to our Partner here at Decipher Forensics, Mike Johnson.
|ALASKAN MAN ARRESTED ON MULTIPLE CHARGES – MAY 16, 2014|
|Friday, 16 May 2014 15:15|
|On May 12, 2014 deputies with the Millard County Sheriff’s Office met the United States Marshall’s Service Airplane at the Salt Lake International Airport and took custody of Ryan Katchatag of Anchorage, Alaska. Sheriff Robert Dekker said his office received information during the past several weeks, Katchatag had been carrying on an online relationship with a teenage girl in Millard County. He (Katchatag) traveled to Millard County where his continued illegal activities resulted in: 1 count Felony Enticement of a Minor, 1 count Felony Forcible Sexual Abuse, 1 count Felony Forcible Sexual Sodomy, 11 counts of Felony Sexual Exploitation of a Minor and 5 counts Felony Rape charges along with a Misdemeanor of Supplying Alcohol to a Minor.An arrest warrant was obtained and forwarded to the Anchorage Alaska Police Department. Within hours, Katchatag was in custody in Anchorage. At Sheriff’s Dekker’s request, Katchatag was transported from Anchorage to Salt Lake City by the United States Marshall’s Service. Millard County deputies met the Marshall’s Service and took custody of Katchatag there. He is being held in the Millard County Jail on $200,000 cash only bail.
Evidence of crimes that may have been committed in other jurisdictions has been collected during the investigation and is being forwarded to the federal authorities with the Utah Internet Crimes Against Children Task Force as well as Alaskan authorities.Sheriff Dekker reminds everyone that there are predators online every day. He suggests parents be aware of their children’s online activity.
Decipher Forensics LLC 829 S. 220 E. Orem, UT 84058