How to Hack an iPhone: Brute-Forcing

1406355100gg2if

The FBI wants Apple to help it access the iPhone owned and used by the terrorists who killed 14 people in San Bernardino, Ca. last year. Apple has refused and, in fact, has challenged the request in court. The battle is ongoing.

But hacking into iPhones is not new to the government. Actually, they’ve been doing it for a long time, and the process is as simple as purchasing a $200 IP box that’s easily available on eBay. The device is simple to use—connect the phone to the box and it zips through every possible PIN combination until it unlocks the phone. This method of hacking is called “brute-forcing.”

I know, Apple installed a safety that erases a phone’s data after 10 failed attempts to log in. BUT, the IP box is one step ahead of the game because it cuts power to the phone after each attempt, therefore the log-in attempts don’t accumulate.

Here’s a video of the device unlocking an iPhone with a 4-digit code. It takes a couple of minutes so prepare to yawn a few times before the exciting climax when the code appears and the phone unlocks. By the way, this process has been known to take as long as 111 hours (40 seconds for each PIN attempt).

Apple claims they plugged this security “hole” after iOS 8.1, but law enforcement experts say they’ve used brute-forcing devices to unlock the later versions.

It’s believed that the number of iPhones vulnerable to brute-forcing exceeds 100 million.

In the current argument/case between Apple and the U.S. government, the phone in question, the one used by the San Bernardino terrorists, runs iOS 9, which is protected against a brute-forcing attack.

So, the battle goes on.

In the meantime, rest assured that hackers, for whatever reasons, are working diligently to gain access to the latest iPhone models, leaving us to wonder if the newer Apple iPhones will continue to remain protected against falling from a poisonous tree.

Read more
Josh Moulin: Covert Entry Tactics and Welfare Checks

Law enforcement officers are frequently confronted with the need to gain access to something or someone. Most patrol officers don’t carry any specific “tools” for gaining entry so they must improvise by using duty boots and ASP batons as makeshift forcible entry tools. Having kicked in my fair share of doors and broken a few windows with a baton, I am the first to admit that doing so is not as easy as it looks on TV.

Circumstances often dictate how an officer will attempt to gain access to something. Is there an immediate need to gain access to save life or property? Is the officer in hot pursuit of a suspect who just ran inside of a building and locked a door? Is the officer serving a search warrant and the warrant is a “no knock warrant”, allowing for forcible entry without notifying the occupants? In some situations like high-risk search warrants and barricaded subjects, law enforcement may use forcible entry as part of their surprise, speed, and violence-of-action tactics. Other considerations for an officer making a decision about entry include department policies, the officer’s legal authority to gain access, and the amount of damage that may be caused.

Image courtesy of Wikipedia

In other non life-threatening situations, law enforcement may need to gain access to a safe, vehicle, building, or other locked object as part of an investigation. These incidents provide additional time and options for an officer to gain access. Law enforcement may call upon the services of a locksmith to assist, look around for spare keys, contact landlords, etc. to try and gain access without forcing entry.

One common call that law enforcement responds to where access is frequently a problem is welfare checks. Officers are usually dispatched to welfare checks when a person hasn’t been heard from or seen in an unusually long time or missed an appointment. These calls come from employers who report an employee missed work unexpectedly, a family member who can’t get in contact with their loved one, the mail carrier who reports that newspapers and mail is stacking up, or the dreaded “unusual odor coming from a residence” call.

Welfare checks were never on my top-ten list of enjoyable calls to handle. It seemed to never fail that these calls would come in at night, during the graveyard shift and at the creepiest house in my beat. The standard protocol is to look for the obvious signs something is wrong; looking into any open windows for people that are dead or alive, checking for insect activity, looking at vehicles at the home for evidence they have moved recently, and talking with neighbors. Once an officer determines that more likely than not there is someone inside that may need assistance or may be deceased, they can enter the home without a search warrant under the authority of community caretaking laws.

These situations are challenging because unless the officer can see someone in distress, kicking in the door and causing damage is the last thing an agency wants. Sometimes people just leave for vacation and forget to tell anyone, or are admitted to the hospital and didn’t have time to notify their mail carrier or neighbors. For this reason, officers are trained to “try before you pry”, meaning they will check all doors, windows, and other access points to see if anything is unlocked. If nothing is unlocked and no keys can be located, the officer can try to get a locksmith to respond or make the decision to force entry to the residence.

Usually the rookie officer on the call is the lucky one who gets sent in through an opening and then has to unlock a door to let their backup officer in. It was always amusing to watch the officer walk as fast as they could to the door, without actually running. No officer wants to appear bothered by the fact that they are alone in a strange home with a possible dead or dying person that they may encounter between where they entered the home and the door to let their backup in. The officer has no idea what they are going to find from room to room. I have found deceased people sitting in their vehicle in the garage, lying in bed, on the ground somewhere within the house, and even outside in yards and sheds. The cause of death in some of my cases ranged from suicide to homicide to natural causes.

Emergency responders are trained to imagine the worst-case scenario. Mentally, this is supposed to help a first responder if they picture the worst in their mind’s eye and once on-scene are pleasantly surprised. Doing the opposite of hoping for the best but finding the worst can affect a responder’s ability to perform because they become overwhelmed due to their lack of preparation. This can affect them mentally both immediately during the incident and in the future.  It is for this reason, most officers go into a welfare check expecting to find someone who died a violent death and is in advanced stages of decomposition. Then it is no big deal to find the victim recently died of apparent natural causes.

Several years ago I heard about classes being offered which taught law enforcement the art of covert entry. I was accepted into the course and learned how to successfully pick or bypass a wide variety of lock mechanisms. Having this skill caused me to get called out to assist in search warrants, welfare checks, children locked in vehicles, and other calls for service where locks needed to be accessed. Every one of these calls could be a blog entry of their own, there was never a dull moment when deploying these tools.

Standard lockpicking set – image courtesy of Wikipedia

Usually, the police want people to know they were inside of their home or business. For example, anytime the police serve a normal search warrant and there is no one present at the target location, the police must post the search warrant in a conspicuous location to notify the occupants. There are instances though where the police must access something and they don’t want anyone to know they were there. This is where “covert” entry really comes in handy.

Law enforcement sometimes has the need to enter a building just to look around without actually seizing any evidence. There are instances where law enforcement may need to enter a residence or business in order to install technical surveillance measures (e.g., cameras and audio transmitters) or gather additional intelligence. These search warrants are commonly referred to as sneak and peek warrants, covert entry search warrants, and surreptitious search warrants. Law enforcement must be able to pick or bypass locks quickly and quietly in order to access these buildings without drawing any attention or leaving evidence behind of their presence.

 

Pocket Lockpick set – image courtesy of lockpicks.com

Covert entry techniques can also be used to save lives and property. Several years ago I overheard a radio call sending patrol units to a local hotel to check the welfare of a possible suicidal subject. After a few minutes, the patrol officers started calling for the fire department to respond to force entry into the hotel room.

I decided to respond to see if I could be of any assistance. When I arrived, several officers were standing outside of the hotel room along with the hotel manager. For some reason, the hotel manager’s key card would not open the door. The officers told me that the subject called 9-1-1 and said he had overdosed on pills. The officers also found the subject’s car still in the parking lot and were afraid for his safety.

This particular hotel had the standard solid-core fire door, deadbolt locks, and a solid metal frame around the door. The hotel manager was about to authorize the fire department to actually cut a whole in the wall next to the door because it would be easier to access the room via the wall instead of trying to pry the door open. Using a specialized tool that bypasses the “L” style door handles, I was able to get the hotel room door open in about 60 seconds. As soon as the door opened, it hit the latch that had been thrown on the door. We immediately knew someone was in the room and we could hear labored breathing (agognal respirations) coming from inside. This type of breathing is commonly referred to as the “death rattle” because of its ominous sound.

 

“L” handle door bypass tool.  Photo courtesy of mbausa.com

My next tool in my bag of tricks was something called a Lock Jockey, which is specifically designed to bypass the hotel throw-latch. I placed this tool inside of the door and over the latch, closed the door slightly and we were in. We had no idea what to expect once we entered the hotel room. Suicidal individuals are often homicidal, so officer safety was paramount. As we went inside the room, we located the man who was completely unconscious and unresponsive. An empty pill bottle was near him and he was just a few minutes from respiratory arrest. The paramedics rushed in and began treating the man and he ultimately made a full recovery. There is no doubt that the officers and firefighters would have gained access to this man somehow, but the time it would have taken and the damage in the process would have been detrimental.

 

Lock Jockey tool unlatching hotel style throw-latch.  Picture courtesy of lockjockey.com

*     *     *

Josh Moulin has a long history of public service, beginning in 1993 as a Firefighter and EMT. After eight years of working assignments including; suppression, prevention, training, and transport ambulance, Josh left the fire service with the rank of Lieutenant when he was hired as a police officer.

Josh spent the next eleven years in law enforcement working various assignments. Josh worked as a patrol officer, field training officer, arson investigator, detective, forensic computer examiner, sergeant, lieutenant, and task force commander.

The last seven years of Josh’s law enforcement career was spent as the commander of a regional, multi-jurisdictional, federal cyber crime task force. Josh oversaw cyber crime investigations and digital forensic examinations for over 50 local, state, and federal law enforcement agencies. Under Josh’s leadership, the forensics lab was accredited by the American Society of Crime Lab Directors / Laboratory Accreditation Board (ASCLD/LAB) in 2009.

Josh has been recognized as a national expert in the field of digital evidence and cyber crime and speaks across the nation on various topics. He has testified as an expert witness in digital forensics and cyber crime in both state and federal court on several occasions. He also holds a variety of digital forensic and law enforcement certifications, has an associate’s degree and graduated summa cum laude with his bachelor’s degree.

In 2012 Josh left law enforcement to pursue a fulltime career in cyber security, incident response, and forensics supporting a national security federal agency as the Monitor and Control Team Lead.  Josh also holds an active Top Secret security clearance.

Josh is happy to answer questions for authors and can be contacted at his website http://JoshMoulin.com.  Josh is also on Twitter, Google+, Facebook, YouTube, and LinkedIn which can all be found on his website.

Read more
Josh Moulin: How Your Computer Can Be a Threat to National Security

Cyber attacks and warfare are among the greatest threats to the United States.  The federal government and private industry spend billions of dollars every year in people and technology to defend critical systems and data.  Our cyber defenders must stop the threat every time an intrusion attempt is made, but our adversaries only have to get it right once.  Daily media reports of cyber breaches, loss of personal information, disclosure of classified information, and state-sponsored advanced persistent threats (APTs) fill the headlines.

 

Image courtesy of TrendMicro

Government agencies and the private sector are attacked literally every hour of every day by unskilled hackers trying for any vulnerability they can find.  The real concerns however, are organized crime rings and foreign countries that have armies of highly skilled attackers with the financial backing and patience to get into networks and stay inside once they have created an opening.  These organizations will pay developers thousands of dollars to create custom malware, often referred to as “zero day” attacks that will slip past network security defense-in-depth systems and exploit computers because security systems haven’t seen this new threat before and don’t know to stop it.

A common tactic used by attackers is to obfuscate their Internet Protocol (IP) address, making it more difficult to trace illegal activity and to put blocks in place on network devices such as firewalls or routers.  One way this obfuscation occurs is when an attacker hijacks another computer and then uses the hijacked computer to do their criminal activity.  These hijacked computers are often referred to as “jump points.”  When an attacker uses a jump point to do their hacking, it will make it look like the jump point was the source of the attack.

When I was in law enforcement I investigated a case just like what was described above.  An organized crime ring found a vulnerable computer in the Pacific Northwest that they exploited and took control over, making it their jump point.  The attacker then used this jump point to exploit another computer that belonged to an employee of a medical facility.  Once the medical center computer was compromised, the attacker proceeded to obtain the credentials necessary to drain tens of thousands of dollars from the medical center’s bank account.

During the investigation, an IP address was identified as the source of this attack.  I obtained a subpoena for the Internet Service Provider (ISP), which held that IP address and discovered it was assigned to an elderly couple in a nearby state at the time of this attack.  A search warrant was obtained for their residence and law enforcement seized their computer and sent it to us for analysis.  In short, we discovered that this unfortunate elderly couple had nothing to do with this attack except for providing a high-speed Internet connection and vulnerable computer to the attacker.  We were never able to identify the attacker in this case.

 

Image courtesy of techweekeurpose.co.uk

The case highlighted above is financially motivated, but it could have easily been an attacker using this jump point to hack into national security information or the energy infrastructure.  There are some easy steps any computer owner can take to harden themselves against becoming an accomplice to a cyber-terrorist.   Some of the steps computer users can do to protect themselves and the country include:

  1. Always have anti-virus software installed and updated daily with the latest definitions.
  2. Install operating system security patches and updates.
  3. Keep third-party software applications updated.
  4. If using WiFi at home, ensure it is protected with encryption and consider other steps such as MAC address filtering and hiding the SSID.
  5. Turn off your computer and/or Internet connection if away for an extended amount of time.
  6. Use a firewall (software or hardware).
  7. Don’t click on links embedded in email messages when they are suspicious or untrusted.
  8. Use tough passwords and don’t re-use passwords (e.g., don’t use the same password to login to your computer as you do for your email and Internet banking).
  9. Use encryption on all your devices when available.

Everyone should practice these and other information security steps to protect themselves from becoming a victim of identity theft, financial fraud, forgery, and other criminal activity.  By reducing the number of exploitable computers within the United States it protects our citizens and our nation from this type of cyber attack.

*     *     *

Josh Moulin has a long history of public service, beginning in 1993 as a Firefighter and EMT. After eight years of working assignments including; suppression, prevention, training, and transport ambulance, Josh left the fire service with the rank of Lieutenant when he was hired as a police officer.

Josh spent the next eleven years in law enforcement working various assignments. Josh worked as a patrol officer, field training officer, arson investigator, detective, forensic computer examiner, sergeant, lieutenant, and task force commander.

The last seven years of Josh’s law enforcement career was spent as the commander of a regional, multi-jurisdictional, federal cyber crime task force. Josh oversaw cyber crime investigations and digital forensic examinations for over 50 local, state, and federal law enforcement agencies. Under Josh’s leadership, the forensics lab was accredited by the American Society of Crime Lab Directors / Laboratory Accreditation Board (ASCLD/LAB) in 2009.

Josh has been recognized as a national expert in the field of digital evidence and cyber crime and speaks across the nation on various topics. He has testified as an expert witness in digital forensics and cyber crime in both state and federal court on several occasions. He also holds a variety of digital forensic and law enforcement certifications, has an associate’s degree and graduated summa cum laude with his bachelor’s degree.

In 2012 Josh left law enforcement to pursue a fulltime career in cyber security, incident response, and forensics supporting a national security federal agency. Josh now leads the Monitor and Control Team of a Cyber Security Office and his team is responsible for daily cyber security operations such as; incident response, digital forensics, network monitoring, and log analysis. Josh also holds an active Top Secret security clearance.

Josh is happy to answer questions for authors and can be contacted at:

Website: http://JoshMoulin.com

LinkedIn: http://www.linkedin.com/in/joshmoulin

Twitter: https://twitter.com/JoshMoulin

Facebook: http://www.facebook.com/joshmoulincom

Google+: https://plus.google.com/u/0/b/103854822765147479965/103854822765147479965/posts

YouTube: http://www.youtube.com/user/JoshMoulin

 

Read more
Josh Moulin: What Information Is In Your Digital Images?

Josh Moulin

Digital pictures and video have transformed our lives.  I have so many pictures and videos of my kids that by the time they are in college, I’ll have Terabytes of data.  It is so easy these days to capture anything with a digital image.  There is no need to worry about having film developed, or being careful to only take good pictures since you only have a limited amount of pictures left on the roll in your camera.  Now, we’re only limited by the amount of storage space our digital devices have.  As an example, the MicroSD card in most of our smartphones can contain over 18,000 pictures. 

 

MicroSD cards now have a capacity of up to 64 GB

Often, digital images are involved in criminal investigations.  Imagine the treasure-trove of information that can be obtained from a cell phone, tablet, or digital camera when it is seized from a suspect.  In my experience, those involved in criminal activity just can’t help themselves when it comes to documenting their criminal activity in pictures or video.  In literally hundreds of cases, I found suspects taking pictures of themselves using drugs, vandalizing property, committing arson, abusing children, and in some cases, even murder.

While having picture or video evidence of a suspect actually committing a crime is the type of evidence that makes a prosecutor excited about a case, the digital image is just the beginning of the story.  Imagine if we could tell what camera was used to take a certain picture that was found on the Internet, or could link an image found on a suspect’s computer with their personal phone or digital camera found at their home?  This is all possible thanks to something called metadata.

Metadata is simply extra information about a file, or some people refer to it as “data about data”.  You are probably familiar with metadata but maybe not with the term itself.  Have you ever right-clicked on a computer file and seen the properties?  Dates, times, who was the author, when the file was last printed, etc., are all examples of metadata.  For digital pictures and videos there is a specific kind of metadata that exists known as EXIF (Exchangeable Image File Format) data.  EXIF data is information embedded in the image or video that can contain all or some of the information below (what is actually in the image depends on the camera manufacturer):

·       Make of the camera that took the picture/video

·       Model of the camera

·       Serial number of the camera

·       Date / time the image was taken (according to the camera’s clock)

·       Filename

·       Flash settings

·       Aperture settings

·       Image resolution

·       Software

·       And more…

A forensic computer examiner can examine a picture or video for evidence of EXIF data and use special programs to interpret the information.  There are many free programs available on the Internet to do this and many photographers use EXIF data to improve their photographs.  In fact, EXIF data was originally created for photographers so they could look at their camera settings stored within the EXIF data to find out what settings worked or didn’t work when taking pictures under different conditions.

 

Screenshot from an EXIF data parsing tool

To illustrate how EXIF data can be used to solve a crime, imagine this scenario.   I was investigating a case where an adult male was suspected of having a sexually explicit conversation with a 14-year-old female via the Internet.  This adult male was sending explicit text messages and it gradually escalated to him sending images of…well, you can image, to the victim.  When the victim reported this to a teacher at school, our unit became involved and we forensically analyzed the victim’s cell phone.

When reviewing the pictures on the victim’s phone, we found the pictures of the suspect.  None of the images showed his face and all of them were obviously taken from inside of a residence.  Since he sent the messages from his cell phone, we were able to trace the phone number they came from and identify the sender.  When we reviewed the pictures sent from the suspect, each image contained EXIF data.  The EXIF data showed that the pictures were all taken from a Samsung cellular phone and since he had his geotagging feature enabled on this phone, each image contained the latitude and longitude of exactly where the phone was when the image was taken.  This allowed me to create a Google Earth map, which happened to place a big red dot right over the suspect’s apartment.

Just from the EXIF information we could prove that the particular sexually explicit image was taken by the suspect’s phone, from the suspect’s home, at a certain date/time (since phone’s clocks are generally set by the cell phone network, they are reliable).  Another critical element to prove in a crime is that of venue (proving the crime happened within a certain jurisdiction).  With EXIF data, it is not difficult to prove this at all, since we know the exact GPS coordinates of the crime scene.

EXIF data has also been used to locate victims or suspects of crimes from images and videos posted on the Internet.  Imagine watching a video that was uploaded to the Internet which depicted the racially motivated assault of a person.  If the camera used to create the video is capable of embedding EXIF data and the website the video was uploaded to doesn’t remove EXIF data, investigators can download the video and examine the EXIF data to potentially find out more information to lead to a suspect. 

While EXIF data has proven itself to be an amazing tool for law enforcement, it has also been exploited by criminals.  If you have used any of the geotagging features of your favorite social media sites (Twitter, Google+, YouTube, Facebook, Foursquare, etc.) then you are aware that you can share your location with your posts and pictures.  This technology is similar to EXIF data by utilizing the devices internal GPS functionality to embed your longitude and latitude into your post.

Criminals have begun using this technology as another tool for cyberstalking.  By downloading images and videos that people post to their personal websites or social media sites, tech-savvy criminals can do the same technique law enforcement employs to locate where someone was at when they created the image.  If you are a victim of stalking or have been threatened by someone in the past and have gone to great lengths to hide from them, all it would take is them getting ahold of one image placed on a social network site taken by your cell phone or high-end digital camera with built-in GPS.  If that picture was taken at your home, work, child’s school, etc. that’s all they would need to find you.  It’s a scary thought and one that people must consider when using this kind of technology that is generally turned on by default.

 

Josh Moulin

Josh has a long history of public service, beginning in 1993 as a Firefighter and EMT. After eight years of various assignments, Josh left the fire service with the rank of Lieutenant when he was hired as a police officer.

Josh spent the next eleven years in law enforcement working various assignments. Josh worked as a patrol officer, field training officer, arson investigator, detective, forensic computer examiner, sergeant, lieutenant, and task force commander.

The last seven years of Josh’s law enforcement career was spent as the commander of a regional, multi-jurisdictional, federal cyber crime task force. Josh oversaw cyber crime investigations and digital forensic examinations for over 50 local, state, and federal law enforcement agencies. Under Josh’s leadership, the forensics lab was accredited by the American Society of Crime Lab Directors / Laboratory Accreditation Board (ASCLD/LAB) in 2009.

Josh has been recognized as a national expert in the field of digital evidence and cyber crime and frequently speaks across the nation on various topics. He has testified as an expert witness in digital forensics and cyber crime in both state and federal court on several occasions. He also holds a variety of digital forensic and law enforcement certifications, has an associate’s degree and graduated summa cum laude with his bachelor’s degree.

In 2012 Josh left law enforcement to pursue a full-time career in cyber security, incident response, and forensics supporting a federal agency. Josh now leads the Monitor and Control Team of a Cyber Security Office and his team is responsible for daily cyber security operations such as; incident response, digital forensics, network monitoring, log review, network perimeter protection, and firewall management.

 

Read more
Lt. Josh Moulin: High-Tech Crimes Task Force Attains Accreditation


Lieutenant Josh Moulin supervises the Central Point Police Department’s Technical Services Bureau and is the Commander of the Southern Oregon High-Tech Crimes Task Force. He is one of approximately 470 Certified Forensic Computer Examiner’s worldwide and has been trained by a variety of organizations in digital evidence forensics. Lt. Moulin has also been qualified as an expert witness in the area of computer forensics and frequently teaches law enforcement, prosecutors, and university students about digital evidence.

Beginning his public safety career in 1993, Josh started in the Fire/EMS field working an assortment of assignments including fire suppression, fire prevention, transport ambulance, and supervision. After eight years Josh left the fire service with the rank of Lieutenant and began his law enforcement career. As a Police Officer Josh has had the opportunity to work as a patrol officer, field training officer, officer in charge, arson investigator, detective, and sergeant.

For further information about the Central Point Police Department please visit www.cp-pd.com, and for the Southern Oregon High-Tech Crimes Task Force visit www.hightechcops.com. To reach Sgt. Moulin you can e-mail him at joshm@hightechcops.com.

Southern Oregon High-Tech Crimes Task Force Attains Accreditation

It has been a while since I have blogged for Lee, and part of the reason behind that is because I have spent the last year working on getting our forensics laboratory accredited. I thought I would provide some information about lab accreditation in this blog.

Between blogs I have received several emails from different authors asking questions and I am always happy to reply. If you have any questions for me surrounding high-tech crimes or digital evidence (or other police related questions), feel free to send me an email.

On July 17th 2009 the Southern Oregon High-Tech Crimes Task Force attained the prestigious American Society of Crime Laboratory Directors Laboratory Accreditation Board (ASCLD/LAB) Accreditation and joined the ranks of some of the most premier digital evidence forensics laboratories in the world.

ASCLD/LAB (www.ascld-lab.org) offers voluntary accreditation to any crime lab that can comply with their large number of standards. Criteria include all aspects of operations such as management, personnel training and qualifications, health and safety, evidence handling, proficiency testing, lab security, and forensic practices. Part of the accreditation process is an onsite inspection by ASCLD/LAB trained professionals who inspect the laboratory, interview personnel, and review case files and practices. As of September 13th 2009, there are 366 crime labs accredited by ASCLD/LAB worldwide.

After over a year of dedicated hard work and preparation, the Southern Oregon High-Tech Crimes Task Force (SOHTCTF) achieved their accreditation for the Digital and Multimedia Discipline in both the computer and video forensic sub disciplines. There are 97 different quality standards applicable for digital forensics laboratories that are rated as Essential, Important or Desirable. The task force complied with 100% of the Essential, 92% of Important (only 75% required), and 94% of Desirable (only 50% required).

The SOHTCTF is the only standalone local law enforcement digital evidence forensics laboratory to be accredited by the ASCLD/LAB legacy program in the world. The SOHTCTF joins only 54 other laboratories in the world that are accredited to perform some aspect of forensic analysis on digital evidence.

(Left to Right: – Det. Bloomfield, Lt. Moulin, Support Specialist Miller)

According to a letter announcing the SOHTCTF’s accreditation, ASCLD/LAB Chair Jami St.Clair wrote, “Accreditation is granted only after a thorough evaluation of a laboratory’s management practices, personnel qualifications, technical procedures, quality assurance program and facilities. Accreditation is the result of extensive commitment of resources and much preparation by the management and personnel in your laboratory.”

Accreditation provides reassurance that the task force’s work is of the highest quality and the laboratory and personnel have gone through an external review by an independent organization.

Background on the Southern Oregon High-Tech Crimes Task Force

The SOHTCTF was first created by the City of Central Point Police Department in 2005 and in 2007 was joined by personnel from the City of Medford Police Department. The SOHTCTF is a regional, multijurisdictional task force performing cyber crime investigations and digital evidence forensics for approximately 30 federal, state and local law enforcement agencies throughout Oregon. Some of the agencies include the FBI, DEA, ICE, BLM, DOJ, Oregon State Police and multiple agencies in Jackson, Josephine, Douglas, Curry and Klamath Counties. While the task force typically provides services throughout Oregon, it has assisted in investigations in the States of Washington, California, Idaho, Montana and Texas.

The SOHTCTF performs forensic examinations on digital evidence such as computers, cellular phones, servers, removable media, digital cameras and other peripheral devices to support criminal investigations such as homicides, terrorism, child sexual exploitation, white collar crimes, and other felony crimes. In addition, the task force conducts proactive undercover Internet investigations and a large amount of public education courses. To date the task force has provided 218 hours of training to over 1800 people nationwide.

The examiners within the task force are highly trained and certified and have all been qualified as expert witnesses in digital forensics in both state and federal court on numerous occasions. The SOHTCTF examiners are recognized nationwide and frequently called upon to teach across the nation for organizations such as the National District Attorney’s Association, National Center for the Prosecution of Child Abuse and the National Association of Attorneys General, teaching how to investigate and prosecute technology based crimes against children.

The SOHTCTF has seen a 28% increase in cases submitted and an 8% increase in the amount of evidence submitted for forensic analysis from just last year. As electronic evidence continues to play a very important role in nearly every criminal investigation, becoming accredited is more critical than ever.

I hope everyone has a Merry Christmas and Happy New Year.

Read more
Forensic Image Clarification: Say Cheese

Forensic Image Clarification

I can’t count the number of times I’ve been handed a horrible surveillance photograph, or an extremely grainy video of an armed robbery, and was expected to use it as evidence to solve a crime. I’d have been better off taking a page from a mug shot book and tossing a dart at it. The guy’s photo it stuck, well, he’d have to be the crook of the day.

Fortunately, technology exists to clean up and clarify those awful images. Products such as Ocean System’s dTective ClearID v. 20 system are a wonderful addition to any forensic investigator’s toolbox. Clear ID is actually a forensic plugin for Adobe Photoshop that’s nondestructive to the original piece of evidence.

dTective Clear ID can be used to enhance any video from any souce and is used by many law enforcement agencies across the country, such as the FBI, CIA,  DEA, and many local departments.

Before

After

Before

After

Before

After

Before

Fox 9 News Report, Anoka County Sheriff’s Office

Detective Larry Johnson demultiplexes video to solve a robbery.

…The FBI, HCA and the Minneapolis Police Department all use this new technology…

Ohio Organized Crime, Columbus, 10TV News

Ohio University Campus, Rapist Captured Using ATM Video

dVeloper® frame averaging used to clarify the licence plate in only

7 minutes.  With this evidence, the suspect took a plea deal. He is now

serving 30 years behind bars.

Detective Josh Hudson, “most of the people don’t want to contest the video evidence because it speaks for itself… It doesn’t lie.”

Last year they worked over 500 cases.

* Thanks to Ocean Systems

Read more