Karl Epps 2014-01-29 23:34:34
Recent Forensic Technology Cases Karl Epps, a partner at Epps Forensic Consulting, manages the tech consulting division which provides computer support, computer-related insurance claims consulting, data recovery and forensic technology services. Karl is an EnCase certified examiner. Epps Forensic Consulting has the Cellebrite UFED system, Susteen, FinalData, ElmcomsoftiOS Forensic Suite, newly released Recon Mac forensic suite and existing EnCase Forensic Suite. Karl recently received a Cellebrite certification, acknowledging his expertise in the usage of the Cellebrite cellphone forensics tools. Cellebrite is one of the industry leaders in cellphone and mobile device forensics. Karl can be reached at (602) 463-5544 or firstname.lastname@example.org. In recent years, I have written many articles about computer and cellphone forensics. I’d like to take the time in this article to demonstrate how this type of forensic work actually helps a case. Below are several cases that we have seen over the last year, which demonstrate how technology is vastly changing the face of our legal world. Caught In The Act In a recent divorce case, we were hired to investigate whether one of the parties had contacted a specific number using their cellphone. In a normal review of the phone – say by a spouse – the phone appeared to have no contact with the specified number. When we processed the phone, we uncovered hundreds of deleted phone calls – outgoing and incoming, text messages, pictures and sexting! It was a lesson in the reality that deleting something does not eliminate it. Protecting The Clients In a recent PII (Personally Identifiable Information) case, we were asked to identify whether a former employee could have taken data when they were terminated. In this case, a computer was provided for review. The former employee’s attorney downplayed the transgression, but because PII was involved, the company had a responsibility to notify their client base of the compromise; therefore it was important to identify the exact scope of the compromise. An initial review resulted in identification of compromised files, a timeline of file copies and even the type and serial number of the device that was used by the employee to copy the data. This information drastically reduced the scope of exposure and notification/credit protection necessary for the company to provide to potentially exposed customers. It also provided proof of a criminal act to the authorities and documented the source of the exposure. Innocent Until Proven Guilty In a criminal defense case, a young lady was accused of child abuse and neglect. There was no argument that the child was indeed injured, but the mother stated that she was trying to provide triage and assistance to address the injury. At the time of our engagement, there was no evidence of such an attempt except for the mother’s word. A review of computers and cellular devices revealed a detailed timeline and history of Internet usage up to and after the child’s injury. The mother was researching potential remedies for the injury online immediately following the incident. This information was not gathered by the police and if the defense had not requested an investigation of available devices, it would have only been the defendant’s word that she was trying to address the injury. Incidentally, the only device used in this case was the cellphone. Without the proper tools to recover historical Internet artifacts on the phone, nothing else would have been found. Split Personalities In another case, a phone owner claimed their phone was stolen before a certain act occurred. We performed link and timeline analysis on the phone to identify the differentiation between calls made before and after a certain date range. Timeline and link analysis resulted in identifying two different “profiles” on this phone; there was a distinct and drastic difference in phone usage before and after a specific date. The numbers dialed and the texts sent were completely different before and after this date. This supported the contention of the phone owner that he had lost the phone and it had been in the hands of a different individual after the specified date. As I’ve demonstrated in past articles, the use of cell phones and computers in modern times can leave an incriminating – or in some cases, an alibi-like – trail. As technology becomes more rooted in our society, I believe that the use of cell phones and computers in all legal scenarios will continue to rise. Welcome to the new world.
Published by Target Market Media . View All Articles.
This page can be found at http://digitaleditions.walsworthprintgroup.com/article/FORENSIC+ACCOUNTING/1622614/194751/article.html.