Who? What? When? Why? Where? And How?

A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.

Second best evidence is the examination of an electronic device that had been possessed by a suspect. The only reason why this is not as good as physically placing a person at a scene is because unless there is additional corroborating information, a forensic examination of electronic media by itself cannot place a person at that device.

Investigations need to establish where the electronic device has existed by date, time, and location based on the device’s activity. As there will be a multitude of dates and locations collected, our ever growing timeline of suspect activity comes into play to keep track of the evidence chronologically. In a case where several electronic devices have been used by a suspect, the amount of data expands exponentially.

Read More

Recovering Evidence from SSD Drives

In 2012, DFI News published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It”. Back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. Having handled numerous cases involving the use of SSD drives and gathered a lot of statistical data, we now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles.

SSD Self-Corrosion
The effect of SSD self-corrosion, as well as the root cause, is well covered by existing publications, including our own 2012 paper on SSD forensics. The evidence self-destruction process is triggered by the TRIM command issued by the operating system to the SSD controller at the time the user either deletes a file, formats a disk, or deletes a partition. The data destruction process is only triggered by the TRIM command; the data destruction itself is carried out by the separtate process of background garbage collection.

In many cases the TRIM command is not issued at all. This article discusses these exclusions to gain a better understanding of the situations when deleted data can still be recovered from an SSD drive.

Deterministic Read After Trim
Experiences recovering information from SSD drives vary greatly among SSD users.

“I ran a test on my SSD drive, deleting 1,000 files and running a data recovery tool five minutes later. The tool discovered several hundred files, but an attempt to recover them returned a bunch of empty files filled with zeroes,” said one Belkasoft customer.

“We analyzed an SSD drive obtained from a suspect’s laptop and were able to recover 80% of deleted files several hours after they’ve been deleted,” said another user.

Why such inconsistency in user experiences? The answer lies in the way the different SSD drives handle trimmed data pages.

Some SSD drives implement what is called Deterministic Read After Trim (DRAT) and Deterministic Zeroes After Trim (DZAT), returning all-zeroes immediately after the TRIM command releases a certain data block, while others do not implement this protocol and will return the original data until it’s physically erased with the garbage collection algorithm.

With non-deterministic TRIM, each read command after a Trim may return different data, while with both DRAT and DZAT, all read commands after a TRIM return the same data.

As we can see, in some cases the SSD will return non-original data (all zeroes, all ones, or some other non-original data) not because the physical blocks have been cleaned immediately following the TRIM command, but because the SSD controller says that there is no valid data held at the trimmed address on a logical level previously associated with the trimmed physical block.

Read More

CT Schools mull computer background checks on visitors

BRIDGEPORT CT Oct 14 2014 — A proposal to keep sex offenders and other criminals out of city schools by doing instant background checks and issuing photo IDs to all visitors could well be jettisoned before it is even tried.

Parents, members of the public and even school board members expressed concern that instead of keeping students safe, the system would become a deterrent to parent involvement for individuals who are undocumented, have pasts they want to put behind them or who worry about personal information being collected and stored by the school.

“What I am hearing as a parent, this is going to be a big problem in our district,” Tammy Boyle, president of the District Parent Advisory Council, said. “I can guarantee you if this is anywhere pertaining to what it seems like … it is going to be a problem.”

The idea, according to Police Lt. Paul Grech, who oversees school district security, is to create a visitor access system that is better than simply asking visitors to sign in and wear a green visitor sticker.

“We’re committed to further ensuring our kids are safeguarded against sex offenders at school,” Grech said. “This system helps us do just that by using 21st century technology.”

He told members of the school board’s security committee this week that the Fast Pass system — as it is known — is a tool other districts are turning to.

Using a portion of a $1.4 million school security grant the district received from the state following the December 2012 Sandy Hook School shooting that killed 20 first graders and six adults, the plan would require all visitors to a city school to show identification or give their name, which would be entered into a computer.

The computer would conduct instant background checks, and a printer would print out a temporary picture ID with the date, time and location.

About $20,000 would be enough to equip three schools with the system. Of that, $4,000 would come from the city.

Grech wants to try the system out first at the Fairchild Wheeler Interdistrict Campus, work out the bugs, and then bring it to the city’s other high schools.

The system could be customized to collect as much, or as little information, as the board wants, said James Denton, a supervisor of school security. In the case of evacuation, it would also tell officials who was in the building.

“It is a way to give security guards … another tool on their belt,” Denton said.

Now in place
All 37 school buildings in the district have one or more security guards and share about a dozen school police officers, according to officials.

There are also security cameras in and around schools, but not enough. Board member Dave Hennessey said he wishes instead of a visitor access system, the state grant money could be applied to more pressing needs, like extra guards and security cameras for the 1,200 student Cesar Batalla School.

District schools have locked doors and a buzzer entry system. Since Sandy Hook, security guards began asking to see identification of visitors.

“The last thing we want is parents to feel that the police are going to come get them,” said Hernan Illingworth, a school board member.

“We need to do a better job of keeping our children safe,” Illingworth said.

At Central High School, which his daughter attends, Illingworth said even with security guards and metal detectors at the front entrance, people seem to be able to wander the hallways unchecked.

Read More

Millions of Voiceprints Quietly being Harvested

Over the telephone, in jail and online, a new digital bounty is being harvested: the human voice.

Businesses and governments around the world increasingly are turning to voice biometrics, or voiceprints, to pay pensions, collect taxes, track criminals and replace passwords.

“We sometimes call it the invisible biometric,” said Mike Goldgof, an executive at Madrid-based AGNITiO, one of about 10 leading companies in the field.

Those companies have helped enter more than 65 million voiceprints into corporate and government databases, according to Associated Press interviews with dozens of industry representatives and records requests in the United States, Europe and elsewhere.

“There’s a misconception that the technology we have today is only in the domain of the intelligence services, or the domain of ‘Star Trek,’” said Paul Burmester, of London-based ValidSoft, a voice biometric vendor. “The technology is here today, well-proven and commonly available.”

And in high demand.

Dan Miller, an analyst with Opus Research in San Francisco, estimates that the industry’s revenue will roughly double from just under $400 million last year to between $730 million and $900 million next year.

Barclays PLC recently experimented with voiceprinting as an identification for its wealthiest clients. It was so successful that Barclays is rolling it out to the rest of its 12 million retail banking customers.

“The general feeling is that voice biometrics will be the de facto standard in the next two or three years,” said Iain Hanlon, a Barclays executive.

Vendors say the timbre of a person’s voice is unique in a way similar to the loops and whorls at the tips of someone’s fingers.

Their technology measures the characteristics of a person’s speech as air is expelled from the lungs, across the vocal folds of the larynx, up the pharynx, over the tongue, and out through the lips, nose, and teeth. Typical speaker recognition software compares those characteristics with data held on a server. If two voiceprints are similar enough, the system declares them a match.

The Vanguard Group Inc., a Pennsylvania-based mutual fund manager, is among the technology’s many financial users. Tens of thousands of customers log in to their accounts by speaking the phrase: “At Vanguard, my voice is my password” into the phone.

“We’ve done a lot of testing, and looked at siblings, even twins,” said executive John Buhl, whose voice was a bit hoarse during a telephone interview. “Even people with colds, like I have today, we looked at that.”

The single largest implementation identified by the AP is in Turkey, where mobile phone company Turkcell has taken the voice biometric data of some 10 million customers using technology provided by market leader Nuance Communications Inc. But government agencies are catching up.

In the U.S., law enforcement officials use the technology to monitor inmates and track offenders who have been paroled.

In New Zealand, the Internal Revenue Department celebrated its 1 millionth voiceprint, leading the revenue minister to boast that his country had “the highest level of voice biometric enrollments per capita in the world.”

Read More

Protecting your privacy on the phone

Tapping phone lines and recording conversations is a classic spy technique, but it can be easy to protect yourself from these actions with a few simple gadgets and security practices. Make sure you are being proactive about your privacy and protecting your phone calls from unwarranted or illegal recording.

There are a few ways to protect your privacy on the phone. Whether the person on the other end is recording the call or you think your own line has been tampered with, make sure you’re taking the right steps toward eliminating these threats and having private conversations in peace.

Bug sweep – Bugging a room or phone is a key way to record or spy on conversations. Getting a Multi-Functional All Purpose All-in-One Sweep Unit can help you find and disable audio recording devices in your phone, as well as hidden cameras and other spying devices.

Tap detection – For increased protection from phone tapping, you can install a Super Tap Buster on your phone line. This tool will constantly monitor line voltage and detect changes that indicate a phone tap. This will further protect you from taps installed outside your home, and can remotely disable bugs, while alerting you to secondary listening devices on a line – such as when a second line is picked up and muted during a call to listen in.

Voice changer – If you’re trying to keep your identify a secret during a phone call, a Telephone Voice Transformer is the best way to go. This device will alter the pitch and tone of your voice to mask it and keep your identify a secret – an excellent way to prevent a phone tap from gathering too much information.

View Source

Pa. bill would allow armed teachers in classroom

Philadelphia PA Oct 6 2014 The saying that the best defense is a good offense is not necessarily a strategy most wish would be applied to schools.

But as the issue of school safety stemming from school shootings continues, some lawmakers and schools are looking at offensive measures to help protect students.

One such measure is a bill in the state Senate Education Committee that would allow school employees to carry guns on school property. The bill was introduced as another option for protecting students, especially those in rural areas that rely on often-distant state troopers for police protection, The Associated Press reported.

That measure, however, does not sit well with everyone — even those who back offensive defense training for school staff.

After the Columbine shooting, former law enforcement officer Greg Crane co-founded the ALICE Training Institute with his wife, an elementary school principal. The two designed a training regimen for schools across the country that would allow staff to take action if confronted with an intruder.

Though a number of states allow teachers to carry guns on school property, Crane said he has not included weapons in the training program and does not believe they are a good idea.

“It’s actually not at all the same for people using weapons for self-defense as it is to use it (offensively),” Crane said. “(Arming teachers) is asking too much of teachers to be … the security force. If there’s a shooting in the cafeteria, what are the teachers supposed to do? Are they supposed to leave their students alone to respond?”

Mike Hurley, co-founder and president of Cumberland County Safe Schools Association, said there has been discussion locally on arming school staff after the Newtown, Connecticut, shooting, but the association has no position on the matter.

“There was a lot of discussion, there was a lot of different opinions, a lot of pros and cons that have to be looked at, and I think that’s something each school district has to look at with their own community,” he said.

Crane said there is a danger in adding more guns to an intruder scenario. He used the attempted assassination of Ronald Reagan as an example, saying the Secret Service members present were all armed but they did not fire their weapons — they used their numbers to tackle the shooter.

“They did not shoot back, but subdued him in three seconds,” Crane said. “They did it with overwhelming numbers. In that environment, there was a lot of friendlies standing around, and it’s unacceptable to put other people at risk.”

Intruder Training

Although using guns is not an option as a defensive measure in Pennsylvania, what is being taught is a way for teachers and staff to verbally or physically intervene when confronted with a violent and armed intruder.

Since its founding after Columbine, the ALICE Training Institute has trained teachers in 49 states and reached students in kindergarten through 12th grade. Crane said they are branching out to training staff in the private sector of education.

Crane said the training itself is not so much physical as it is retraining the policies with which the schools follow in intruder incidents.

“It’s not something out of a manual,” Crane said. “We don’t want you fighting a gunman, but you may have to mitigate his chances of hurting someone.”

The point of the training is to follow what Crane believes is the better instinct to flee instead of instituting the sole method of a lockdown.

“I don’t understand why in a fire everyone gets out of the building, but you stay in the building when an intruder is on the loose,” Crane said. “At Sandy Hook, the children who ran out of the classroom survived. Why didn’t we evacuate if it is possible?

“We don’t dismiss lockdowns as strategy, but we dismiss lockdowns as policy,” he added.
The training isn’t too involved because Crane said it can’t be.

“It really is very simple — it had to be very, very simple,” he explained. “In (a confrontation), people are not going to come up with fine motor skills and complicated (orders). But it is also very, very effective.”

Read More

Guns at School? If There’s a Will, There Are Ways

CLARKSVILLE, Ark. — The slim, black 9-millimeter handguns that the school superintendent David Hopkins selected for his teachers here weigh about a pound and slip easily into a pocket. Sixteen people, including the janitor and a kindergarten teacher, wear them to school every day.

Although state law prohibits guns on campus, Mr. Hopkins found a way around it.

Like rural educators who are quietly doing the same thing in a handful of other states, Mr. Hopkins has formulated a security plan that relies on a patchwork of concealed-weapons laws, special law enforcement regulations and local school board policies to arm teachers.

Without money to hire security guards for the five schools he oversees, giving teachers nearly 60 hours of training and their own guns seemed like the only reasonable, economical way to protect the 2,500 public school students in this small town in the Ozark foothills.

“Realistically, when you look at a person coming to your door right there with a firearm, you’ve got to have a plan,” Mr. Hopkins said. “If you have a better one, tell me.”

After the Newtown, Conn., rampage last December, 33 states considered new legislation aimed at arming teachers and administrators, according to an analysis by the National Conference of State Legislatures. Only 5 enacted laws that expanded the ability for public educators to arm themselves at school.

Still, some teachers and administrators around the country have carried guns for years under state or local laws that impose few restrictions on where concealed weapons can be carried.

“It’s a fairly common practice among the schools that do not have sworn officers,” said Asa Hutchinson, a former congressman and a candidate for governor in Arkansas. He recently led the National Rifle Association’s school safety initiative, which produced a 225-page report that advocated armed security officers or, in some cases, armed teachers in every public school.

Mr. Hutchinson said he recently spoke with a superintendent in Arkansas who had been carrying a firearm for 10 years. The district was among 13 in the state, including Clarksville, that have special permission to use rules designed for private security firms to arm their staff members.

Just before the school year began, the state suspended the practice temporarily after Attorney General Dustin McDaniel issued an opinion that school districts could not act as private security companies. This month, however, a state board voted to allow the districts to continue using the law until the legislature reconsiders the issue in two years.

Read More

A Police Dog Can Smell the USB Drive You’re Hiding

Even in the digital age, you can teach old dogs new tricks.

In 1986, police trained the first dog in the world to sniff out arson with the help of Jack Hubball, who identified accelerants that the canines could focus on. He then moved on to help police train dogs to detect narcotics and bombs.

The chemist’s latest trick? Getting dogs to pick up the scent for laptops, digital cameras and those easy-to-conceal USB drives. Devices such as these are often used to stash illegal materials like child pornography, which the FBI says is growing fast. The agency estimates that some 750,000 predators are online at any given moment with victims often found in chatrooms and on social networks.

To crack computer crimes, the 26-year forensics-lab veteran based in Connecticut had to first identify the chemicals associated with electronic-storage devices. Hubball took circuit boards, hard disks and flash drives of computers and tested each component. He narrowed the analysis down to a single common chemical, which police declined to specify or describe.

Two trainers, Mike Real and Mark Linhard, then worked with a couple of dogs who had flunked out of New York City’s Guiding Eyes for the Blind program, a black Labrador named Selma and later a golden Labrador named Thoreau. They excelled at this new endeavor.

Read More

TSA: Woman arrested after luggage found to contain guns, ammo, pot

A woman traveling to Barbados on a Canadian passport was arrested at Kennedy Airport after Transportation Security Administration officers found two disassembled handguns, hundreds of rounds of ammunition and 33 pounds of marijuana concealed in her luggage, authorities said Monday.

Nyesha McPherson, 24, of Scarborough, Ontario, was arrested in Terminal 5 at 6:30 a.m. Sunday, port officials said.

Port Authority spokesman Joseph Pentangelo said the woman was scheduled to travel on a JetBlue flight and had not arrived on a connecting flight. The incident was uncovered when TSA officers pulled the woman’s bags off a conveyor and determined they were unusually heavy, he said.

Suspicious TSA officers then opened two pieces of checked baggage and found what was described as being “jam-packed with cans and boxes for baby wipes, coffee, floor-dusting sheets, lemonade mix, iced tea mix” — and a box of cat litter and a box of laundry tablets.

“But,” the TSA said in a statement Monday, “none of those boxes or cans contained the products on the labels.”

Instead, agents found two disassembled .40-caliber handguns, 350 rounds of ammunition, four magazines to load bullets into the handguns and 58 “bricks” of marijuana — a total of 33 pounds of pot, officials said.
All the items, the TSA said, were “artfully concealed in the boxes, tubs and cans.”

McPherson was charged with first-degree criminal possession of marijuana, third-degree criminal possession of a weapon, criminal possession of a firearm, possession of high-capacity magazines and possession of ammunition.
View Source

Even Biometric Locks Can be Picked

How can we ensure that someone is who they say they are? How can be sure that the person in our system, both digitally speaking or physically in front of us, is who whom they claim to be?

You may think that a good password is the answer, but with so many ways to break into a computer system these methods are clearly not always effective – as can be seen from the unfortunate hacked celebrities whose naked pictures were strewn across the internet recently, or the Oleg Pliss ransomware that locks iPhones until the extortioner is paid. Even a combination of a good username and password may not be enough.

An organic alternative to passwords

What about biometrics? This technology uses human physical attributes as locks and keys, such as fingerprints, iris scans or, as is now suggested, the veins in the human fingertip, making them highly individual ways to identify one user from another.

Using biometrics is not especially new. For example, while the likes of iris scanners may be familiar from sci-fi films, they’re also (or were until recently) found in real life airports too. Often mistakenly called retinal scanners, they are based on scanning the unique pattern of the iris, the coloured part of the eye.

But the technology needed to complete an effective and trusted scan is expensive and can be tricked by technologically capable hackers. These are great for entry control systems on the buildings of large organisations, or for the occasional secret bunker seen in films. But they are extremely costly – prohibitively so if a bank was to insist that every customer had one at home – and false readings become a problem as the number of people using it scales.

On the other hand, fingerprint technology has become cheaper and more available – fingerprint scanners are now sufficiently small and accurate that they started appearing in laptops 10 years ago, and are even in small devices like the iPhone 5S. This is one way that banks could allow smartphone and laptop users to access their financial services, with users presenting a finger rather than a passcode.

In fact it’s easy to obtain a range of low-cost scanners for all sorts of authentication uses. But that doesn’t mean the users will like doing so – there are ethical issues to consider, as some UK schools discovered in 2012 when their use of fingerprint scanners to monitor pupil attendance led to an outcry and a government ban without explicit consent from parents.

Read More