Wednesday, May 28, 2014

Digital Evidence Has Become the New DNA in Criminal Cases, Says Expert

In 1911, it was fingerprints. In 1990, it was DNA. "In 2014, its digital evidence that's now playing a lead role at determining the fate of criminal defendants," says Mark J. McLaughlin of Computer Forensics International.
The ability to place someone at the scene of a crime is typically done by eyewitnesses, or through something unique they leave behind like fingerprints or DNA. And when a solid chain of custody is made, it rarely can be refuted. But while digital evidence from personal computers or mobile devices can place a defendant at the scene, it can also show they were actually miles away or didn't commit the crime.
Three months ago there was a home invasion robbery and kidnapping in Los Angeles. One of the victims made a positive identification on the young defendant. The kid was arrested and faced a list of serious charges that, if convicted, would have placed him behind bars for over 25 years. But he always proclaimed his innocence and said he was at school during the robbery.
However, school attendance records were inconclusive. His family offered up a printed picture of their son standing next to a friend on campus, and printouts of text messages as proof he was at school. The Court said that's not good enough.
"We live in a Photoshopped world where any original image can be easily made to look like something it's not. It was clear the original digital photograph needed to be recovered and examined to establish a solid chain of custody," says McLaughlin.
A Los Angeles Superior Court Judge appointed McLaughlin to authenticate that photograph and the purported text messages. He examined 4 iPhones and recovered not one, but a series of 8 photographs taken in rapid succession. The photograph's hidden metadata showed the creation time of the photographs and text messages were the same time as the robbery 5 miles away. The case was dismissed.
What type of digital evidence can be involved in a case? It always should begin at the source and could involve; a mobile phone, personal computer, USB thumb drive or email account. And then the target data recovered could be in the form of; specific date and time stamps from relevant computer files, surveillance video, hidden metadata, Wi-Fi connections, GPS coordinates, unique IP addresses, or recoverable text from a deleted document or email.
However, it's up to the defense attorney to recognize the possible involvement of digital evidence and bring in a forensic expert. Unfortunately, that always doesn't happen because many attorneys are not trained on what questions to ask or what to look for. McLaughlin added, "the attorneys that do, are giving their client's the best chance for a successful resolution of their case."
Last June, McLaughlin helped defend another robbery case where the defendant claimed he was 40 miles away at home, and working remotely on his laptop connected to a college computer system. Records were obtained from the defendant's college login account that showed multiple accesses during the robberies. Then an examination of the laptop recovered his unique college login with matching dates and times. And lastly, the unique IP address from his parent's home Internet Service Provider that matched the college records. The case was dismissed.
Over the last 18 years, McLaughlin has handled over 500 criminal, civil and internal investigations and examined over 2,000 digital items. He testifies in court as an expert and even trains attorneys on how to enhance their cases through digital evidence. McLaughlin says, "you can rest assured if there's evidence of a defendant's innocence in digital form, we'll find it."

Tuesday, January 14, 2014



Digital Evidence Became Smoking Gun In A-Rod Investigation
Los Angeles, California  (January 14, 2013 ) - Coded text messages and documents detailing an elaborate doping scheme were reportedly recovered that ultimately became the crucial evidence needed by Major League Baseball in the case against the Yankees Alex Rodriguez.
“Merely testifying that a paper document is authentic just isn’t enough anymore”, says Digital Forensic Examiner Mark McLaughlin of Computer Forensics International. “That’s why we’re brought into all types of cases where digital evidence may be found”, he added.
Today, nearly all the world’s information was initially created from a digital device. Plus it’s widely understood that by using Word or Photoshop, you can easily make anything look authentic. So unless you’ve verified the source, the authenticity of printouts as evidence are always questionable. That’s why Digital Forensic Examiners establish a verifiable chain of custody to prove what you’re looking at, is an exact representation of the original.
Examiners like McLaughlin, routinely use cutting edge software tools like EnCase and Lantern when analyzing computers and cellphones on civil and criminal cases. They start by making an exact forensic copy of the entire device – which includes active and deleted data.
Then just the copy is searched, either visually or by using keywords for relevant hits. And those searches can produce tens of thousands of hits that all must be manually reviewed. “That may seem daunting, but considering the alternative, it’s a walk in the park”, adds McLaughlin.
Over the last 17 years, McLaughlin has handled over 500 cases and examined over 2,000 digital items. He testifies in court as an expert and even trains attorneys on how to enhance their cases through digital evidence. McLaughlin says, “I really enjoy the sleuthing part of what we do. Because when we find that smokin’ gun, it’s pretty much game over”.


# # #