Wednesday, July 29, 2015

How Digital Forensics Can Help: Personal Injury Cases




July 29, 2015

How Digital Forensics Can Help: Personal Injury Cases

Regular readers of this blog have no doubt observed that I try to make the case quite often that digital forensics is a valuable resource for legal practitioners involved in many different types of litigation and investigation.  Toward that end, I’ll be constructing a series articles over the next few months entitled “How Digital Forensics Can Help” which will offer more detail about how digital forensics can help in specific types of cases.  First up: Personal Injury.

Why start with personal injury?  In all my time conducting criminal investigations in law enforcement and as a private practice digital forensic practitioner, I’ve never been called upon to work a personal injury case.  I’ve also seen that the most likely explanation for this is that personal injury attorneys (including prosecutors who litigate serious accidents) just don’t consider it as a resource.  But just because it isn’t considered doesn’t mean it shouldn’t be.  Indeed in virtually all types of cases, I’ve observed that the legal practitioners don’t always have a firm grasp on what technical expertise (i.e., digital evidence) they may have available to them in any given case.  With articles like these, we hope to close that gap.

Who Can Use Digital Forensics in Personal Injury Cases?

In any given personal injury case, there are several parties involved.  Not only is there likely a plaintiff and defendant, but insurance companies are also key players in these cases.  Plaintiffs and defendants will have their counsel and insurance companies will have their own separate counsel and investigative staff.  Each and every one of these participants in the case may have need to hire a digital forensic expert to help prove or refute a claim.  Not all claims are legitimate, in fact fraud is an ever-growing business, so if you can use a digital forensic expert to help refute a claim against your client/customer and avoid paying out large sums of money, it might be worth it to help save the bottom line. 

Litigators involved in these cases also have a genuine need for digital forensic expertise.  Whether the case involves slipping on a grape in a grocery store or a serious injury motor vehicle accident where one party may have been texting-while-driving, digital evidence is everywhere.  Beyond evidence of the actual event, there may be statements via text, pictures, videos or other documentation about the incident by one or more parties since it happened that can help impeach statements or testimony and bring the case to a successful conclusion faster. 

What Types of Evidence Can Be Useful in Personal Injury Cases?

If society has learned one thing over the past several years since the advent of the smart phone, it’s that data is everywhere.  Long gone are the days when data mostly resided on your home PC or laptop computer.  Now, everyone carries a microcomputer in their pocket, tracking their every move.  Even better, it’s equipped with a camera capable of taking pictures and video in high-definition and a microphone for recording audio along with video or as a stand-alone feature.  Smart phones are documenting machines.  If they weren’t, companies wouldn’t seek to have you put apps on them to be able to market products to you.  They document not for safety or security, but to make big data companies and retailers lots and lots of money. 

But this fact has an ancillary benefit for us in digital forensics.  It means that the micro-computer that is tracking your moves in order to market certain products to you also stores valuable evidence for use in investigation and litigation.  Text messages, pictures, videos, notes, voicemail, call logs, web history and more are all extremely valuable pieces of evidence that may be obtained from smart phones.  If you’ve never thought about it before, think now about how much you use your smart phone and what you use it for.  Then, think about all the high-tech tracking devices it has installed in it -- GPS, cellular antennas, wireless internet antennas and Bluetooth.  All of these things leave a digital trace in the form of metadata (see our article on Metadata here) on your device and can be retrieved by most mobile forensic tools and analyzed and reported by a competent examiner.  It’s a digital mountain of information that most users can’t access or even realize is present on their device… All you have to do is ask for it!

Digital Forensics in Personal Injury Case Application

So now that you know what is accessible on the device, how can you use it to benefit your case?  First, it’s important to realize that the “CSI Effect” is an actual phenomenon.  To believe that we can extract data that will be the smoking gun in your case is (mostly) not realistic.  However, if you take the totality of the circumstances in your case, to include the digital forensic findings, the data that we can retrieve may very well paint a much clearer picture of what was going on in your case.



The best example in personal injury cases is texting-while-driving, which is a big deal in motor vehicle crash personal injury cases these days.  Most personal injury attorneys would love to have proof that the opposing party was texting at the moment of the collision.  Unfortunately, that’s probably not realistic.  However, what we can show is the activity leading up to that collision.  For example, if the opposing party was on their way home from work and we know this to be a 20 minute commute and the collision happened 7 minutes into the drive, that’s one piece of the puzzle.  If they were involved in a text conversation prior to and during that 7 minutes directly leading up to the collision, that’s another piece.  If they were also searching for places to order pizza on their mobile internet for when they got home, that’s yet another piece.  All of these instances are recorded on the device with dates and times and sometimes, specific location.  In the case of Facebook Messenger, messages that are sent routinely have the geo-location (latitude & longitude) of where the person was when the message was sent, providing a message-by-message diagram of where they were, further bolstering the claim that they were in fact texting-while-driving directly prior to that collision.  What’s even better, this information can’t be deleted or altered by most end-users.

Texting-while-driving is probably the most universally understood example of the value of digital forensics in personal injury cases, but it’s just one example.  The overall point is, if you have any evidence that a mobile device was involved in the injury of another, it pays to call a digital forensic consultant as soon as you know.  It’s best for the client, it’s best for you and it helps everyone get on with their lives much quicker in the wake of what may have been a tragic accident. 
 

Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS and BCERT (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6

Wednesday, July 22, 2015

Never Use P2P



July 22, 2015

Why You Should Never Use Peer-to-Peer

For those of you who don’t already know, peer-to-peer file sharing is a big deal, not only for “legitimate” purposes (i.e., trading of non-contraband files), but also for more nefarious purposes such as trading in illicit images and videos.  This has become big business for law enforcement because the growing use of peer-to-peer (p2p) networks has made the searching for, downloading, collecting and trading of child exploitation images much easier and more prolific than it ever was before these networks existed.  But that’s not all they’re used for.  Arguably, the majority of traffic across p2p networks is for bootlegged music, movies, TV shows, etc.  This slightly more “legitimate” use of p2p services is not quite as damaging (or grotesque), but still opens users up to a myriad of potential problems.

What is Peer-to-Peer (p2p)?

Simply put, p2p is an internet-based service that allows other users (peers) to trade files across an open global network.  For example, if you’re a big fan of Beyonce, you can download one of several p2p software utilities (Shareaza, Limewire, Ares, etc.), which are generally free of charge and, once it’s installed, simply connect to the internet and search for “Beyonce” and voila! You will immediately receive hundreds of hits from other users all over the world sharing files with the title bearing the name “Beyonce”.  This sounds great, right?  Easy, fast and free.  Almost sounds too good to be true!



The Good

So the good things about p2p are that it’s free, fast and easy.  That’s about it.  And while that may be enough to convince you that you’ll log on right now and download a p2p utility and start your library exploding exponentially, please keep reading… Because free, fast and easy usually comes with a price.  This is true in p2p and in life.

The Bad

So what’s so bad about p2p?  We’ll get into the REALLY bad parts in the next section, but here’s some pretty bad side-effects for starters:

1)      You don’t know where your files are coming from

While you may be able to see an IP address and/or a country of origin of the files you’re downloading, that’s about it.  And unless you have subpoena power (and even that won’t help you in a foreign country), you have absolutely no idea where your files are coming from.  In fact, they could be coming from one of several different sources.  This is a common default setting in p2p software to speed up the downloads.

2)      You don’t know what you’re downloading

I’ll talk about this a little bit more later, but best-case scenario is you may be downloading files that contain malware, viruses, spyware, or any other of a number of digital “bugs” that could slowly (or quickly) destroy your computer system.  The fact is, these files aren’t verified and they aren’t authentic much of the time, so just because the file name says “Beyonce” doesn’t mean that’s what you’re getting.  Even if it is what you’re getting, the potential for some malicious code to be inserted that will log all of your keystrokes or save and send all of your passwords is fairly high.  Why take the risk for a free song or movie?

3)      You’re allowing others on the internet an open door into your computer system

As you may have been able to figure out by now, p2p isn’t all about getting files from others.  In order to get more downloads quicker, you have to share your files too.  Think about all the valuable information that may be on your computer – Banking records, website history, important documents… do you want all of that available to a savvy user of p2p in China?  Plus, sharing is turned on by default upon installation of these programs and these default settings sometimes go as far as naming what types of files will be shared on your system.  Again, more on sharing later.

The Ugly

So here’s why you really don’t want to ever use p2p software: Most of the content that you’ll find on p2p networks is illegal.  Sure, people sometimes share a PowerPoint deck they created or a story they wrote, but those are the exception.  More often, p2p users are sharing bootlegged copies of TV shows, music and movies.  You can download entire seasons of TV shows with one click.  Problem is, all of that material is copyrighted and therefore illegal to obtain for free. 

The other thing that p2p is routinely used for is pornography in all of it’s forms.  As former police detective who investigated the trafficking of illegal images, I’ll just tell you to think of some of the worst, most disgusting images you can imagine and go about 10 levels higher and that’s what is trafficked on p2p. Sure, there’s “normal” pornography on there, too, but anyone can get that from any number of websites.  Those who are interested in truly dark niche images turn to the p2p networks to download it because legitimate websites won’t post that material.

So let’s say you’re not into any of that stuff and you just want to download bootleg movies.  I said before that you never know what you’re getting, right?  Well when you search for files on a p2p network, the search hits are returned by file name.  Problem is, anyone can name a file anything they want, regardless of the actual content.  So if you’re looking for a movie starring Denzel Washington, you may get some legitimate hits, but you may also get hits from files that have people in them that look like Denzel Washington and someone inserted his name into the file name and threw it up on the p2p network and it happens to contain illegal images.  Guess what, you just broke more than copyright law!

The other problem has more to do with the underlying motive for even using p2p in the first place: laziness.  In many cases that I’ve worked, the target or client claims that they just performed a search for “normal” porn using the key word of “teen” (because they’re allegedly interested in 18 and 19 year-olds).  They get several dozen hits, click the top hit, scroll to the bottom and hit SHIFT + click and download the entire list.  This also happens with bit torrent files (google it).  Now they’ve just grabbed an entire library of potentially illegal material, whether it was intentional or not.  They do this because it’s quick, free, easy and they’re lazy.

Finally, the sharing comes into play.  It’s one crime to possess illegal images, it’s wholly another to distribute them.  The way the criminal justice system views it is that the victims in those illegal images are being victimized all over again every time someone views them, so to distribute them is much worse.  But as I said before, sharing is turned on by default and law enforcement targets those who are sharing illegal files.  It’s also quite possible to download an illegal file and be sharing it before you’ve even had a chance to view it and determine it’s something you really don’t want on your system.  Next thing you know, the police are knocking on your door.  That’s a bad day.

Advice is free and it’s always up to the receiver to take or leave it.  But speaking as one who has seen many, many cases come before the courts and many defenses attempted and failed, I’m forced to ask ‘why would anyone use peer-to-peer?’  It’s a bad idea, even if your motives are mostly legitimate.  The internet is the wild west -- it’s not regulated and seldom policed.  But my advice is don’t put yourself in the potential position to get caught up in something that could wind you up in prison.  When the digital media evolution happened, I decided that it’s worth the $1.00 or so you pay Apple or Google for a song.  It’s worth it to rent or buy movies legitimately from legitimate, verified sources.  It’s not worth it getting caught up in something you don’t ever want to be a part of…  Trust me on this one.
  

Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS and BCERT (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6