FBI Digital Forensic Examination: A Case Study

Wed Jan 6 11:55:04 PST 2016

https://leb.fbi.gov/2016/january/forensic-spotlight-digital-forensic-examination-a-case-study
Copied below (some/all of the formatting will likely be stripped by the
mailing list)

*Forensic Spotlight*

*Digital Forensic Examination: A Case Study*

By John McHenry and Michael Gorn, M.S.

1/6/2016

A 2014 investigation into the distribution of child pornography revealed
the identity and geographic location of a suspect. The case expanded to
include domestic and international elements and collaboration by multiple
law enforcement agencies associated with the Internet Crimes Against
Children (ICAC) task force.

A Sarasota, Florida, municipality was tasked with the local investigation,
which led to the January 2015 arrest of a 34-year-old male. The city
requested the assistance of Sarasota County Sheriff’s Office Intelligence
Unit digital forensics experts to complete a comprehensive examination of
the devices seized during the arrest. The information presented with the
case indicated that the suspect was a local commercial and residential
painter.

*Evidence*

Among the items presented for digital forensic examination was a cell phone
with a 13+ megapixel camera capable of capturing high definition images.
Many of the images captured by and extracted from the phone contained a
pixel resolution of 2322 x 4128 and metadata directly linking the photos to
the device. During the forensic examination, experts collected evidence to
support charges for the possession, manufacture, and transmission of child
pornography. The pictures included adult hands and pornographic images of
infants.
[image: Open quotes]

As detectives further enlarged the pictures on the monitor, a high level of
detail was witnessed within the fingerprints.

In April 2015 Sarasota County Sheriff’s Office detectives, using a 42” high
definition monitor, observed a paint-like substance on the hands in the
photos, which correlated to the suspect’s trade as a painter. As detectives
further enlarged the pictures on the monitor, a high level of detail was
witnessed within the fingerprints. After removing the pornographic details,
investigators submitted five images to the Sarasota County Sheriff’s Office
Fingerprint Unit with a request for analysis. The argument of “some other
guy did it” is a common defense in the field of digital forensics because
it often is not possible to determine who actually used a device.
Therefore, the potential of a fingerprint association becomes vitally
important.

*Print Examination*

A latent print examiner (LPE) received the case and examined the ridge
detail present in the images. In one image (figure 1), detail was of
sufficient quality and quantity to be identified as the left middle finger
of the suspect when compared with fingerprints taken during the jail
booking process. Due to the digital image being a reversal of the print on
the booking card, the print as visualized in the phone image had to be
inverted.

*Figure 1*

[image: FS figure 1.jpg]

This first identification was enough for the state attorney’s office to
request a motion to compel the offender to provide major case prints. The
office granted the motion, and the LPE went to the courtroom to take the
set of prints.

Further examination of two digital images from the phone led to
identification of the left thumb of the suspect on the major case prints.
These images were inverted for comparison. A second qualified LPE verified
all identifications.

*Trial*

Prior to trial the defense counsel successfully argued to have the
suspect’s confession suppressed. No faces were present in any images. This
made the fingerprint evidence extremely valuable because the suspect could
argue that a partner who had the same first name shared a common e-mail
account, and the fingers depicted in the images were from the partner. The
subject also could claim guilt for possession, distribution, and
transmission of child pornography, but not the manufacture.

*Conclusion*

The identifications made by the latent print examiners proved that the
suspect was involved directly in the acts as witnessed in the images
recovered by the digital forensic detectives. This conclusive evidence was
one piece of the forensic puzzle that assisted the jury in finding the
offender guilty of 26 charges, including capital sexual battery;
molestation; and possession, distribution, and transmission of child
pornography. The offender faces up to life in prison.

*Detective McHenry is a certified forensic computer examiner assigned to
the digital forensics laboratory of the Sarasota County, Florida, Sheriff’s
Office.*

*Mr. Gorn is a certified crime scene investigator and supervisor of the
forensic services unit for the Sarasota County, Florida, Sheriff’s Office.*

The *Bulletin* currently is seeking submissions for its Forensic Spotlight,
a department that highlights current and noteworthy developments in the
forensic sciences. Articles focus on topics, such as fingerprinting,
ballistics, toxicology, paint analysis, document validity, and other
laboratory-based technology used in crime solving. Submissions can be sent
to*leb@ic.fbi.gov*
<https://leb.fbi.gov/owa/redir.aspx?SURL=YpOZ5D9fwGUCND6iaKk_OGoEqHSOET9bweqBXkxl9kzrz4qj9vfRCG0AYQBpAGwAdABvADoAbABlAGIAQABpAGMALgBmAGIAaQAuAGcAbwB2AA..&URL=mailto%3aleb%40ic.fbi.gov>
for
review and possible publication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20160106/96915c2f/attachment.html>