Forensic Science and
`Forensic Evidence I
`
`
` In This Issue
`
`
`
`Introduction ............................................................................................ 1
`
`By Acting Attorney General Sally Q. Yates
`
`Recent Developments in the Forensic Sciences ................................... 3
`
`By Dr. Victor Weedn
`
`Mobile Device Forensics: Beyond Call Logs and Text Messages .... 11
`
`By Daniel Ogden
`
`Decrypting a Predator: The Investigation and Prosecution of Steven
`Rockett ................................................................................................. 15
`By Paul T. Maloney and Gary Y. Sussman
`
`Challenges in Modern Digital Investigative Analysis ....................... 25
`By Ovie Carroll
`
`Cultural Property ................................................................................ 39
`
`By Judith Benderson
`
`Forensic Accounting in Securities and Financial Fraud
`Prosecutions .......................................................................................... 45
`
`By Henry P. Van Dyck and L. Rush Atkinson
`
`Investigation and Prosecution of Drone Cases: Emerging Issues for
`Prosecutors Confronting Unmanned Aircraft Systems .................... 53
`By Gretchen C.F. Shappert
`
`
`Note from the Editor........................................................................... 115
`By K. Tate Chambers
`
`
`
`
`
`
`
`
`
`
`
`January
`2017
`Volume 65
`Number 1
`
`United States
`Department of Justice
`Executive Office for
`United States Attorneys
`Washington, DC
`20530
`
`Monty Wilkinson
`Director
`
`Contributors’ opinions and statements
`should not be considered an
`endorsement by EOUSA for any
`policy, program, or service
`
`The United States Attorneys’ Bulletin
`is published pursuant to
`28 C F R § 0 22(b)
`
`The United States Attorneys’ Bulletin
`is published bimonthly by the
`Executive Office for United States
`Attorneys, Office of Legal Education,
`1620 Pendleton Street,
`Columbia, South Carolina 29201
`
`
`Editor
`K Tate Chambers
`
`Assistant Editor
`Becky Catoe-Aikey
`
`Law Clerks
`Sarah Tate Chambers
`Joseph Giordano
`Emily Godwin
`
`Internet Address
`https://www justice gov/usao/resources
`/united-states-attorneys-bulletins
`
`Send article submissions
`to Editor,
`United States Attorneys’ Bulletin,
`National Advocacy Center,
`Office of Legal Education,
`1620 Pendleton Street,
`Columbia, SC 29201
`
`Cite as:
`65 U S Attorneys’ Bulletin, Jan 2017
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WIZ, Inc. EXHIBIT - 1079
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`
`
`
`
`
`
`
`
`Introduction
`
`Sally Q. Yates
`Acting Attorney General
`
`
`Forensic science plays a crucial role in our criminal justice system. Using the tiniest shreds of
`evidence, whether a drop of blood or a shell casing found at the scene, forensic scientists can help
`investigators learn who committed a crime and how it was committed. Judges and juries put great stock in
`this type of forensic testimony, and when presented at trial, such evidence can make the difference
`between conviction and acquittal.
`
`But it is precisely because forensic evidence can be so powerful and so persuasive that we must
`be careful in how it is used. Even in the most advanced forensic disciplines, there are limits on what the
`science can reveal. In recent years, for example, we have seen the risks that forensic science presents, as
`we learned that certain experts have overstated the strength of the evidence in their lab reports and at trial.
`These errors have not simply called into question the validity of individual prosecutions, but also
`threatened to undermine the public’s confidence in forensic science more broadly.
`
`To address this, the Department of Justice has taken a number of steps to strengthen forensic
`
`science. In 2013, the Department partnered with the National Institute of Standards and Technology to
`establish the National Commission on Forensic Science (NCFS), a federal advisory committee that makes
`forward-looking policy recommendations to the Attorney General on forensic science topics. As Deputy
`Attorney General, I have had the privilege of serving as the Co-Chair of NCFS, which has developed a
`number of significant proposals on the practice of forensic science in both the laboratory and the
`courtroom. In addition, in early 2016, the Department recruited Dr. Victor Weedn to help develop new
`policies and guidance across DOJ’s investigative agencies, research offices, and litigating components.
`Dr. Weedn, who serves as the chairman of the department of forensic science at George Washington
`University and recently completed a term as the president of the American Academy of Forensic
`Sciences, has spearheaded a number of important initiatives during his time at Main Justice and helped
`coordinate this issue of USA Bulletin.
`
`One of the Department’s most significant ongoing projects in this area is the multi-year
`
`development of the “Uniform Language for Testimony and Reports,” or ULTRs. Once finalized, the
`ULTRs will outline the specific statements that the Department’s forensic experts may – and may not –
`make when testifying in court about their scientific conclusions, thus limiting the risk of experts
`overstating the accuracy or reliability of a particular forensic technique. We expect that the guidance
`contained in the ULTRs will also prove useful for prosecutors, who will be able to rely on the documents
`to ensure that they properly characterize their forensic evidence in Daubert hearings, witness
`
`United States Attorneys’ Bulletin
`
`
`1
`
`January 2017
`
`
`
`
`
`
`

`

`examinations, and jury summations. The Department’s Office of Legal Policy, along with experts at FBI,
`ATF, and DEA, remains hard at work on the project. Draft versions of the ULTRs were posted for public
`comment in mid-2016, and final versions are likely to be published later this year.
`
`As you read through this issue of the USA Bulletin, you’ll see the many ways forensic science
`impacts federal prosecutions, from investigations on the internet to theft of historical artifacts. I hope you
`find the material informative and that it provides an opportunity to learn more about the important work
`underway across the Department to strengthen the practice of forensic science.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`United States Attorneys’ Bulletin
`
`January 2017
`
` 2
`
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`
`
`Recent Developments in the Forensic
`Sciences
`
`Dr. Victor W. Weedn
`Senior Forensic Advisor to the Deputy Attorney General
`Office of the Deputy Attorney General
`I. Introduction
`Forensic science is generally dated to Hans Gross’ Handbuch für Untersuchungsrichter,
`Polizeibeamte, Gendarmen (Handbook for Magistrates, police officials, military policemen), which was
`published in 1893, although forensic medicine and forensic toxicology are much older. Edmond Locard
`established the first crime laboratory in 1910 in Lyon, France. Depending on who is to be believed, the
`first crime laboratory in the United States was established in Los Angeles or Berkeley, California, in
`1923. The FBI laboratory was established in 1932. Throughout the first half of the twentieth century,
`forensic science laboratories were established throughout the United States. Although the International
`Association for Identification has origins dating back to 1915, most professional forensic science
`associations were established during the second half of the century. Initial efforts towards standardization
`in the field soon followed. Perhaps more importantly, gas chromatography-mass spectrometers (GC-MS)
`were not in widespread use until the 1970s, and genetic analyzers were not in widespread use until the
`1990s. Both are the basic laboratory instruments of modern crime labs. The television show CSI captured
`the attention of the public when it first aired in 2000. Particularly with the rise of databases (fingerprints,
`DNA, firearms), forensic science laboratories became increasingly powerful and increasingly important to
`the criminal justice system. The criminal justice system has had to adapt to this new reality; for instance,
`in addition to appeals based upon unfair process, actual innocence became a basis for appeals in DNA
`prosecutions. In this article, I will discuss some major developments in forensic science policy over the
`past several years.
`II. 2009 National Academies of Sciences (NAS) Report
`In February of 2009, shortly after President Obama took office, the National Research Council
`(NRC) of the National Academies of Science (NAS), supported by National Institute of Justice (NIJ)
`funding, published its influential report, Strengthening Forensic Science in the United States: A Path
`Forward. NAT’L ACAD. OF SCI., NAT’L RESEARCH COUNCIL, STRENGTHENING FORENSIC SCIENCE IN
`THE UNITED STATES: A PATH FORWARD (2009). The 2009 NAS Report on forensic science was not the
`first call for forensic science reform in America, but one that captured the attention of policymakers.
`Judge Harry T. Edwards and statistician Constantine Gatsonis, co-Chairs, speaking for their committee,
`concluded:
`
`United States Attorneys’ Bulletin
`
`
`3
`
`January 2017
`
`
`
`
`
`
`

`

`The forensic science system, encompassing both research and practice, has serious
`problems that can only be addressed by a national commitment to overhaul the current
`structure that supports the forensic science community in this country. This can only be
`done with effective leadership at the highest levels of both federal and state governments,
`pursuant to national standards, and with a significant infusion of federal funds.
`Id. at xx
`The NAS Report made 13 recommendations (paraphrased here):
`1. Create a National Institute of Forensic Sciences (NIFS);
`2. Standardize terminology and reporting practices;
`3. Expand research on the accuracy, reliability, and validity of the forensic
`sciences;
`4. Remove forensic science services from the administrative control of law
`enforcement agencies and prosecutors’ offices;
`5. Support forensic science research on human observer bias and sources of
`error;
`6. Develop tools for advancing measurement, validation, reliability, information
`sharing, and proficiency testing, and to establish protocols for examinations,
`methods, and practices;
`7. Require the mandatory accreditation of all forensic laboratories and
`certification for all forensic science practitioners;
`8. Laboratories should establish routine quality assurance procedures;
`9. Establish a national code of ethics with a mechanism for enforcement;
`10. Support higher education in the form of forensic science graduate programs,
`to include scholarships and fellowships;
`11. Improve the medico-legal death investigation system;
`12. Support Automated Fingerprint Identification System interoperability
`through developing standards; and
`13. Support the use of forensic science in homeland security
`The NAS Report has been referred to by many courts and was quoted by Justice Scalia in
`Melendez-Diaz v. Massachusetts, 557 U.S. 305 (2009) “to refute the suggestion that this category of
`evidence is uniquely reliable,” but Justice Kennedy in his dissent writes:
`State legislatures, and not the Members of this Court, have the authority to shape the
`rules of evidence. The Court therefore errs when it relies in such great measure on the
`recent report of the National Academy of Sciences. Ante, at 12–14 (discussing National
`Research Council of the National Academies, Strengthening Forensic Science in the
`United States: A Path Forward (Prepublication Copy Feb. 2009)). That report is not
`directed to this Court, but rather to the elected representatives in Congress and the state
`legislatures, who, unlike Members of this Court, have the power and competence to
`
`United States Attorneys’ Bulletin
`
`January 2017
`
` 4
`
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`
`
`determine whether scientific tests are unreliable and, if so, whether testimony is the
`proper solution to the problem. Id. at p. 23.
`Several bills have been introduced into Congress without passage; it is the Executive Branch that
`has most vigorously responded to the NAS Report.
`III. Subcommittee on Forensic Science (SoFS)
`In July 2009, the White House’s Office of Science and Technology Policy (OSTP) created a
`“Subcommittee on Forensic Science” (SoFS) to address the issues raised by the NAS report. The SoFS
`oversaw five interagency working groups (Accreditation and Certification; Standards, Practices, and
`Protocols; Education, Ethics, and Terminology; Research, Development, Testing, and Evaluation; and
`Outreach and Communication), which were responsible for most of the work. SoFS participation spanned
`23 federal departments and agencies, and was comprised of nearly 200 federal subject matter experts and
`49 individuals representing state and local forensic scientists. This body completed its work December
`2012 and published its report, Strengthening the Forensic Sciences, in May 2014. NAT’L SCI. & TECH.
`COUNCIL’S SUBCOMM. ON FORENSIC SCI., STRENGTHENING THE FORENSIC SCIENCES (2014). The report
`recommended, among other things, the accreditation of forensic science service providers, the
`certification of forensic examiners and medicolegal personnel, proficiency testing for forensic examiners,
`and a national code of ethics for forensic service providers.
`IV. National Commission on Forensic Science (NCFS)
`In 2013, DOJ partnered with the National Institute of Standards and Technology (NIST) to
`establish the National Commission on Forensic Science (NCFS) as part of the Department’s efforts to
`strengthen and enhance the practice of forensic science.
`The Commission is co-chaired by the Deputy Attorney General and the Director of NIST, and
`consists of 29 voting commissioners and eight ex officio non-voting commissioners. The Commission
`includes federal, state, and local forensic science service providers; research scientists and academics; law
`enforcement officials; prosecutors, defense attorneys and judges; and other stakeholders from across the
`country. The work of the commission is supported by several subcommittees: Interim Solutions,
`Accreditation and Proficiency Testing; Human Factors; Medicolegal Death Investigation; Reporting and
`Testimony; and Scientific Inquiry and Research.
`As a federal advisory committee, NCFS develops recommendations for consideration by the
`Attorney General. These recommendations are drafted by the subcommittees and then sent to the full
`body for a vote by all Commissioners. If approved, a copy of the recommendation is delivered to the
`Attorney General, who typically responds within six months. To date, the Attorney General has agreed to
`adopt several NCFS’s recommendations, either in whole or in part, as discussed in greater depth
`elsewhere in this issue of the Bulletin. For more information, visit https://www.justice.gov/ncfs.
`
`United States Attorneys’ Bulletin
`
`
`5
`
`January 2017
`
`
`
`
`
`
`

`

`V. NIST Organization of Scientific Area Committees (OSAC)
`Also in 2013, DOJ partnered with NIST to create the Organization of Scientific Area Committees
`(OSAC), which assists development of scientific standards in the various forensic science disciplines. The
`definitions, protocols, and practices, which comprise the “documentary standards” and guidelines
`considered by the OSAC, are actually promulgated by various Standards Development Organizations (i.e.
`ASTM, ASB, NFPA, etc.), but only “approved” standards and guidelines are posted to a National
`Registry.
`The OSAC is composed of five scientific area committees (Biology/DNA,
`Chemistry/Instrumental Analysis, Crime Scene/Death Investigation, Digital/Multimedia, Physics/Pattern
`Interpretation) that oversee 25 subcommittees (covering the topic areas of the previous SWGs). The five
`SACs are overseen by the Forensic Science Standards Board (FSSB). The Human Factors, Quality
`Infrastructure, and Legal Resource committees also answer to the FSSB.
`At the time of this writing, three standards have been posted to the National Registry of OSAC
`Approved Standards, but many others are in the pipeline. For more information, visit:
`https://www.nist.gov/forensics/organization-scientific-area-committees-forensic-science.
`VI. Microscopic Hair Comparison Analysis (MHCA) Review
`In response to a series of exonerations, beginning in late 2012, the DOJ and the FBI, with the
`collaboration of the Innocence Project (IP) and the National Association of Criminal Defense Lawyers
`(NACDL), reviewed laboratory reports and scientific testimony provided by FBI laboratory examiners in
`microscopic hair comparison analysis (MHCA) cases to identify statements that exceed the limits of
`science.
`
`The review involved over 21,550 closed MHCA cases conducted prior to the year 2000. Of those
`cases, 3,189 involved a probative association between an evidentiary hair and a known hair sample. Many
`of these cases involved trials where a transcript of examiner testimony was available for review, although
`some resulted in guilty pleas prior to trial where only the original lab report was available for review. The
`majority of the FBI examiner testimony was provided in state court prosecutions.
`The FBI, IP, and NACDL agreed to the basis of the MHCA review—namely, that individual
`statements in reports or testimony that, when viewed alone, did not meet accepted scientific standards,
`with no assessment of materiality regarding the impact of the report or testimony on the proceeding. The
`larger context of the complete testimony was not considered, including other language elsewhere that may
`have mitigated or corrected the overstatement. Language that had more than one interpretation was often
`conservatively marked as an error.
`As part of this process, reviewers categorized potential errors into one of three “types”:
`• Error Type 1: The examiner stated or implied that the evidentiary hair could be associated
`with a specific individual to the exclusion of all others.
`• Error Type 2: The examiner assigned to the positive association a statistical weight or
`probability, or provided a likelihood that the questioned hair originated from a particular
`source, or rendered an opinion on the likelihood or rareness of the positive association that
`
`United States Attorneys’ Bulletin
`
`January 2017
`
` 6
`
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`
`
`could lead the jury to believe that valid statistical weight can be assigned to a microscopic
`hair association.
`• Error Type 3: The examiner cited the number of cases or hair analyses worked in the lab
`and the number of samples from different individuals that could not be distinguished from
`one another as a predictive value to bolster the conclusion that a hair belongs to a specific
`individual.
`An identified error does not necessarily mean that a conviction is invalid or even that the hair
`analysis evidence contributed to the conviction. DOJ notifies any identified statement errors to
`prosecutors and defense counsel so they may assess the materiality of the statements. If it is determined
`by the prosecutor’s office that additional testing is necessary, or if a court orders such testing, the FBI
`provides DNA testing if the relevant evidence is in the government’s possession or control.
`In April 2015, FBI, IP, and NACDL issued a joint press release in which the FBI acknowledged
`that at least 90 percent of trial transcripts analyzed as part of the MHCA review contained erroneous
`statements. Press Release, Fed. Bureau of Investigation, FBI Testimony on Microscopic Hair Analysis
`Contained Errors in at Least 90 Percent of Cases in Ongoing Review (April 20, 2015). The FBI found that
`26 of 28 FBI agent/analysts provided either testimony with erroneous statements or submitted laboratory
`reports with erroneous statements. The review found that the overstated forensic matches favored
`prosecutors in over 95 percent of the trials reviewed.
`The FBI has not completed their review as of the time of this writing, but it is nearing completion. The
`Texas Forensic Science Commission has also reviewed Texas state cases involving MHCA, although that
`review found a smaller percentage of cases with erroneous statements. Several other states are also
`conducting or preparing to conduct their own MCHA reviews in the future.
`VII. Uniform Language for Testimony and Reports (ULTRs)
`At the 10th meeting of the NCFS in June 2016, the Department announced that it was developing
`guidance documents governing the testimony and reports of its forensic experts. This guidance, known as
`the “Uniform Language for Testimony and Reports” (ULTR), clarifies what scientific statements DOJ’s
`forensic experts may— and may not—use when testifying in court and drafting reports. The FBI currently
`uses Approved Scientific Standards for Testimony and Reports (ASSTRs) for this purpose.
`
`The Department released draft versions of these guidance documents for public comment in mid-
`2016. Press Release, Dept. of Justice, Justice Department Issues Draft Guidance Regarding Expert
`Testimony and Lab Reports in Forensic Science (June 3, 2016). The draft documents were posted in two
`batches and cover fifteen forensic science disciplines: anthropology, body fluid testing (serology),
`explosive chemistry, explosive devices, fibers, footwear/tire treads, general chemical analysis, geology,
`glass, hair, latent fingerprint, metallurgy, mitochondrial DNA, paints/polymers, and toxicology. The
`Department received hundreds of comments and continues to review and revise the draft ULTRs. Once
`finalized and adopted, the ULTR documents will apply to all Department personnel, including forensic
`experts at FBI, ATF, and DEA. The exact timing for the release of the final ULTRs is unknown, although
`the Department hopes to complete its work in 2017.
`
`United States Attorneys’ Bulletin
`
`
`7
`
`January 2017
`
`
`
`
`
`
`

`

`Information on the FSDRs may be found on the DOJ forensics website at:
`https://www.justice.gov/forensics.
`VIII. Forensic Science Discipline Reviews (FSDRs)
`At the February 2016 meeting of the American Academy of Forensic Science (AAFS), Deputy
`Attorney General Yates announced that DOJ would review other forensic science disciplines, beyond
`microscopic hair comparison analysis. She suggested a quality assurance-like review for testimonial
`overstatements, not triggered by any specific cases or known or suspected problems, but as responsible
`oversight.
`The Department elicited significant input through presentation of the framework, and then a more
`detailed plan for the Forensic Science Discipline Reviews (FSDR) was presented to the NCFS and posted
`for public comment, and a Statistician Roundtable was held. After deliberation, the goal of the FSDRs
`was declared to be “to advance the use of forensic science in the courtroom by understanding its use in
`recent cases and to facilitate any necessary steps to ensure that expert forensic testimony is consistent
`with scientific principles and just outcomes.” DEP’T OF JUSTICE, FORENSIC SCI. DISCIPLINE REVIEW OF
`TESTIMONY (2016). The FSDR will compare testimony in a case against the underlying report to ensure
`that statements conformed with the report. Once the review begins, identified instances of non-conformity
`will trigger further review and notification of the prosecution and defense.
`Information on the FSDRs may be found on the DOJ forensics website at: https://www.justice
`.gov/forensics.
`IX. President’s Council of Advisors on Science and Technology
`(PCAST) Report on Forensic Science
`In September 2016, The President’s Council of Advisors on Science and Technology (PCAST)
`issued a report titled Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-
`Comparison Methods. EXEC. OFFICE OF THE PRESIDENT, PRESIDENT’S COUNCIL OF ADVISORS ON SCI. &
`TECH., FORENSIC SCIENCE IN CRIMINAL COURTS: ENSURING SCIENTIFIC VALIDITY OF FEATURE-
`COMPARISON METHODS (2016). The report took the position that unless a forensic discipline has been
`“scientifically validated”—in other words, unless a discipline has a known error rate—then judges should
`not allow the admission of expert testimony in that discipline. The report examined several specific
`forensic disciplines and concluded that several, including firearms, shoeprints, complex-source DNA, and
`bite marks, were not sufficiently validated and, therefore, expert testimony about these disciplines should
`not be admitted at trial.
`Shortly after the report’s release, Attorney General Loretta Lynch issued a statement indicating that
`the Department disagreed with certain findings and that it would not be adopting the report’s
`recommendations related to the admissibility of forensic science evidence. Gary Fields, White House
`Advisory Council Report Is Critical of Forensics Used in Criminal Trials, WALL ST. JOURNAL (Sept. 20,
`2016). Since then, in a handful of cases, defense attorneys have filed in limine motions seeking to exclude
`the admission of expert forensic testimony. To date, these efforts have been unsuccessful. U.S. v. Chester
`(U.S. Dist Ct, N Dist Ill., Eastern Div; No. 13 CR 00774, Oct. 7, 2016), IL v. Thompson (Cook Cnty Cir
`Ct, 13 CR 426, Oct 25, 2016), MA v. Legore (Suffolk Cnty Superior Ct; SUCR 2015-10363, Nov 17,
`2016), MN v. Yellow (6th Dist Ct; No. 69DU-CR-15-1363, Oct 28, 2016).
`
`United States Attorneys’ Bulletin
`
`January 2017
`
` 8
`
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`
`X. Forensic Science Research and Development
`While all the above has transpired, the forensic science community around the world has
`continued research and development efforts and made substantial progress. During this administration,
`technologies introduced in the forensic science community include High Resolution and Q-TOF mass
`spectrometers, Rapid DNA Identification instruments, Next Generation Sequencers, and 3D laser-doppler
`crime scene scanners. NIJ alone funds more than $100M of forensic science and DNA-focused
`programming in forensic science research, forensic science practice improvement, and reduction of
`backlogs of untested sexual assault kits. In 2015, NIJ distributed $27.5M for research, development,
`testing, and evaluation; $69.8M for support of publicly-funded laboratories, police departments, and law
`enforcement agencies; and $6.6M for training and technical assistance. NAT’L. INST. OF JUSTICE,
`PROJECTS FUNDED UNDER FISCAL YEAR 2015 SOLICITATIONS (2015).
`The OSTP recently formed a Forensic Science Research and Development Task Force.
`XI. Medicolegal Death Investigation
`The NCFS has had a Medicolegal Death Investigation (MDI) Subcommittee that submitted
`several work products approved by the Commission in the area of medicolegal death investigation. The
`Department contacted the White House OSTP to form a MDI Working Group.
`XII. Conclusion
`Substantial shifts in forensic science policy have occurred in recent years and will continue to
`occur for the foreseeable future. Perhaps, these can be summed up as greater attention and scrutiny, as
`well as a growing national shaping of the standards in the field.
`
`ABOUT THE AUTHOR
`
`❏ Dr. Victor W. Weedn is the Senior Forensic Advisor to the Deputy Attorney General, on detail from
`his position as Professor and Chair of the George Washington University Department of Forensic
`
`Sciences. He is a graduate of the Southwestern Medical School and the South Texas College of
`
`Law. He underwent anatomical and clinical pathology residency training at the Baylor College of
`Medicine and the University of Texas Health Science Center at Houston, and then anatomic pathology
`
`fellowship training at the M.D. Anderson Hospital and Tumor Institute, and forensic pathology
`
`fellowship training at the Armed Forces Institute of Pathology. He established the Armed Forces DNA
`Identification Laboratory and was involved in pioneering efforts to establish STR and mitochondrial
`
`DNA sequencing methods. He directed the effort to create the current inspection and accreditation
`
`program of the National Association of Medical Examiners. Subsequently, he has had several
`positions, including as a medical examiner, a crime laboratory director, research scientist, and
`
`professor. He is the immediate Past President of the American Academy of Forensic Sciences.
`
`
`
`
`United States Attorneys’ Bulletin
`
`January 2017
`
`
`
`
`
`
`
`9
`
`

`

`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`
`
`
`United States Attorneys’ Bulletin
`
`January 2017
`
`
`10
`United States Attorneys’ Bulletin
`January 2017
`
`
`10
`United States Attorneys’ Bulletin
`January 2017
`
`

`

`
`
`
`
`
`
`Mobile Device Forensics: Beyond Call
`Logs and Text Messages
`
`Daniel Ogden
`Senior Digital Investigative Analyst
`Cybercrime Lab
`Computer Crime & Intellectual Property Section
`I. Introduction
`Throughout the year 2016, the Computer Crimes and Intellectual Property Section (CCIPS)
`Cybercrime Lab saw an increase in the number of supports and inquires relating to mobile devices. These
`inquiries include questions about how data is stored, whether the data is recoverable, and whether you can
`get the data if the device is locked.
`As we all know, the mobile device market, which includes cellphones and smartphones, is rapidly
`growing. The market growth has allowed manufacturers to create thousands of different phone models we
`see in use today. These different models have brought many challenges to examiners when tasked with
`extracting and analyzing data from mobile devices. The technology involved with mobile devices is also
`advancing, which allows manufacturers to release new models of phones each year, with thinner cases,
`better graphics, faster processors, more storage, and yes, better security features.
`Since the release of the first smartphones, Apple’s original iPhone (running iPhone OS) and
`HTC’s Dream G1 (running Android 1.0), consumers entrust their lives to mobile devices. In a 2015
`survey conducted by the Pew Research Center, 92 percent of people in the United States owned a
`cellphone, and 68 percent owned a smartphone. PEW RESEARCH CTR., DEVICE OWNERSHIP (2015). That
`averages out to almost one mobile device per person in the United States.
`How does this effect law enforcement? With mobile devices allowing consumers to
`communicate, socialize, bank, shop, navigation, start their car, track their health, and monitor their in-
`home surveillance cameras, a plethora of information is contained on these devices. Just about every
`crime being committed has the potential to have the involvement of a mobile device, but the investigation
`team must first recognize the mobile device—whether it is a watch, phone, or tablet—and then preserve
`the data for collection and analysis. While it is getting more difficult to bypass security features in mobile
`devices, the Cybercrime Lab can assist you in determining your options.
`II. Preservation of data
`For all investigators, identifying and preserving data is the goal when seizing digital evidence.
`This can be more difficult when dealing with mobile devices that have their own distinct challenges
`different from the laptop and desktop computers. One challenge is knowing what to look for. With
`
`United States Attorneys’ Bulletin
`
`
`11
`
`January 2017
`
`
`
`
`
`
`

`

`smaller and novelty devices on the market, such as the BMW style key fob mini phone, it makes
`identifying the devices more difficult. Another challenge is collecting all of the data. While mobile
`devices store a lot of data, the extraction of data from the device may be missing important evidence. Not
`all data is stored on the device, even though the user has access to the data. With the ease of cloud
`computing, companies such as Dropbox, Microsoft One Drive, and Google Drive provide the user with
`capabilities to create, transfer, receive, and delete data in the palm of their hand. While the user may have
`access to this data from their mobile device, it may not be recovered during extraction and analysis due to
`data being stored in the cloud or on remote storage. Therefore, it is imperative for the investigative team
`to determine what web-based email accounts, social media accounts, and file storage the user may have so
`the accounts can be preserved. This data, along with the extracted data from the mobile device, could
`paint a better picture of what occurred during a timeframe.
`III. Extraction
`One of the most common questions received in the Cybercrime Lab is if the data can be extracted.
`This is an ever-changing answer because locked