Advanced Investigations

Digital Forensics in the Private Sector

Client Login New Case Request Contact Us Now!
Posted on by Accel Admin
investigator looking at hard drive

Paul Cicarella started his investigative career in 2002, and in 2012, he started Advanced Investigations. He always saw the value of technology in the industry, whether it was utilizing case management software, implementing processes to streamline communications and billing, or using tools in the actual investigations, such as GPS trackers or covert cameras. Paul saw this as a way to not only improve his business but also help clients and cases in ways that some people were not even aware of. One of the first notable experiences Paul had with implementing tools like this in his investigations was when he was hired by a local church to prove that a subject had been stealing from the church organization. By using new covert cameras, he was able to conceal them in the binding of a book and capture the subject stealing.

It did not just stop at GPS trackers and cameras, however. Just like technology advances every day, Paul finds new ways to expand what Advanced Investigations offers and invests in new tools and his employees to better their investigations, whether it be Technical Security Counter Measures (TSCM), Digital Forensics, or everyday investigative tools like state-of-the-art cameras.

In 2017, Matt Heim joined Paul’s team after obtaining a bachelor’s degree in criminal justice at Sacred Heart University, and just like Paul, saw how much technology could play a role in investigations. After working for a few years and gaining significant investigative experience, Matt decided to go back to Sacred Heart University, where he obtained a master’s degree in cybersecurity and focused his studies on Digital Forensics. Since obtaining his master’s degree, Matt has also obtained various additional certifications specific to Digital Forensics.

Since obtaining his degree, Matt has worked on numerous digital forensic investigations involving various types of devices and software. Just like any case in the investigation industry, each one is different and pushes him to learn new methods, tools, or procedures.

Below is information as to what Digital Forensics is and how it can be used in the private sector.

WHAT IS DIGITAL FORENSICS?

Digital forensics is a form of Forensic Science that consists of the preservation and discovery of data from digital devices. This includes but is not limited to cellphones, tablets, computers, and even vehicles. When information and data from devices are extracted and interpreted in a forensically sound way, it can be used as evidence, meaning it is admissible in court. Digital evidence, much like physical evidence, must maintain a chain of custody and be protected from any breach of forensic policies or procedures. Digital forensics and the evidence obtained through investigations helps investigators create timelines and answer questions that may have otherwise been left up for debate. Digital data can display a subject’s digital footprint and bring evidence to light that may have otherwise been lost or missed. Although evidence and data obtained through digital forensics may not always be the smoking gun that an investigator is looking for, it still can be used to further investigations and provide new leads.

DIGITAL FORENSICS IN THE PRIVATE SECTOR

People often hear about Digital Forensics in investigations and think that only Law Enforcement Agencies use it to obtain evidence for their cases, however, what most people don’t know is that the same information and data that Law Enforcement Agencies use can also be used by investigators in the private sector. Whether it be criminal defense, civil litigation, loss prevention, or even family law matters, digital forensics has begun playing a role in each type of case in different ways.

Some specific case types that we have seen digital forensics yield information or evidence that ultimately was a factor in a case include:

  • Criminal Defense Investigations
  • Corporate Investigations
  • Motor Vehicle Accident Cases
  • Domestic Cases
  • Child Custody Cases

DIGITAL FORENSICS TOOLS

Digital Forensic tools are hardware and software that are used by investigators to be able to extract, preserve, and analyze digital evidence. A lot of the digital forensic tools used today do need to be purchased and require companies or investigators to be licensed to use them; however, there are also numerous open-source resources and tools that forensic investigators can use to assist with an investigation. Just like with any investigation, an investigator should not rely on just one [1] tool and should always have multiple ways in which information or data can be checked or cross-referenced for validation purposes.

Some of the more well-known tools and software that are used by many investigators today are:

  • Cellebrite UFED or Cellebrite Physical Analyzer for mobile devices.
  • Cellebrite Digital Collector and Inspector for computers.
  • Paraben Corporation’s E3 Forensic Platform
  • EnCase Forensics
  • Oxygen Forensics
  • FTK Imager for imaging computers and hard drives

Now, although a lot of these tools are designed to make the extraction process and analysis process easier for investigators, it is still very important that when it comes to these investigations, an investigator who has been trained, certified, or experienced, is the one conducting the investigation. If these tools are improperly used, or certain policies and procedures are not followed during an investigation, data and evidence can be missed or compromised. It is vital that investigators thoroughly document any and all steps taken.

IN ACTION

Some specific examples that we have experienced during our time conducting digital forensic investigations include:

  • Criminal Defense Case: There was a case in which an eyewitness to a shooting stated that the suspect, in this case the client, had a full beard. By conducting a forensic extract and analysis on the subject’s cellphone, deleted photographs and the metadata from those photographs were able to be recovered. Upon review of these photographs and metadata, information including the specific location and date of these photographs, which was the day prior to the shooting, showed that the suspect was cleanly shaven and discredited the
    eyewitness’s account of what happened. The information obtained was subsequently presented in court, and the charges against the client were dropped.
  • Violation of a Protective Order: The defendant party to a protective order was accused of sending a threatening message, which violated the terms of the protective order, to the other party. The message was sent through an end-to-end encrypted co-parenting application. The defendant claimed that they did not in fact send the message and that the complainant was able to make it look like it had been sent from their device. They further claimed that at the exact time the message was allegedly sent, they were driving their car and were not using the device.
    A forensic extraction and analysis were performed on the subject device, an Apple iPhone 15, and although minimal information was obtained from the application used directly, there was other information located through the device that was able to be used. Specifically, the device logs and back-end databases on the phone showed that at the exact time the message was sent, the device was unlocked, the display was turned on and there was a text input being entered into the phone via the phone’s keyboard, showing that they did in fact send the message from their device.
  • Probate Dispute Case: In a pending probate matter involving financial assets and a property, the execution of signatures on specific documents was being questioned. Specifically, the time frame as to when the documents were finalized, printed, and signed did not line up with other pieces of information learned and obtained during the course of the case. The documents in question consisted of four [4] Microsoft Word Documents. Through a forensic analysis of the documents, the metadata showed that the dates that the documents in question were last modified and printed did not match up with what was testified in court.

Other cases that we have directly used digital forensics to further our investigation include Defamation Cases, Civil Sexual Assault Cases, Contract Dispute Cases, Business Dispute Cases, and Cyber Harassment Cases.

CONCLUSION

In the ever-changing world we live in today, digital forensics is a vital asset in the investigations industry for various reasons, some of which we have outlined above. It is important that investigators always consider technology as a factor in any case they may work and stay on top of any new advancements we see.

By: Matt Heim & Paul Cicarella

Paul Cicarella and His Team

Our Team Is The Best in the Business

We are focused on providing the best service for our clients. As a result, we continue to train on the most up to date technology. Our staff regularly attends training with the various state and federal enforcement agencies, as well as international intelligence agencies.

Learn More About Us

Read Our Client Reviews

"I have worked with Paul and his team on countless criminal and personal injury matters. They are very responsive, thorough, and professional. I highly recommend Advanced Investigations."

Peter B.

"I've had a long time relationship in multiple locations with this company and its always provided great results and customer service."

Prisco A.

"Advanced investigations did a great job for me and my family!"

Sean B.

"Such an awesome experience, thank you!!!"

Jessica O.

"Advanced Investigations has been assisting me with my cases for several years and I have found that they consistently execute quality work and display a high level of professionalism with both myself and my clients.…"

Attorney Richard Tropiano

Read Our Latest Blog Posts