Computer Forensic & Investigation

00:08

you all my uh years of TV watching I

00:10

never once saw columbos said oh yeah

00:12

there's one more question where's the

00:14

hard drive but nowadays if you watch

00:17

crime shows or legal Thrillers or 24

00:19

anything like that you know computers

00:21

really are a big part of Investigations

00:23

they're used for everything from

00:24

actually evaluating evidence uh to going

00:27

out and Gathering it today we're joined

00:28

by a computer forensic expert Richard

00:30

marov from mov.com he's here to talk

00:34

about how computers are being used to

00:35

bring the bad guys to Justice Richard

00:37

it's good to have you welcome glad to be

00:38

here so you do a lot of uh expert you

00:40

were originally an it yes yes I'm an IT

00:43

consultant and then uh I just found that

00:45

there was a growing demand for this

00:47

computer forensic investigation because

00:50

computers are being used everywhere

00:51

these days in all sorts of businesses

00:53

and all sorts of things and a lot of the

00:55

evidence that used to be on paper is now

00:57

on a computer hard drive somewhere how

00:59

how Savvy do you find that police

01:01

departments and investigators are about

01:03

this kind of thing yeah it varies it

01:05

varies I mean some uh really know what

01:07

they're talking about others just like

01:09

well I don't know we got this you know

01:11

computer stuff and and and you know I

01:14

find that in these cases there's usually

01:17

not much disagreement about what's on

01:18

the hard drive where the disagreement

01:20

comes is the interpretation what does

01:22

this mean right right and so sometimes

01:25

what happens is they find the other side

01:26

they just have a very narrow

01:27

interpretation saying the only way this

01:28

could have happened is this and I say

01:31

well no there's actually about 10 other

01:32

scenarios that could happen as well so

01:34

that's why somebody who really

01:35

understands computers is very important

01:36

in this kind of setting especially in

01:38

trial to to to give you a realistic view

01:41

of what what's going on here absolutely

01:43

so you say you know no I mean you have a

01:45

very narrow-minded view of why this

01:48

thing occurred or or sometimes they have

01:50

an entirely different interpretation so

01:52

so it's it's that sort of uh analysis

01:55

and interpretation that tends to be key

01:56

in these cases is it mostly data on a

01:58

hard drive that you deal with or what

02:00

other kind of evidence would you be

02:01

dealing with uh data in the hard drive

02:04

sometimes uh there's things like

02:06

computer printouts for example I mean

02:08

there's some printers for example it's

02:09

not necessarily well known but there's

02:11

some printers that when you print out a

02:13

page they actually put in the serial

02:16

number and the time and date of the

02:18

print out so I mean there's all sorts of

02:20

you know evidence uh that you know that

02:22

can come to bear in a case yeah I know

02:23

there was a big brewhaha a few months

02:25

ago about the Xerox docu color because

02:26

they put dots on the page and say who

02:28

printed it exactly but but you know in

02:31

the old days a detective uh could look

02:33

at a typewritten message and figure out

02:35

which typewriter came from so this is

02:36

just the same kind of thing for a

02:37

computer exactly it's sort of a

02:39

different way of looking at the same

02:40

thing but you know it came as a shock to

02:41

a lot of people that this is that that

02:44

this can be done they thought they were

02:45

Anonymous or people think they can send

02:47

send a nasty hate email anonymously uh

02:50

uh you know but that's not the case oh

02:52

so you get involved in stuff like that

02:53

to tracking down who sent that email

02:55

exactly sometimes people say hey I've

02:57

got this email here somebody is

02:59

threatened me uh or said something nasty

03:02

uh you know who sent it did it really

03:04

come from this person they denied they

03:06

sent it you know maybe it was spoofed or

03:08

maybe the person sent it and then later

03:10

decided to to deny it so well I'm sure

03:13

that comes up because prosecutors judges

03:15

and juries don't necessarily understand

03:17

what can and cannot be done with an

03:18

email header so they need somebody like

03:21

you to come in and say exactly so I look

03:23

at the header and say yes this appears

03:24

to be legitimate or no it looks like

03:26

somebody tried to try to spoof it you

03:28

know it didn't really come from Bill

03:30

Gates and Microsoft assume that that's

03:32

the case what what are some of the kinds

03:34

of cases are they mostly criminal are

03:36

they civil imagine it's a broad range

03:38

it's a broad range I would tend to get

03:39

involved mainly in uh civil cases uh you

03:42

know both both for the prosecution uh

03:44

and the defense as far as criminal goes

03:47

the uh police you know in terms of

03:49

prosecution they have their own experts

03:51

I would get involved some cases in in

03:53

terms of criminal defense helping out

03:55

people who were the police say this is

03:57

what it was exactly the defense may say

03:59

well wait a minute you know not so fast

04:00

there exactly so usually if there's a

04:02

computer involved both both sides in the

04:04

process if it's important element they

04:05

will have their own computer expert

04:07

involved to analyze and interpret the

04:09

data and you know can present their uh

04:12

their opinion as to what it means I

04:13

asked you how Savvy uh law investig law

04:16

law officers were how savvy are the

04:17

crooks are they pretty computer literate

04:21

uh it depends too I mean you know

04:23

sometimes they really don't know what

04:25

they're doing or they think that if they

04:26

delete a file that's really gone from

04:27

their computer uh you know and it isn't

04:30

and other times they're into you know

04:32

very sophisticated encryption trying to

04:34

hide things which of course also tells

04:36

you some evidence too like well if this

04:38

is encrypted highly encrypted well maybe

04:40

there's some key information in there

04:41

that's very valuable I once asked the

04:44

Secret Service you know what do you do

04:46

if because I mean there is strong

04:46

encryption that nobody can crack what do

04:48

you do if it's encrypted and they said

04:49

well we find that people usually give us

04:51

a password if we ask oh well that's one

04:54

way to do it yeah I guess so just ask

04:57

you know makes it easy uh sometimes I

04:59

guess there is tendency among criminals

05:01

sometimes to confess you know they want

05:02

to they want to get it off their chest

05:04

uh so we've talked about hard drives uh

05:07

what about mobile devices like cell

05:08

phones and pdas does that come up

05:10

sometimes too uh that comes up too I

05:12

mean now that they're becoming more

05:13

capable I mean you look at what's in a

05:15

lot of these uh new smartphones and they

05:17

really are like miniature PCS they have

05:19

their own processor they have their own

05:21

memory you know they have records of uh

05:24

phone calls made and it can be important

05:26

evidence uh you in a particular case you

05:28

know who called who when who's in the

05:31

database of uh you know of frequently

05:33

called numbers the the police have

05:35

pretty good procedures now for this kind

05:36

of thing I mean they established you

05:38

know like for instance you make an

05:39

immediately make a copy of the data

05:41

before you touch it that kind of thing

05:42

or yes yes yes because uh you know I

05:45

mean in order to have a proper uh

05:47

defense you have to have a copy of the

05:50

original data made available to the

05:52

other side to say hey here's here's what

05:54

the police used in terms of their

05:56

investigation you have to make a copy

05:57

for the other side say fine you get your

05:59

expert to analyze and interpret it and

06:01

you know so we're both starting at the

06:02

same base as opposed to you know only

06:04

looking at what the police expert said

06:06

that's all new for them I mean they had

06:07

good evidentiary procedures for you know

06:09

fingerprints and and and shoes and and

06:12

hair but hard drives this is all new

06:15

they had to figure this out from scratch

06:16

it is new uh but uh from my experience I

06:19

tend to do a pretty good job at least in

06:21

this area on it and uh you know just

06:23

give me the evidence and I you know I'll

06:25

look at it and come up with uh uh with

06:27

my opinion on it uh how about now we're

06:30

seeing of course in Canada Australia the

06:32

Philippines all over the world the the

06:34

laws of this kind of thing vary from

06:36

country to country or is it all pretty

06:37

consistent uh well laws do vary of

06:39

course privacy laws of course is very

06:41

different all yes and and like I'm not a

06:43

lawyer but I mean there's different ways

06:45

of acquiring the data I mean for example

06:47

I mean uh if it's a criminal matter you

06:49

know somebody has to get a search

06:51

warrant right um here in Canada for

06:54

example if it's civil matter there's

06:55

something called an Anton pillar order

06:57

which is roughly equivalent in which you

06:59

can basically you know go to somebody

07:01

and say yeah you know Discovery exactly

07:03

we you know we want this data and of

07:05

course as we know in the States you

07:06

don't need a warrant anymore you do

07:07

anything you want what are some of the

07:09

weirdest things you've heard of people

07:10

hiding and and where they've hidden them

07:13

well there's all sorts of different

07:14

things and people get concerned about

07:16

some things and and yeah you know I get

07:18

uh I got a call once this this is not a

07:20

case I accepted but you know there was

07:22

this woman who's very concerned about

07:25

some instant messages being sent uh uh

07:28

you know and this was about instant

07:29

messages that were that that were

07:30

apparently were nasty grams about we got

07:33

that call didn't we we got that call on

07:35

the show after they talked to you

07:36

Richard I think she called us and what

07:39

did you you said H honey you find

07:41

somebody else to help you on this one

07:42

well I said you know it's you know if

07:44

you want to trace back who you know

07:46

which 12-year-old child is sending

07:47

messages you know about your 12-year-old

07:49

child is it going to cost you a lot of

07:51

money she already went to the police and

07:52

the police you know weren interesting

07:54

yeah yeah have there been lately

07:56

landmark cases in this area that we case

07:58

law that things have come up things

08:00

always come up uh you know I think uh

08:04

what I find is that uh judges and

08:06

lawyers are becoming more Savvy in the

08:08

area and they're asking deeper questions

08:10

than before so what that means is that

08:13

from the expert point of view I'm having

08:15

to do more detailed analysis where maybe

08:18

I could have done a very simple report a

08:20

few years ago uh based on three or four

08:22

hours worth of work now I might have to

08:24

do a week's worth of work on something

08:26

because there's some very detailed

08:28

questions about things that they want

08:30

answer I think in the long run that's

08:31

good that means they're understanding it

08:33

better and and they're and they're

08:34

digging deeper absolutely I mean there

08:36

is a greater understanding of what's

08:37

going on I mean I mean the judges and

08:38

the lawyers they are not computer

08:40

experts but they are generally smart

08:42

people and so it's a matter in you know

08:45

from the work I do I have to be able to

08:47

take this computer jargon and sort of

08:49

explain it to them in plain English and

08:51

sometimes that means putting in charts

08:52

graphs you know explaining things that

08:55

are easy to understand for people who

08:56

are not computer exer but who are smart

08:58

people you're not dumbing it down you're

09:00

just making it accessible they need to

09:02

know it yeah it makes perfect sense well

09:04

if people need a