Sergeant Josh Moulin supervises the Central Point Police Department’s Technical Services Bureau and is the Commander of the Southern Oregon High-Tech Crimes Task Force. He is one of approximately 470 Certified Forensic Computer Examiner’s worldwide and has been trained by a variety of organizations in digital evidence forensics. Sgt. Moulin has also been qualified as an expert witness in the area of computer forensics and frequently teaches law enforcement, prosecutors, and university students about digital evidence.
Beginning his public safety career in 1993, Josh started in the Fire/EMS field working an assortment of assignments including fire suppression, fire prevention, transport ambulance, and supervision. After eight years Josh left the fire service with the rank of Lieutenant and began his law enforcement career. As a Police Officer Josh has had the opportunity to work as a patrol officer, field training officer, officer in charge, arson investigator, detective, and sergeant.
For further information about the Central Point Police Department please visit www.cp-pd.com, and for the Southern Oregon High-Tech Crimes Task Force visit www.hightechcops.com. To reach Sgt. Moulin you can e-mail him at firstname.lastname@example.org.
Digital Evidence Forensics
Computers and other digital evidence can contain a tremendous amount of information and evidence in a criminal investigation. Digital evidence is quite unique because it can be the fruit of a crime, the instrumentality used to commit a crime, or contain evidence of a crime that it had nothing to do with. With this information in mind, there is nearly always some nexus to justify analyzing digital media in almost any crime. I’ll explain further the examples I provided above.
Fruit of the crime – It is all too common to have computers, cell phones, digital cameras, camcorders, iPods, etc. stolen during a burglary, robbery or theft. When these devices are taken the criminals generally just start using them as their very own or sell them on eBay.
They might delete some of the files of the original owners, or format a hard drive but it has been my experience that usually they do not. The great thing about computer forensics is that even if they do delete files and format drives, we can generally recover those items.
Often our forensics lab receives stolen property and is asked to identify the original owners based on old information left on the devices. The device itself is fruit of the original crime and can help point investigators to the correct victim. It is also common to recover a large amount of stolen equipment from one suspect, but they are from multiple crimes. Using forensics to analyze all the evidence can help close several unsolved cases.
Instrumentality used to commit a crime
By far the most common reason to have a digital device sent to the forensics lab. This is when a suspect uses a computer or other device to perpetrate the crime. Some examples would be child exploitation/child pornography, ID theft, fraud, forgery, cyberbullying, hacking, terrorism, etc. When we receive devices under this umbrella we are typically asked to locate all evidence of the suspected crime as well as other criminal activity located on the media.
Containing evidence of a non high-tech crime
This is where a digital device contains evidence that can be of interest in a case, but doesn’t have anything directly to do with the original crime. Some examples of this could be pictures/video of the crime stored on a digital device, a diary, a blog entry, an e-mail, or the tower coordinates of a cellular phone at the time of a crime. One great example of this is an arson case I assisted with.
The suspect of this arson had allegedly burned down an ex-boyfriend’s house using a complex incendiary device. After some investigating it was determined that the suspect had no previous training in firefighting or anything else that would teach her how to build such a device. We were able to articulate in a search warrant that the most common place for a person to gain this knowledge is from the Internet. After checking whether or not the suspect had Internet access and a computer the search warrant was served and several computers were seized. During the forensic analysis an e-mail was found that contained information about the fire that only the arsonist would have known. This “smoking gun” (forgive the pun) along with other physical evidence was enough to get a conviction.
The e-mail was the only direct evidence linking the suspect to this particular fire.
Digital evidence forensics has played a major role in several high-profile cases ranging from the BTK Killer to Scott Peterson.
It is difficult to think of any crime that doesn’t have some connection to technology.