Dec 4 • News 4SA
Burned and locked devices: Experts break down digital evidence in Brad Simpson case
SAN ANTONIO - A new affidavit reveals specific details about the disappearance of Olmos Park mother Suzanne Simpson and how her husband, Brad, spent the hours after she went missing.
There is a lot of new evidence laid out in that document. Investigators paint a picture of Brad's movements, how they were able to confirm where he was and what he had with him, and highlighting discrepancies in what he told officers.
We know it was security cameras and license plate readers that helped law enforcement recreate Brad Simpson's path, but it was digital evidence that helped fill in the blanks.
"Digital evidence can be available, not just on cell phones or laptops, but vehicles..." said Matthew Domanic, the owner and Chief Technology Officer at Forensic Innovations Group. He conducts digital forensic examinations and data recovery efforts on a variety of devices.
"Digital evidence can be available, not just on cell phones or laptops, but vehicles..." said Matthew Domanic, the owner and Chief Technology Officer at Forensic Innovations Group. He conducts digital forensic examinations and data recovery efforts on a variety of devices.
Domanic specializes in digital forensics, pulling data and information out of devices in the toughest of circumstances.
In the recently released affidavit, investigators say a deputy approached Brad Simpson while he was standing by a burn pit.
Three phones and a laptop were eventually found after that fire.
"How tough is it to get information off a device that has been burned?" The I-Team's Jordan Elder asked.
"I have been a part of quite a bit of research revolving around recovery of digital forensic evidence from damaged devices, and specifically burnt devices. It's definitely possible," Domanic said. "It definitely adds a layer of difficulty."
But it's not impossible.
Like with most digital evidence, experts say the burned devices will have a lot of variables. How hot was the fire? How long were they in it? To what degree were they damaged or melted?
Like with most digital evidence, experts say the burned devices will have a lot of variables. How hot was the fire? How long were they in it? To what degree were they damaged or melted?
"You'll need to actually begin at taking apart the device and trying to get to the core where the memory is stored," Domanic said. "If there's extensive damage to the printed circuit board or the motherboard that's on the device, that actually then creates much more advanced techniques that are required to then recover the data."
And Brad Simpson didn't appear to make anything easy for investigators.They write in the affidavit that he also shut down his phone "in a manner rarely seen" called lockdown mode.
Several times, officials write that Simpson turned his phone on and off as he moved through the day on October 7.
Authorities believe he did it to avoid being tracked.
"It makes it harder for anybody to access the phone," explained Dr. Thomas Hyslip, an assistant professor of instruction at the University of South Florida. He spent 23 years in federal law enforcement with the Secret Service and the Department of Defense. Hyslip specializes in cybercrime investigation and digital forensics.
Despite the phone being placed in lockdown mode, Hyslip says it may not be impossible to get into.
"Law enforcement has multiple tools that, it's not foolproof, but oftentimes they can get past the lockdown mode," he explained.
Dominac explained that the concept of lockdown mode is relatively new.
"It's not enabled by default, so somebody would actually have to know about that function and be able to utilize it," he explained.
We also asked Dr. Hyslip about Simpson's truck.
The affidavit cites "vehicle location data" placing him around Kendall County.
Hyslip says that could come from a phone communicating with a car or GPS, or the truck itself.
Hyslip says that could come from a phone communicating with a car or GPS, or the truck itself.
"And software manufacturers are now making packages that are able to extract the data from the car, bring it into a forensic software, and actually do an analysis of the data from the car themselves," Hyslip said.
Our phones communicate also communicate with our cars more than we may realize.
"A lot of data is being shared between the phone and the car. So they might not have your phone, but they may have your text messages, your call histories, your location histories, everything has been downloaded from that phone into the car, and so it's another great source for law enforcement in an investigation," Hyslip said.
Even in rental cars, if you connect your phone, that vehicle has a piece of your data until someone decides to clear it out. So between your phone, location services, your car, and phone towers, can anyone really go without being tracked? Hyslip says, it would be very difficult.
"There's a lot of other potential data points that law enforcement can get that have nothing to do with you," he said.
For example, surveillance cameras, like the ones officials cite so many times in the affidavit.
And whether the devices were burned, locked down, or hidden, Hyslip says the actual device may not be the only keys to getting the information stored on them.
"Most phones are set to auto backup, and if it was an iPhone for example, it would be stored in the cloud, iCloud. If it's an Android, it'll be stored in Google Drive. Well, they can get a search warrant for those backups. And if they're not encrypted, it's right there. They have all the data," he said.
Get in touch
-
admin@inv-network.org
About Us
Inv-Network was created to support those who are tasked with the difficult job of protecting children from online child exploitation. Our goal is to provide community, resources, and training to Law Enforcement, District Attorney's, and Parole & Probation Officers.
Copyright © 2023
SEX OFFENDER MANAGEMENT SYMPOSIUM REFUND POLICY
Our Symposium aims to provide the most beneficial and practical experiences for our students. From providing resources, special guest speakers, and also networking and bonding experiences. All of this is costs for us at Intellect-LE. We do our best to cover the travel costs for our instructors as well as resource give aways for students and all of that is paid prior to the course dates. If we have a large amount of students cancel before class, this incurs a large out of pocket expense for use and we would not be able to sustain our course. When you or your agency registers and pays for class we believe you are attending. We understand that circumstances arise so while we do not refund paid seats, we do offer the following options;
1. Your seat may be transferred to another attendee from your agency at no additional cost.
2. Your seat may be moved to our next available training date, even if it is in another location.
3. You can be granted 1 year's worth of access to our skills center and all the training it contains.
1. Your seat may be transferred to another attendee from your agency at no additional cost.
2. Your seat may be moved to our next available training date, even if it is in another location.
3. You can be granted 1 year's worth of access to our skills center and all the training it contains.
SEX OFFENDER MANAGEMENT SYMPOSIUM REFUND POLICY
Our Symposium aims to provide the most beneficial and practical experiences for our students. From providing resources, special guest speakers, and also networking and bonding experiences. All of this is costs for us at Intellect-LE. We do our best to cover the travel costs for our instructors as well as resource give aways for students and all of that is paid prior to the course dates. If we have a large amount of students cancel before class, this incurs a large out of pocket expense for use and we would not be able to sustain our course. When you or your agency registers and pays for class we believe you are attending. We understand that circumstances arise so while we do not refund paid seats, we do offer the following options;
1. Your seat may be transferred to another attendee from your agency at no additional cost.
2. Your seat may be moved to our next available training date, even if it is in another location.
3. You can be granted 1 year's worth of access to our skills center and all the training it contains.