How police are mining computer data to help investigate suspects
MONTREAL• The criminal proceedings against Quebec City’s mosque shooter provided a glimpse into how police use computers to extract information about a suspect, even if that data has been erased.
Alexandre Bissonnette’s seized laptop was forced to reveal its secrets through a specialized internet evidence finder software called IEF, created by Canadian company Magnet Forensics, which was founded by former Ontario police officer Jad Saliba.
Bissonnette, 28, pleaded guilty earlier this year to six charges of firstdegree murder and six of attempted murder. His sentencing arguments are set to begin Monday.
The demand for such software services is exploding, according to Genevieve Lajeunesse of Crypto. Quebec, which focuses on digital security, information technology and intelligence.
“There isn’t a single crime scene today that doesn’t have a technological element,” she said.
IEF’s client list includes the FBI, the Danish and U.K. governments, as well as police in Lima, Peru, and other Western countries.
In Canada, prosecutors in the case of Guy Turcotte used internet search data to show the former cardiologist had looked up methods of painless suicide before killing his two young children.
The information gleaned from computers is vital for mounting the prosecution’s case.
In Bissonnette’s case, the police looked for evidence that the murders were premeditated, and if they had been committed in the name of an ideology.
Concretely, the software provides access to the contents of zip files, RAM memory, directories, social media chat data, P2P file sharing, web mail, videos on YouTube, photos, the use of USB keys, how the info was shared, and the history of the internet browser — even if it has been deleted. These digital research tools can save hours of work by sparing police officers the job of having to read everything on Skype, Facebook, or web browsers.
The amount of data can be imposing: in Bissonnette’s case, the software detected 31,895 web links, 4,742 Google searches, 3,388 Facebook links and 60,417 images.
The tool finds everything, even data that is invisible to the human eye or seemingly irrelevant.
The RCMP investigator tasked with investigating Bissonnette’s laptop was able to see not only potentially incriminating videos of executions, but also searches for Halloween costumes or a recipe for vol-auvent.
The data is also precise: it showed investigators that only an hour and a half before he gunned down six worshippers in a Quebec City mosque, Bissonnette had viewed a video on how to operate the Glock handgun he would use in the slaying.
While they save time, there’s a risk that the results of searches can be taken out of context, Lajeunesse said. As an example, what do 20 searches on bombs mean compared to a thousand for recipes?
“My internet search history looks quite a bit like Alexandre Bissonnette’s,” she said, noting that part of her job involves researching far-right groups.
Police forces are reluctant to discuss their investigation methods, in order to not divulge their methods to criminals. RCMP declined to comment on the subject other to confirm it used certain tools by Magnet Forensics. Quebec provincial police would not say what technology it used to uncover evidence.
Spokesman Hugo Fournier did say the force has a technology support unit comprised of 40 police officers who, with support from computer scientists, target mainly organized crime. Police forces aren’t the only ones to use the technology.
Hexigent Consulting, a private specialty firm, is hired by lawyers and occasionally police to extract potentially incriminating information from cellphones and computers and pass it on to clients.
Founder Ryan Duquette, a former Ontario police officer, said criminals are increasingly learning new ways to cover their digital footprints, which increasingly makes investigators’ jobs harder.
“But not impossible,” he said. “We have to get more creative.”
Lajeunesse believes that it’s impossible for someone to truly eliminate all traces of their history.
Most people end up making mistakes, she said, noting that the founder of AlphaBay, one of the world’s biggest darknet websites, was brought down after sending an email from a personal Hotmail address.
“To connect is to commit,” she said.