How Computer Data Helped Investigate Quebec Shooter

Uploaded on 2018-06-18 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminal proceedings against Quebec City's mosque shooter provided a glimpse into how police use computers to extract information about a suspect, even if that data has been erased.

Alexandre Bissonnette's seized laptop was forced to reveal its secrets through a specialized internet evidence finder software called IEF, created by Canadian company Magnet Forensics, which was founded by former Ontario police officer Jad Saliba.

Bissonnette, 28, pleaded guilty earlier this year to six charges of first-degree murder and six of attempted murder. His sentencing arguments are set to begin Monday.

The demand for such software services is exploding, according to Genevieve Lajeunesse of Crypto.Quebec, an independent media focusing on digital security, information technology and intelligence.

"There isn't a single crime scene today that doesn't have a technological element," she said.

IEF's client list includes the FBI, the Danish and UK governments, as well as police in Lima, Peru and other Western countries.

In Canada, prosecutors in the case of Guy Turcotte used internet search data to show the former cardiologist had looked up methods of painless suicide before killing his two young children.

The information gleaned from computers is vital for mounting the prosecution's case.

In Bissonnette's case, the police looked for evidence that the murders were premeditated, and if they had been committed in the name of an ideology.

Concretely, the software provides access to the contents of zip files, RAM memory, directories, social media chat data, P2P file sharing, web mail, videos on YouTube, photos, the use of USB keys, how the info was shared, and the history of the internet browser - even if it has been deleted.

These digital research tools can save hours of work by sparing police officers the job of having to read everything on Skype, Facebook, or web browsers.

The amount of data can be imposing: in Bissonnette's case, the software detected 31,895 web links, 4,742 Google searches, 3,388 Facebook links and 60,417 images. The tool finds everything, even data that is invisible to the human eye or seemingly irrelevant.

The RCMP investigator tasked with investigating Bissonnette's laptop was able to see not only potentially incriminating videos of executions, but also searches for Halloween costumes or a recipe for vol-au-vent.

The data is also precise: it showed investigators that only an hour and a half before he gunned down six worshippers in a Quebec City mosque, Bissonnette had viewed a video on how to operate the Glock handgun he would use in the slaying.

While they save time, there's a risk that the results of searches can be taken out of context, Lajeunesse said. As an example, what do 20 searches on bombs mean, compared to a thousand for recipes?

"My internet search history looks quite a bit like Alexandre Bissonnette's," she said, noting that part of her job involves researching far-right groups.

Police forces are reluctant to discuss their investigation methods, in order to not divulge their methods to criminals.

RCMP declined to comment on the subject other to confirm it used certain tools by Magnet Forensics.

Quebec provincial police would not say what technology it used to uncover evidence.

Spokesman Hugo Fournier did say the force has a technology support unit comprised of some 40 police officers who, with support from computer scientists, target mainly organized crime.

Police forces aren't the only ones to use the technology.

Hexigent Consulting, a private specialty firm, is hired by lawyers and occasionally police to extract potentially incriminating information from cell phones and computers and pass it on to clients.

Founder Ryan Duquette, a former Ontario police officer, said criminals are increasingly learning new ways to cover their digital footprints, which increasingly makes investigators' jobs harder.

"But not impossible," he said. "We have to get more creative."

Lajeunesse, for her part, believes that it's impossible for someone to truly eliminate all traces of their history.

Most people end up making mistakes, she said, noting that the founder of AlphaBay, one of the world's biggest darknet website AlphaBay, was brought down after sending an email from a personal hotmail address.

"To connect is to commit," she said.

CTV News:

Police Are Mishandling Digital Forensic Evidence:

Canadian Police Uncover Dark Net Gun Market:

« Cryptocurrency Malware Theft Is Worth Millions
Business AI Platform For Commercial Development »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Superscript

Superscript

Superscript (formerly Digital Risks) is an insurance broker for small businesses, sole-traders, landlords and high-growth tech firms. Our services include Cyber Liability insurance.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Pentest360

Pentest360

Pentest360 is a 24x7x365 Penetration testing service offered through a feature-rich, centralised platform on the cloud that delivers instant visibility during security assessments.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.