How Computer Data Helped Investigate Quebec Shooter

Uploaded on 2018-06-18 in TECHNOLOGY--Resilience, NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminal proceedings against Quebec City's mosque shooter provided a glimpse into how police use computers to extract information about a suspect, even if that data has been erased.

Alexandre Bissonnette's seized laptop was forced to reveal its secrets through a specialized internet evidence finder software called IEF, created by Canadian company Magnet Forensics, which was founded by former Ontario police officer Jad Saliba.

Bissonnette, 28, pleaded guilty earlier this year to six charges of first-degree murder and six of attempted murder. His sentencing arguments are set to begin Monday.

The demand for such software services is exploding, according to Genevieve Lajeunesse of Crypto.Quebec, an independent media focusing on digital security, information technology and intelligence.

"There isn't a single crime scene today that doesn't have a technological element," she said.

IEF's client list includes the FBI, the Danish and UK governments, as well as police in Lima, Peru and other Western countries.

In Canada, prosecutors in the case of Guy Turcotte used internet search data to show the former cardiologist had looked up methods of painless suicide before killing his two young children.

The information gleaned from computers is vital for mounting the prosecution's case.

In Bissonnette's case, the police looked for evidence that the murders were premeditated, and if they had been committed in the name of an ideology.

Concretely, the software provides access to the contents of zip files, RAM memory, directories, social media chat data, P2P file sharing, web mail, videos on YouTube, photos, the use of USB keys, how the info was shared, and the history of the internet browser - even if it has been deleted.

These digital research tools can save hours of work by sparing police officers the job of having to read everything on Skype, Facebook, or web browsers.

The amount of data can be imposing: in Bissonnette's case, the software detected 31,895 web links, 4,742 Google searches, 3,388 Facebook links and 60,417 images. The tool finds everything, even data that is invisible to the human eye or seemingly irrelevant.

The RCMP investigator tasked with investigating Bissonnette's laptop was able to see not only potentially incriminating videos of executions, but also searches for Halloween costumes or a recipe for vol-au-vent.

The data is also precise: it showed investigators that only an hour and a half before he gunned down six worshippers in a Quebec City mosque, Bissonnette had viewed a video on how to operate the Glock handgun he would use in the slaying.

While they save time, there's a risk that the results of searches can be taken out of context, Lajeunesse said. As an example, what do 20 searches on bombs mean, compared to a thousand for recipes?

"My internet search history looks quite a bit like Alexandre Bissonnette's," she said, noting that part of her job involves researching far-right groups.

Police forces are reluctant to discuss their investigation methods, in order to not divulge their methods to criminals.

RCMP declined to comment on the subject other to confirm it used certain tools by Magnet Forensics.

Quebec provincial police would not say what technology it used to uncover evidence.

Spokesman Hugo Fournier did say the force has a technology support unit comprised of some 40 police officers who, with support from computer scientists, target mainly organized crime.

Police forces aren't the only ones to use the technology.

Hexigent Consulting, a private specialty firm, is hired by lawyers and occasionally police to extract potentially incriminating information from cell phones and computers and pass it on to clients.

Founder Ryan Duquette, a former Ontario police officer, said criminals are increasingly learning new ways to cover their digital footprints, which increasingly makes investigators' jobs harder.

"But not impossible," he said. "We have to get more creative."

Lajeunesse, for her part, believes that it's impossible for someone to truly eliminate all traces of their history.

Most people end up making mistakes, she said, noting that the founder of AlphaBay, one of the world's biggest darknet website AlphaBay, was brought down after sending an email from a personal hotmail address.

"To connect is to commit," she said.

CTV News:

Police Are Mishandling Digital Forensic Evidence:

Canadian Police Uncover Dark Net Gun Market:

« Cryptocurrency Malware Theft Is Worth Millions
Business AI Platform For Commercial Development »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SecuPedia

SecuPedia

SecuPedia is a wiki-type platform that collects and provides the entire knowledge of security and IT security.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.