How Computer Data Helped Investigate Quebec Shooter

The criminal proceedings against Quebec City's mosque shooter provided a glimpse into how police use computers to extract information about a suspect, even if that data has been erased.

Alexandre Bissonnette's seized laptop was forced to reveal its secrets through a specialized internet evidence finder software called IEF, created by Canadian company Magnet Forensics, which was founded by former Ontario police officer Jad Saliba.

Bissonnette, 28, pleaded guilty earlier this year to six charges of first-degree murder and six of attempted murder. His sentencing arguments are set to begin Monday.

The demand for such software services is exploding, according to Genevieve Lajeunesse of Crypto.Quebec, an independent media focusing on digital security, information technology and intelligence.

"There isn't a single crime scene today that doesn't have a technological element," she said.

IEF's client list includes the FBI, the Danish and UK governments, as well as police in Lima, Peru and other Western countries.

In Canada, prosecutors in the case of Guy Turcotte used internet search data to show the former cardiologist had looked up methods of painless suicide before killing his two young children.

The information gleaned from computers is vital for mounting the prosecution's case.

In Bissonnette's case, the police looked for evidence that the murders were premeditated, and if they had been committed in the name of an ideology.

Concretely, the software provides access to the contents of zip files, RAM memory, directories, social media chat data, P2P file sharing, web mail, videos on YouTube, photos, the use of USB keys, how the info was shared, and the history of the internet browser - even if it has been deleted.

These digital research tools can save hours of work by sparing police officers the job of having to read everything on Skype, Facebook, or web browsers.

The amount of data can be imposing: in Bissonnette's case, the software detected 31,895 web links, 4,742 Google searches, 3,388 Facebook links and 60,417 images. The tool finds everything, even data that is invisible to the human eye or seemingly irrelevant.

The RCMP investigator tasked with investigating Bissonnette's laptop was able to see not only potentially incriminating videos of executions, but also searches for Halloween costumes or a recipe for vol-au-vent.

The data is also precise: it showed investigators that only an hour and a half before he gunned down six worshippers in a Quebec City mosque, Bissonnette had viewed a video on how to operate the Glock handgun he would use in the slaying.

While they save time, there's a risk that the results of searches can be taken out of context, Lajeunesse said. As an example, what do 20 searches on bombs mean, compared to a thousand for recipes?

"My internet search history looks quite a bit like Alexandre Bissonnette's," she said, noting that part of her job involves researching far-right groups.

Police forces are reluctant to discuss their investigation methods, in order to not divulge their methods to criminals.

RCMP declined to comment on the subject other to confirm it used certain tools by Magnet Forensics.

Quebec provincial police would not say what technology it used to uncover evidence.

Spokesman Hugo Fournier did say the force has a technology support unit comprised of some 40 police officers who, with support from computer scientists, target mainly organized crime.

Police forces aren't the only ones to use the technology.

Hexigent Consulting, a private specialty firm, is hired by lawyers and occasionally police to extract potentially incriminating information from cell phones and computers and pass it on to clients.

Founder Ryan Duquette, a former Ontario police officer, said criminals are increasingly learning new ways to cover their digital footprints, which increasingly makes investigators' jobs harder.

"But not impossible," he said. "We have to get more creative."

Lajeunesse, for her part, believes that it's impossible for someone to truly eliminate all traces of their history.

Most people end up making mistakes, she said, noting that the founder of AlphaBay, one of the world's biggest darknet website AlphaBay, was brought down after sending an email from a personal hotmail address.

"To connect is to commit," she said.

CTV News:

Police Are Mishandling Digital Forensic Evidence:

Canadian Police Uncover Dark Net Gun Market:

« Cryptocurrency Malware Theft Is Worth Millions
Business AI Platform For Commercial Development »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

National Cybersecurity Society (NCSS)

National Cybersecurity Society (NCSS)

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Blackrock Cyber

Blackrock Cyber

Blackrock Cyber consults on critical security decisions, oversees compliance for your payment initiatives, and details cyber security training for your entire organization and board reporting.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.