Category: Uncategorized


Introducing Amber

By Rogue Heart,

Meet Amber

Client Relations Manager, Musical Mom, and Advocate

Introducing Amber

“Every case has its own story, its own world.” – Amber Roy

Twenty years ago, Amber Roy and Josiah Roloff shared the same workplace and similar interests in digital forensics. Their professional paths diverged, eventually meeting again when Amber joined Roloff Digital Forensics (RDF) in January 2021. Having a trifold love for relations, technology, and servant leadership, Amber saw an opportunity to be creative at RDF.

Co-parented by a team (yes, it takes a team), Amber is the daughter of a Relationship Manager, a Businessman, a Shriner, and a Nurse. Servant leadership and finding creative ways to give back to her community run in the family. Her eldest daughter is in Nursing school, her youngest daughter is a Specialist in the US Army, and her son is focused on graduating high school and becoming an animator.

On working at RDF, “Every single person here is solution-minded. Their approaches are going to be completely different with unique perspectives. I work with people who genuinely enjoy one another. It’s impossible to not be creative in an environment that promotes that kind of growth and culture.”

 

A Few of Her Favorites

Amber wears many hats as the RDF Client Relations Manager, Scrum Master, Evidence Custodian and Continuous Improvement Manager.

My role at Roloff Digital Forensics combines my favorite things about working with people – always with the focus of being factual to those that we serve! I am honored to bring people together, assist with logistics, and I love looking for ways to grow our relationships and improve our processes.

RDF’s services and expertise span the expanse of technology from the Consumer Internet of Things (CIoT) to consulting on prosecution or defense in criminal cases or military-related cases.

“We’re creating a path, a footprint everywhere we go. And sometimes folks need help preserving that information. Sometimes they need our examiners to analyze the information and document what they find. Our focus is to be factual to those that we serve.”

 

What is digital evidence? 

Amber and her colleagues help clients understand digital evidence through intentional processes, including but not limited to: 

  • Photo/video/audio enhancements
  • Electronic document and/or file authentication
  • Recovering deleted electronic files
  • Discovery review and analysis
  • Identification and preservation of electronic data sources
  • Recovery and analysis of location data

“We work with people. We want to make forensics understandable to the people that need our help, and we are vigilant to remember that we are helping real people, not just working through a problem, or analyzing data. Our relationships are at the heart of what we do.”

 

No day is Groundhog’s Day

“Digital forensics is a fascinating world. Not a single day is a repeat. On any given day, I learn at least five new things about my team, or technology, or processes, or myself, or our world.”

Wall art that says "Be a voice, not an echo"

An ideal coworker is not a copy

“Diversity is hugely important here, especially with our size. The team at RDF is intelligent, transparent, and courageous. That’s important to me and aligns with my love of Agile frameworks and Scrum methodologies. We continue to grow together. This has a positive impact with us personally as well as professionally. It shapes us, our individual culture, and how we interact with each other and our clients.”

Passing down, giving back

Amber is involved in the community and finds opportunities to participate locally with her family. Her parents are active members of local car clubs and charitable organizations. These relationships help create opportunities to raise funds that benefit the community and young adults.

In her spare time, Amber reads medieval lit and poetry, is continuing her education, and plays music with her family. As a video game lover, she found herself enjoying the popular massively multiplayer online role-playing game World of Warcraft and enjoys an occasional console game or two with her son and daughters.

Want to jam with Amber? Apply to join our team! 

https://bit.ly/37xlayP

 

 

Meet Josh

By Rogue Heart,

Joosh Michel smiling in professional attire

Meet Josh

Senior Forensic Examiner with 8+ years in the field, Photographer, and Dad

Growing up playing video games, old game consoles, and building his first computer, Josh has always had a fascination with technology and the digital forensics field. The industry is ever-evolving, fast-paced, and RDF is on the cutting edge of what’s possible in evidence and legal technology.

“Not only is technology a kind of living, breathing entity,” says Josh. “You could be part of a case that creates new laws.”

To keep up with big tech, Josh and other examiners at RDF frequently attend trainings and update certifications (such as Cellebrite) and document learnings from conferences and programs. Roloff Digital Forensics’s examiners juggle research to keep up and adapt to changes in technology, testing of the evidence, and production, where someone goes to present the evidence.

“Part of forensics is you test your theory and the theory should be repeatable and verifiable. That’s what makes the evidence solid. Otherwise it’s an opinion.”

A father, artist, and Indigenous rights advocate, Josh is more than an examiner. He’s a truth seeker.

And truth reveals itself through art, continuous learning, and curiosity.

“It kind of drives us to find information,” says Josh, “to prove or disprove what might be presented as the truth. Then to keep an open eye or keep an open mind about it and try to show it and tell [clients] the best way, that I think, is representative of the truth.”

An enrolled member of the Confederated Salish and Kootenai Tribes of the Flathead Reservation in northwest Montana, Josh reaches out to various Native government agencies in his downtime. His interest lies in Native American industries, legal systems, and people. He also offers his services to help locate missing individuals.

“It’s an epidemic that I think most people don’t know about. Indigenous communities have a very high rate of going missing, especially young women.

But that’s the first thing I think of…taking the skills and the talent that I have and making a difference. Especially with young people. I think that’s what’s closest to my heart.”

Offline and unplugged, Josh and his family go for bike rides, runs, or to the park. The family squeezes in screen time, too, when they play video games together.

Chest-down photo of three people using cellphones

Stay on your toes: Digital forensics is an ever-changing playbook

“One of the most exciting parts about this job is just being a part of that creative aspect of the law, the creative aspect of understanding what’s possible with technology and evidence.”

Josh changes lenses as an examiner and a photographer.

“I love art in general. And you wouldn’t think that digital forensics would be an art, but the art form comes in the person that presents it to the person that collects it. The person that analyzes it, and then ultimately tells you about it. Which is kind of like an artist. An artist collects data. Whether it’s a picture, a moving image, they collect the information to show you or tell you something.”

Interested in working with teammates like Josh? Apply today to become the next Roloff Digital Forensics Examiner.

https://bit.ly/37xlayP

Smile, You’re on Camera: A Lawyers Guide to DVR Forensics

By Alissa Roloff,

Smile, You’re on Camera: A Lawyer’s Guide to DVR Forensics

THE WORLD IS WATCHING

 

Big brother is everywhere these days. You can’t stop for a coffee on your daily commute without encountering a camera on every block. The average American is caught on camera over 50 times per day. This is alarming to some, but it could be the key to making or breaking your case.

The odds are good that relevant individuals were caught on surveillance footage during or around the events in question. Frequently, this information is overlooked or completely missed and it’s up to you and your team to identify, obtain/preserve, navigate, and ultimately determine how to best present this crucial footage.

Image of a surveillance camera capturing a van driving past

RESEARCH

Time is of the essence when it comes to DVR Forensics. Typically, DVR systems hold 30, 60 or 90 days worth of video and in many instances, much less. After that window, the hard drive begins to overwrite/delete potential evidence. The faster you can identify and obtain the data, the more likely you will be to recover the footage you need.

Start with the basics: 

  • Map out the location of the alleged incident
  • Create a list of potential footage sources 
  • And take the proper legal steps to get the footage itself. 

You need to get this raw data from its original format into a product that is easily digestible. This is where thorough organization is key to success. At times, you may be dealing with 3-5 different DVRs, all using different file systems, with 8-10 cameras per system.

Once you can obtain the video or DVR systems you are after, the real work begins.

 

Close up shot of DVR system

UNDERSTANDING DVR SYSTEMS

Most DVR systems are proprietary and built overseas. Which makes them challenging to find more support for than is supplied with the original user manual. There is a large variety of file structures, storage capacity and capabilities, playback options, features, etc. being used with each manufacturer. To make things even more confusing, often we find ourselves dealing with multiple DVRs from several manufacturers that are using a variety of different file structures and features (motion, steam, etc.).

ORGANIZE

Upon initial review of all available footage, we recommend making yourself a “KEY” or “SUMMARY” to help you conceptualize the big picture. By organizing using your set naming conventions, file structure, angles and associations, you can more quickly and efficiently review hours of footage.

Carry this organizational structure through to your export keeping in mind what option is going to be most efficient for playback and presentation.

DOCUMENT

For the purpose of a smooth testimony, it is always best practice to document every step taken throughout this process. Make it easy on yourself to accurately speak to the actions you took to forensically preserve, acquire, image, review and export all the data presented. The amount of detail you document is up to you, but at a minimum, we recommend documenting the programs used to acquire, image, export and review the DVR footage.

WE HAVE YOUR BACK

DVR Forensics can be a massive time constraint on your case. As your client’s expert counsel, you must be dynamic and strategic with your time management. We have an experienced team of Digital Forensic Examiners with extensive backgrounds ready to tackle your DVR forensic needs. Whether it’s just an initial review, consultation of options, exporting for compatibility, or a full-on acquisition to testimony need, Roloff Digital Forensics has you covered.

Contact us for help with your case.

Current and Future Challenges for the Digital Forensics’ Community

By Alissa Roloff,

Current and Future Challenges for the Digital Forensics’ Community

The digital forensic community has been around for decades (remember when it was simply called ‘Computer Forensics’?). Unlike many tech fields where processes can become simpler and more streamlined, Mobile tech and cloud storage has brought on more complicated and cumulative obstacles.

From the sheer number of devices a person or household maintains, to the total volume of data now stored on cell phones, cloud locations, and network attached storage devices, quantity has become a major hurdle. Digital forensics examiners must be taught how to examine digital devices with such large volumes with efficiency and an ability to meet client needs under short deadlines.

Another challenge: the products we use advance. For example, Apple Inc. has made strides to the manner in which they store and protect data on their devices which can impede the digital forensic team’s ability to properly extract and analyze crucial data.

As many are aware, Apple Inc. has a process called “Continuity” which, among many things, allows a user to answer FaceTime, text messages and phone calls with any of their connected devices. A person with this capability can move from device to device to do things. Which can bring up a frequently seen question: Which device first received the message and what person in the household was responsible for the response?

Over the last few years, Apple Inc. has been migrating their computer file system from Mac OS Extended also known as HFS+ (Hierarchical File System) to APFS (Apple File System) and even prior to this, introduced Fusion Drives on some of their computers. Simply put: a spinning hard disk drive and a solid-state drive work in tandem as one drive, transparent to the user. To make things even more complicated, Apple produced FileVault full disk encryption to assist users in protecting their data.

If an examiner doesn’t understand the system they are attempting to extract data from, including what type of file system is in use, if there is a Fusion Drive installed, and if the disk(s) are encrypted with FileVault, usable data will not be properly acquired.

Which means potential evidence can be lost or simply missed.

These types of changes and advancements have and will continue to have a significant impact on digital forensic software and hardware designers, methodology employed, and ultimately, digital forensics teams.

Which brings us to how examiners can handle these changes when attempting to best handle devices, data, and deadlines: Proper training. Though not always a requirement, many Clients seek out examiners holding specific certifications related to the type of data being analyzed. This can assist when testimony is being introduced or for additional weight to be given for an opinion that is provided by way of written report. Many of the major forensic software tool manufacturers have their own certification processes which can be time intensive and costly to maintain, but a well-certified examiner can be invaluable when opinions are necessary.

At Roloff Digital Forensics, we overcome both old and new challenges with proper training, team collaboration, and the necessary tools for forensic acquisitions, extractions and analysis. See our staff page to learn more about our personnel’s current certifications.

Location Data: The Story Our Devices Communicate

By Josiah Roloff,

Location Data: The Story Our Devices Communicate

The notion that our digital devices communicate our location is concerning for many people, and understandably so. The truth is, our day to day activities are monitored closer than ever before. Location-based data provides detailed insights into a person’s life, habits and interests. Imagine your location is logged every time you pick up your phone to check an  email, tweet, “check-in” to a location on Facebook, snap a photo for Instagram, purchase from Amazon, request a ride from Uber, or look up the nearest coffee shop – the list goes on. This isn’t hypothetical, these actions can immediately log your location, often to multiple places by multiple sources for the purpose of understanding and influencing your digital behavior.

At Roloff Digital Forensics, we target and utilize this data to assist attorneys in the representation of their client. We might demonstrate or debunk a location-based alibi by verifying the specific geographical location artifacts while factoring in the places they come from and the overlap of additional technologies such as the surrounding cellular towers or terrain, that can add uncertainty (or the opposite) to the accuracy of the available data.

Depending on a person’s digital footprint, location-based data can be voluminous and stems from many places:

  • Personal digital devices: phones, tablets, computers, etc.
    • Images and videos you create, installed applications, wireless access points, global positioning system (GPS), wireless and cellular networks, etc.
  • The service providers electronic devices interact with: AT&T, T-Mobile, Verizon, Comcast, etc.
    • Call/text records (CDRs) with accompanying site location, historical precision location data/nelos reports, etc.
  • The applications and services utilized on the device: Facebook, Kik, Google applications, Apple applications, third-party applications of many varieties and sorts that you’ve installed and given permission to access your “location data”, etc.
    • Much of this information isn’t easily visible to the user. But it can be found by forensically analyzing the digital devices, issuing subpoenas, court orders, reviewing locations/applications on digital devices, and with certain service providers; by accessing your account and locating the data that has been logged about your locations.

Location-based data can seem daunting and intrusive, but if found, collected, and analyzed correctly, it could contain the missing piece in your litigation.