Inside the FBI lab that processed Chad Daybell’s devices and other electronic evidence
SALT LAKE CITY — It’s no secret FBI agents have been actively assisting local law enforcement in the Chad and Lori Daybell criminal investigations.
Agents in Idaho and from the Salt Lake City division are involved and a large part of the case is being worked on from the Intermountain West Regional Computer Forensic Laboratory (RCFL).
When investigators seized 43 items from Chad Daybell’s Fremont County home in January, computers, cell phones and other devices were sent to the RCFL where Cheney Eng-Tow is the lab director and a supervisory special agent for the FBI.
“We’re essentially a digital forensic task force,” Eng-Tow tells EastIdahoNews.com. “We’re made up of FBI and state and local officers who are assigned here by their agencies. Our role is to provide digital forensic services to all law enforcement agencies in Utah, Montana and Idaho.”
The Daybell case is still very active, so Eng-Tow can’t speak to it specifically but he was able to explain what the 12 employees in the RCFL do when computers, laptops, phones, drones, vehicles, watches and other electronics come in.
“If there is stuff on there that’s going to help prosecute somebody, we want to find it. If there’s not anything on there, that’s fine as well but at least the case agent knows for sure what’s on there,” Eng-Tow says.
Analyzing computers
When a computer is checked into the RCFL for evidence, a forensic examiner removes the hard drive and images, or duplicates, it on a separate hard drive. The original is put back into the computer and left alone.
“The computer goes back in the evidence room and we now just work on the copy that we made,” Eng-Tow explains. “After you’ve taken an image of the hard drive, you can hash it.”
A hash value is a mathematical algorithm generated from a string of text. Eng-Tow compares it to a “digital fingerprint” where every piece of data is unique.
Some computers have millions of files and terabytes of information, but with the help of software, examiners are able to scour the duplicate hard drive for anything that might be helpful to the case. It can takes hours, weeks or even months to collect the necessary information.
“After we’ve done our examination, we then run a hash value again which should match the original one,” Eng-Tow says. “If (the case) goes to court, we can then say that hash value at the end matched the one at the beginning which matched the original hard drive. Therefore, we can say that any evidence we pulled out of there was on there from the beginning – we didn’t touch or add anything to it.”
Analyzing cell phones
Working on cell phones are a little different. You can’t image, or duplicate, a phone so examiners use software and programs developed by the FBI to conduct their searches.
The challenge can come when the phone has a password or PIN that can’t be cracked.
“Sometimes when you’re trying to break these passwords, you’re trying millions of combinations a second. We’ve had them run for months and not be successful,” Eng-Tow says. “Sometimes we get in, sometimes we don’t. If you let it run long enough, hopefully, you’ll get in.”
Often the case agent assigned to the case might obtain password information from other evidence, like hand-written journals. Eng-Tow says sometimes examiners find passwords for phones stored on computers or vice versa.
If a phone or encrypted computer is particularly difficult to crack, it could be sent to FBI headquarters in Quantico, Virginia where enhanced programs and tools are available.
How the RCFL works
When evidence is brought to the RCFL, it is checked in and a “chain of custody” is generated. That means any time anybody looks at it or checks it out, a record is made.
The forensic examiners will gather information for the case agent and local law enforcement. Any law enforcement agency in Utah, Montana and Idaho can submit digital evidence to the RCFL and the FBI covers the costs. That can be beneficial to small departments that don’t have a trained professional or the budget to analyze electronic evidence.
There are 16 other Regional Computer Forensic Laboratories across the country and they only handle police investigations.
The complete story can be found here: https://www.eastidahonews.com/2020/08/inside-the-fbi-lab-that-processed-daybells-devices-and-other-electronic-evidence/
Видео Inside the FBI lab that processed Chad Daybell’s devices and other electronic evidence канала East Idaho News
Agents in Idaho and from the Salt Lake City division are involved and a large part of the case is being worked on from the Intermountain West Regional Computer Forensic Laboratory (RCFL).
When investigators seized 43 items from Chad Daybell’s Fremont County home in January, computers, cell phones and other devices were sent to the RCFL where Cheney Eng-Tow is the lab director and a supervisory special agent for the FBI.
“We’re essentially a digital forensic task force,” Eng-Tow tells EastIdahoNews.com. “We’re made up of FBI and state and local officers who are assigned here by their agencies. Our role is to provide digital forensic services to all law enforcement agencies in Utah, Montana and Idaho.”
The Daybell case is still very active, so Eng-Tow can’t speak to it specifically but he was able to explain what the 12 employees in the RCFL do when computers, laptops, phones, drones, vehicles, watches and other electronics come in.
“If there is stuff on there that’s going to help prosecute somebody, we want to find it. If there’s not anything on there, that’s fine as well but at least the case agent knows for sure what’s on there,” Eng-Tow says.
Analyzing computers
When a computer is checked into the RCFL for evidence, a forensic examiner removes the hard drive and images, or duplicates, it on a separate hard drive. The original is put back into the computer and left alone.
“The computer goes back in the evidence room and we now just work on the copy that we made,” Eng-Tow explains. “After you’ve taken an image of the hard drive, you can hash it.”
A hash value is a mathematical algorithm generated from a string of text. Eng-Tow compares it to a “digital fingerprint” where every piece of data is unique.
Some computers have millions of files and terabytes of information, but with the help of software, examiners are able to scour the duplicate hard drive for anything that might be helpful to the case. It can takes hours, weeks or even months to collect the necessary information.
“After we’ve done our examination, we then run a hash value again which should match the original one,” Eng-Tow says. “If (the case) goes to court, we can then say that hash value at the end matched the one at the beginning which matched the original hard drive. Therefore, we can say that any evidence we pulled out of there was on there from the beginning – we didn’t touch or add anything to it.”
Analyzing cell phones
Working on cell phones are a little different. You can’t image, or duplicate, a phone so examiners use software and programs developed by the FBI to conduct their searches.
The challenge can come when the phone has a password or PIN that can’t be cracked.
“Sometimes when you’re trying to break these passwords, you’re trying millions of combinations a second. We’ve had them run for months and not be successful,” Eng-Tow says. “Sometimes we get in, sometimes we don’t. If you let it run long enough, hopefully, you’ll get in.”
Often the case agent assigned to the case might obtain password information from other evidence, like hand-written journals. Eng-Tow says sometimes examiners find passwords for phones stored on computers or vice versa.
If a phone or encrypted computer is particularly difficult to crack, it could be sent to FBI headquarters in Quantico, Virginia where enhanced programs and tools are available.
How the RCFL works
When evidence is brought to the RCFL, it is checked in and a “chain of custody” is generated. That means any time anybody looks at it or checks it out, a record is made.
The forensic examiners will gather information for the case agent and local law enforcement. Any law enforcement agency in Utah, Montana and Idaho can submit digital evidence to the RCFL and the FBI covers the costs. That can be beneficial to small departments that don’t have a trained professional or the budget to analyze electronic evidence.
There are 16 other Regional Computer Forensic Laboratories across the country and they only handle police investigations.
The complete story can be found here: https://www.eastidahonews.com/2020/08/inside-the-fbi-lab-that-processed-daybells-devices-and-other-electronic-evidence/
Видео Inside the FBI lab that processed Chad Daybell’s devices and other electronic evidence канала East Idaho News
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Secret Phone Recording of Lori & Chad Daybell
Father desperate to find son who disappeared in Arizona desert nearly a year ago
Lets Examine causes of death in Vallow Daybell case with Dr. Salerno | Profiling Evil
Secret Santa Update: The family who Secret Santa surprised twice
Nate Eaton & Annie Cushing talk about Daybell case on Dr. Oz
Dan Abrams tells East Idaho News if 'Live PD' will return and why true crime is so popular
How Kim Goldman is helping victims 28 years after her brother Ron was murdered
Life on an FBI Cyber Squad: An Insider’s Look into Technical Career Paths at the FBI
L&C Report: Chad Daybell’s Defense Attempts to Dismiss Charges & Change of Venue has been Scheduled
East Idaho News circles Chad Daybell's property in a helicopter: RAW VIDEO
Original Episode: A look back at the Lori Vallow case
Audio recording between Lori Daybell’s sister and Prosecutor Rob Wood
Judge combines trials for Chad and Lori Daybell
I Tried FBI Academy
How this man’s unique vacuum has helped with criminal investigations including the Angie Dodge case
'Huge Bonfires' Seen by Chad Daybell's Neighbor, Grandparents Visit Grave Site | Court TV
Law & Crime NOW with Jesse Weber: Lori Vallow Daybell Case Explodes This Week with New Developments
Who Killed JJ & Tylee? Closer Look at the Crime Scene and Clues Chad Daybell's Backyard | Court TV
Offence and Arrest