Analysis Of Craigslist Killer In Terms Of Digital Forensic

Digital forensic techniques are advancing gradually over the time due to development of technology. Digital forensic helps achieve evidences through the computer systems to provide evidences at the court. There are techniques including IP address tracking, email address tracking, image back-up, packet sniffing and decryption used to solve complex criminal cases. Government agencies such as FBI, Federal Trade Commissions, IRS, etc. use digital forensic techniques involving computers to persecute criminal activities most of the time. The development of social media and applications make it easier to obtain personal information in few seconds nowadays which contributes to transparency and integrity in the society. “Social media content should be included in litigation-hold notices instructing the preservation of all relevant evidence” (DiBianca, 2014). The introduction of Google has changed the whole digital forensic world because it provides a sufficient information almost for anything on the web that is one click away from everyone. The analysis of “Craigslist Killer” is a good example of how a crime can be solved by using social media resources. I will discuss about the “Craigslist Killer” further in the next paragraphs. It is very important to stay up to date with newer technologies to utilize in forensic investigations. “Digital evidence has a wider scope, can be more personally sensitive, is mobile, and requires different training and tools compared with physical evidence” (Goodison, 2015).

Digital evidence allows investigators to collect and analyze information timely and much faster. Digital forensic examiner must use digital forensic techniques to conduct and prepare findings to present in a court. It is important to process digital forensic examination by certain regulations to minimize errors. One of the techniques that was used in “Craigslist Killer”, was email activity reconstruction. This technique used to retrieve any data from an attacker’s email address by using FTK. “One can perform keyword searches, on all the emails to identify relevant emails to investigate. After one has viewed all the emails examiners can create an email report with FTK” (Mabuto, 2011). Digital forensic examination of cell phones are widely used to track down the activities of the criminals. “Mobile device forensics is a subset of the broader category of digital forensics which is, itself, just one of the forensic sciences” (Kessler, 2015). In the case of “Hackerville of Romania”, stolen bank account numbers and money wire numbers were all tracked down by the scammers’ cell phone texts. New technology cell phones such as iPhone, iPad and Android made forensic examination efficient and easy to track down data. These cell phones have location service, GPS and data storage functions which makes it easier to catch criminals. Smartphones are source of information about any person and someone who has connections to that person. Forensic investigators are mostly interested in call logs, contacts, messages, photos, videos, internet history, location data, social media accounts and deleted files. Apple phones use IOS systems while Android phones use Linux-based operating systems.

Android system gives terminal level access while Apple IOS does not give that option to its users. In the case of “Craigslist Killer”, Boston Police used digital forensic techniques to catch the killer, Philip Markoff. Boston Police immediately started looking at his social media accounts to trace any footprints that he made over the period of time. They also started contacting Microsoft to process court orders and search warrants to get Microsoft to disclose IP address of his email account, which was used in the Craigslist ad by Philip Markoff. Apparently, he made all of his contacts with victims based on this email address. The content of every email address is stored by the provider for extensive period of time and can be accessed when there is a search warrant or court order. On Craigslist website, evidence of time and date of entry done by the IP address of his email can be found easily and the responses he made on the same page can be tracked down as well. The Boston Police also started looking at his conversations with the victims on Craigslist ads to solve the crime.

The Police got important information from the AMDPM@Live. com, his email account, that he created this email account couple of days before the incident took place. Now, the police started looking at if he was the one who sent the emails to the victims. Internet service provider provided the name and address of the person of interest by interpreting the IP address. The IP address helped the police find the physical address of the suspect but the address turned out to be an apartment which had multiple flats to search for. The router has multiple users within hundred feet of his physical address. The Blackberry phone he used also helped police to track him down by using his data trail. The police found cell phone records linking Markoff’s cell phone to his victims, Brisman and Leffler. The Blackberry phone he used was helpful to tie three incidents’ location to Markoff’s phone.

The Blackberry phones enable to track down data trail of the user by creating a digital forensic evidence. The police searched the hotel that the killing of Julissa Brisman took place. First, they started searching the hotel’s surveillance tapes to see who appeared before and after the killing. The surveillance tapes showed that after the killing, a tall, blond, white male is walking away from the elevators while texting on his Blackberry. It was matching the description of an attacker from the Leffler holdup. The police suspected that three crimes similar in many ways, committed by the same person. There were three robberies against the three ladies committed in the Boston hotels including the killing of Julissa Brisman. The Blackberry phone left an evidence of his location at the time of the three incidents. After the email evidence, surveillance tapes, and cell phone activity, the police arrested Markoff as the suspect of killing and robbery. After his arrest, they searched his apartment to find evidences of the killing and robbery. They found plastic ties and a gun that was used in crimes and quantities of bullets later found on Brisman’s body. There were also Trac phones and a laptop which later identified to send responses to Brisman’s Craigslist ad. Later, the police gathered more forensic evidences of the alleged crime by Markoff. His fingerprints were on the purchasing document for the gun he used in shooting of Brisman. His fingerprints were also found on the duct tape he used on Leffler’s mouth as well as in one of the hotel room.

The Boston Police used both old-fashioned and digital forensic evidences to solve the crime. The case of “Craigslist Killer" caused Craigslist to tighten its rules to post an ad to the website. It also started using “content-filter software” to catch violations of posting on Craigslist website at the initial stage to protect its users. Craigslist C. E. O Jim Buckmaster stated that Craigslist reviews content of ads including pictures, information, etc. by manual human reviewer. In the case of “Hackerville of Romania”, residents of the town in Romania were involved with online hacking. Most of the town residents were involved in e-commerce scams and malware attacks on businesses. These schemes brought millions of dollars into the city of Ramnicu Valcea. The city developed due to the huge amount of cash brought. There are many luxurious car stores along with BMW, Audi, and Mercedes in Ramnicu Valcea. When scams became successful, the city was fueled with new apartment developments, bars, restaurants and nightclubs.

The scammers posts fake ads on EBay and get their customer’s money by wire transfers without sending the actual product that they buy. After that an arrow goes ahead to wire the money and send it to someone on top of the organization after the commission. FBI agents in the USA and Bucharest started to get suspicious due to the money and wealth poured into the town and started an investigation. In early days of the crime, one guy posted ads of cell phones and picked the wire money while not sending the actual product, the other criminals made hundreds of dollars by creating fake escrow. “While the online scammers of Hackerville did their damage to individuals across the world, the real problems are caused by the blackhat hackers that call the city home” (Tucker, 2015). In the case of 2008, for the first time, it was clear how the fraud network works in Ramnicu Valcea. A local person, Chita, started an organizational criminal activities by hiring arrows in different countries to wire the money back to him after the scams. He started buying brand new cars and going into the clubs every night with no legitimate income. He also launched an internet provider company called NetOne to shelter his illegitimate activities. When the cops started an investigation on him by asking about his customers, he told them that he didn’t keep any records of them. The local police got two men’s numbers that are working for Chita. Next day, the local police got record of their phones and found a text to Chita with money transfer numbers-unique numeric required to pick cash.

The police investigated “the money circuit route” to find out how the funds flowed from victims in the US to Romania. Digital forensic enabled the police to check the money transfer numbers to follow trail of the money. Chits also involved in spear phishing-sending email to US companies from the IRS to attack them with Trojan viruses to obtain companies’ bank account numbers and passwords. The FBI got suspicious and started investigating email accounts where IRS emails are coming from. They hired people in Las Vegas to collect the money. The same month, in the US, the police stopped the car in Ohio and noticed drug residue in the car which led to arrest of two men. The detailed search in the car turned up eight cell phones, fake ID’s, two computers, two dozen money transfer receipts and $63,000 in cash. Later, two men confessed that they were working for Chita as arrows. They typically spent most of winter in the Midwest by picking up money from the Western Union and MoneyGram. The police investigated the bank transactions and documents to catch the fraud. Later, Chita and his ring got caught and served 14 months in jail. Nowadays frauds can easily be caught by digital forensic evidence.