Australian Police: XAMN Helped Solve Armed Robbery

By: Jeremy Byers, a police investigator in Australia

This post was originally written and published on the MSAB blog

I have been employed as a member of the Australian Federal Police and the South Australian Police since 2008. Most of my law enforcement experience has been investigating serious and organized crime. I am presently undertaking a Graduate Diploma in cybersecurity under the supervision of Dr Matthew Sorell Senior Lecturer at University of Adelaide.

Investigations within this field of policing increasingly rely upon interpreting large volumes of telecommunications data commonly derived from service providers as well as data extracted from mobile telephones.

By way of example: a recent investigation, relied heavily upon the network and mobile phone data. It was an armed robbery, where one victim had been shot during a violent home invasion. Compounding the difficulties involved in the investigation was a lack of victim/witness co-operation due to associations with outlaw motorcycle gangs. The use of data from seized devices became paramount in proving the offence had occurred, identifying other suspects and proving their involvement.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Initially, I provided a supporting role assisting in searching properties, exhibit collection and corroborating interviews. I obtained good understanding of the circumstances of the offending and had a high level of understanding of the criminality of the suspects based on having had previous interactions with many of them. Just as importantly, through my policing experience I had an innate understanding of how organized crime and criminal gangs operate, and how they go about their day to day business.

This investigation had been running for almost two years when I was asked to review all mobile telephone evidence and network records. Clearly, this was a complex and time-consuming task. After identifying the extractions and records I had only six weeks to prepare the digital and network evidence for trial.

During that time, I identified key evidence, including direct and indirect contact between the accused, victims and witnesses prior to the offence. The main concern was managing the large volume of data and the tedious task of ensuring its accuracy so that it could be relied upon in evidence. Investigators are increasingly required to specialize in various aspects of cases. Most recently this is the ability to understand and interpret complex communications systems data. Critical to this function is the use of a suitable tool for digital data.

XAMN was key to make it easier to search locations

The use of the XAMN interface helped me fast track my investigation, making the task infinitely more manageable. I was able to quickly cross-correlate data from multiple data sets, find important data using key word searches, use filtering to find images taken on or around the offence date by mobile phones used by suspects and other relevant associates as well as identify other persons of interest. The XAMN interface made it easy to find a google maps location search and lessened the need for external data specialists to be brought into an investigation, thus saving money and time.

The presentation of mobile telephone data was key to the successful prosecution of this case and resulted in the conviction of the suspect. This is one of many investigations I have been involved in that has significantly relied upon the use of digital evidence to assist in convicting a suspect.

In August 2019, I was fortunate to be provided a license to use MSAB’s new version of XAMN with upgrades to Spotlight, Horizon and Elements, all of which are tools investigators can use to find key evidence, interpret the data, and save time throughout the process. My main interest focused on the use of Horizon. One of the tools in Horizon is designed to assist investigators with a feature which can map geographical coordinates instantly. I tested the software using datasets and found all to be highly accurate regarding geo locations and of considerable investigative value.

In the past, investigators have found it challenging to review large telephone data sets. Historically this would have been completed by an analyst and / or extracting officer. However, with the complexity of most criminal cases this is something over which an investigator now needs total control as they are invested in the job from the start to the finish. They have the detailed knowledge of the case and ultimately find key pieces of evidence, no matter how small or seemingly irrelevant, improvements to the way in which data may be found and displayed is vital. Development of products into the future needs to bear this fact in mind and will require regular updates from the software provider.

For more information visit our website: https://www.msab.com.


About the author:

Jeremy Byers is a police investigator in Australia and is recognized within law enforcement for his expertise on forensic interpretation of telecommunication network records, mobile phone data sets and his understanding of the criminal behavior. He is able to give an expert opinion of the data to investigators and court. Jeremy trains other police investigators on the use of network records and mobile devices in offences.

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 8 hours ago

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...