BlackBag® Technologies’ premiere digital forensic software, BlackLight® helped put a man, convicted of possessing 450 child pornography images, behind bars. Marcel Cole Beuker, whose trial was held in March of this year, claimed the images found on a hard drive connected to his iMac, were not his. It took three long years for the Saskatchewan Internet Child Exploitation (ICE) unit to bring him to justice, but their diligent work secured a conviction. Beuker received an 18-month sentence, plus 4 months for disobeying release conditions.
During the trial, BlackLight®’s .fseventsd feature was featured prominently. The ICE unit had their work cut out for them, as Beuker was an experienced programmer and very tech savvy. Using tools, including BlackLight®, they were able to show almost all of the communication originated from the accused’s system, and no other devices.Once they were able to capture and analyze this evidence, the next hurdle was explaining it to the judge. A Sergeant in the ICE unit stated “what really did it for me was BlackLight allowed me to do in 2 days what it regularly took me 2 months to do back in 2013-15 with [other digital forensic software]. Not only did it help me interpret what I was looking at; it also created the report for me in an interface that a … judge could understand.” The judge agreed that Beuker was solely responsible.
Judge Scherman from the Queen’s Bench provided a well written decision listing BlackLight® as the digital forensics tool to prove guilt in multiple instances. One tactic was to demonstrate Beuker renamed child pornography files. As stated in Judge Sherman’s decision, “the Blacklight analysis showed that files within Danger Zone (Danger Zone is a DMG) were being manipulated in various ways including changing names.”
Even more damning evidence was the ICE unit’s ability to prove Beuker’s knowledge of the files in question. Beuker had installed programs to delete items from his hard drive, as well as ones to provide notifications upon download. Both he admitted would only execute by user permission. According to court statement, “he knew these programs kept logs, and he knew how to delete their logs and such logs were largely deleted (except for background logs ultimately revealed by a forensic program called Blacklight).”
A more detailed explanation was written in paragraph 35, of Judge Sherman’s written decision. “In addition, metadata was acquired from PE9 using a forensic program called Blacklight.” Using com.apple.quarantine, BlackLight® was able to prove specific file(s) in question were downloaded and quarantined, then their existence was acknowledged by the user before the download completed.
The Saskatoon Police Service did a remarkable job in bringing down a child pornography criminal, and BlackBag® is thankful to be one of the tools in their arsenal. Our mission is to reveal the truth in data in order to create a safer world.
About the Company
BlackBag® Technologies is a developer of innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. The company’s flagship product, BlackLight, has been adopted worldwide by many digital forensics examiners as a primary analysis tool. Mobilyze, BlackBag®’s groundbreaking mobile device triage tool, empowers virtually all law enforcement personnel, with or without specialized experience, to capably triage and report on data from smartphones.
To learn more about BlackBag®’s software and training, please contact us at 855-844-8890, or visit us at blackbagtech.com.