Darren Hayes visits state-of-the-art forensics lab and police cyber crime center in Northern Ireland

In October 2016, our very own Dr. Darren Hayes was invited to visit two different forensics laboratories in Northern Ireland. Anthony Harbinson, Director of Safer Communities for the Northern Ireland Department of Justice and Former President of the ACCA, was kind enough to organize this fascinating, educational experience for Hayes. The visit included a tour of the new, state-of-the-art lab of Forensic Science Northern Ireland (FSNI), an Agency of the Department of Justice, based at Seapark, Carrickfergus, as well as a visit to the highly impressive Cyber Crime Center of the Police Service of Northern Ireland (PSNI).

Stan Brown, Executive Director, Forensic Science Northern Ireland (FSNI), and his outstanding team, provided Hayes with tremendous insight into some of the cutting-edge forensic analysis techniques implemented by FSNI. Hayes remarked, “Forensic Science Northern Ireland and the Department of Justice, with their significant financial investment, have not only signaled their intent to provide the people of Northern Ireland with a laboratory that they can feel proud of but they have also successfully raised the standard for other laboratories worldwide. Other agencies will certainly strive to emulate their extraordinary success. The lab operates with the utmost integrity, guided by strict protocols. FSNI have not only integrated the latest technology into their labs but have also considered the impact on the community and its employees, which is admirable. It was refreshing to see that employee input was critical to the development of a new lab to provide a safe, efficient and comfortable environment within which to operate. This level of planning rarely occurs elsewhere. Moreover, the new forensics lab was built to the highest European standards of sustainability to ensure that the facility was environmentally safe and responsible. Their accomplishments are inspiring”.

Another highlight of Dr. Hayes’ trip was a visit to PSNI’s Cyber Crime Center. Detective Constable Ian McClurg and his colleagues were kind enough to explain to Hayes some of the current cyber crimes that they investigate to ultimately ensure the safety of the Northern Ireland community. In a digital, inter-connected world, cyber crime has no borders. Hayes noted that the “PSNI has invested considerably and wisely in the latest technologies and employ some of the most technically-advanced investigators in the world. The personnel that I met possess the expertise that would be sought after by any organization worldwide. Their unwavering dedication to protecting the local community is highly commendable.”

Dr. Hayes said that “the warm hospitality of the people in Northern Ireland is world-renowned but this visit far surpassed my expectations and I greatly appreciate the time and consideration afforded by Mr. Harbinson and his colleagues.”​

JTAG’d by the Law: Phones and Forensics

No phone’s secret is safe from the forensic skills of Seidenberg’s James Ossipov and Dr. Darren Hayes. At first glance, it appears that James is ironing a piece of paper, but what is under the paper is what is helping law enforcement retrieve photos, texts, and various information from most phones—even if it’s deleted.

Dr. Darren Hayes, professor at Seidenberg, and James Ossipov have been working together with a method of evidence extraction called JTAG, which in time could revolutionize the way law enforcement agencies use computer forensics.

James Ossipov

Hayes mentions that, “James is actually working on a project where we are trying to automate something called JTAG. JTAG is accessing user data on a phone when you can’t use traditional methods for extracting evidence from a phone. So, we extract evidence directly from the printed circuit board using JTAG. Sometimes a phone may have encryption, so you need JTAG for that. Sometimes the phone is damaged, for instance, someone may have dropped it in water, and therefore JTAG is your only method to get the phone’s data. JTAG is the only option for examining Windows smartphones.”

JTAG sounds like an amazing innovation to restore information from a phone, even if it is damaged. However, this method is not for everyday use yet — it is primarily used in investigations to retrieve evidence.

CircuitBoard
A circuit board after solution, before it is cleaned with acetone.

“This method is generally only used by law enforcement. Many law enforcement agencies don’t have the capabilities to perform JTAG, so they have to bring in outside experts. What we are trying to do is make it easier for law enforcement by automating the process so more law enforcement agencies can actually use this method of extracting evidence.”

Unfortunately for law enforcement, this method of extracting data cannot be used on an iPhone.

“iPhones are very tricky. They have very good security and are well locked down,” says Hayes. “You can’t perform chip off, meaning you cannot take a memory chip from an iPhone and put it into another phone because all of the firmware, the system software, is mapped to the memory chip. So, if you try to move it to another phone, you won’t be able to access it. But LG phones and Samsung’s are the easiest phones for this process.”

Using the board to look at a phone's NAND
Using the board to look at a phone’s NAND

Computer forensics is advancing every day and Seidenberg is proud to be at the forefront of it all. If you are interested in learning about computer forensic, Dr. Darren Hayes is currently teaching a Cyber Law Class (CIT 363). If you’re not registered for that class, don’t worry—in the fall he is offering a Mobile Forensics course where he will teach how to extract evidence from mobile devices and obtain evidence from third-parties such as Facebook.

Also worth mentioning is that James also worked on JTAG last semester with two other veterans (David Cano – Navy & Gordon Wildrick III – Marines), and he himself is a veteran of the Army. We’re proud to support our forces and we’re more proud of the work they’ve accomplished with Seidenberg.

Skip to toolbar