FORENSICS CASE STUDYMark Eskridge

Oxygen Forensic® Detective recovers vital evidence for the underage sex case investigation

www.oxygen-forensic.com support@oxygen-forensic.com +1 (877) 9-OXYGEN

As mobile device evidence proliferation within criminal cases rises globally, the private investigation arena is no different. Gathering evidence from a lawfully obtained mobile device in furtherance of an investigation has become an extremely sought after specialty for civil forensic examiners. By using specialized software to collect, process, decode, and analyze the data from a mobile device, particularly iOS and Android based devices, an examiner can paint a picture of the events in question using timelines, social graphs, maps, and more. A picture is always worth a thousand words and with an estimated 5 billion mobile phone users worldwide, there are a lot of pictures to paint!

AboutMark Eskridge is no newcomer to investigations and digital forensics. With over 20 years of experience in law enforcement, and now as a licensed private investigator, he has seen his share of digital forensic cases; many of which have been mobile device examinations. Many cases in the civil world are sensitive in nature, often dealing with custody battles and infidelity. However, Mr. Eskridge also still assists on cases which border on criminal complaints that are not prosecuted by law enforcement. It is often in these cases Eskridge finds a mobile forensic tool, like Oxygen Forensic Detective, to be of great benefit because of the rich feature set and unparalleled support.

Eskridge prescribes to using a multi-tool approach in digital investigation as well as using a tool that strives to stay ahead of the constant flux of operating system versions and device applications. However, due to the prices of many tools in the market, an economic decision must also be weighed. Because private investigative companies often live case to case, a shrewd investigator must have a tool that can handle today’s investigations, but still not break the bank. Having a leading mobile

www.oxygen-forensic.com support@oxygen-forensic.com +1 (877) 9-OXYGEN

About Oxygen Forensic® DetectiveOxygen Forensic® Detective is all-in-one forensic software to extract and analyze data from multiple sources: mobile devices, their backups, media and SIM cards, cloud services and call data records. Leading edge technologies deployed by Oxygen Forensics allow forensic experts to bypass screen lock passcodes, locate passwords to backups, extract data from encrypted applications and recover deleted information. Mobile device and cloud extractions are merged together in a single intuitive GUI with rich analytical capabilities: determine common locations and contacts for several devices, view all events in a chronological order and much more.

forensic tool like Oxygen Forensic Detective, with innovative support for third party applications, deleted data recovery, and support for the most popular mobile devices, it is easy to see why more civil cases are using mobile forensic data.

Data RecoveryIn a recent case Eskridge explained he was involved in the civil aftermath of a sexting / underage sex case investigation that involved a 16-year-old male and a 14-year-old female. With only access to the male’s mobile device it was determined by Eskridge that “the male had deleted the conversations shortly after the circumstances of the relationship had come to the attention of the girl’s parents”. Typically, one would think a deleted message on a mobile device might not be recovered, but using the multiple tool approach he went to work analyzing the data from the Apple iPhone 6 device.

The investigation revealed on one tool that only 4435 outgoing messages were displayed, but using Oxygen Forensic Detective both incoming and outgoing messages were decoded and parsed for a total of 11045 messages! Subsequently, many of the recovered messages were deleted messages; something the other tool had not located, something Eskridge confirmed in the built-in SQLite Viewer within Oxygen Forensic Detective. Not only was Eskridge impressed, but so was his client.

Mark stated

“Needless to say, my attorney client was very impressed with both the recovery of deleted data and the presentation of the «conversation» view in the Oxygen report. I am always impressed by Oxygen Forensic Detective’s ability to recover deleted data from SQLite databases and display the data in a way that is useful to the client. A big thank you to Oxygen for making me look good.”

Oxygen Forensics, Inc

901 N. Pitt St, Suite 170Alexandria, VA 22314

United States+1 (877) 9-OXYGEN