!"#$ &'()*+#$&)' &, &' -).* /&0&$#1 !"#$%&!

ulglLal plcLures and vldeo have Lransformed our llves. l have so many plcLures and vldeos of my
klds LhaL by Lhe Llme Lhey are ln college, l'll have 1erabyLes of daLa. lL ls so easy Lhese days Lo
capLure anyLhlng wlLh a dlglLal lmage. 1here ls no need Lo worry abouL havlng fllm developed,
or belng careful Lo only Lake good plcLures slnce you only have a llmlLed amounL of plcLures lefL
on Lhe roll ln your camera. now, we're only llmlLed by Lhe amounL of sLorage space our dlglLal
devlces have. As an example, Lhe MlcroSu card ln mosL of our smarLphones can conLaln over
18,000 plcLures.



MlcroSu cards now have a capaclLy of up Lo 64 C8

CfLen, dlglLal lmages are lnvolved ln crlmlnal lnvesLlgaLlons. lmaglne Lhe Lreasure-Lrove of
lnformaLlon LhaL can be obLalned from a cell phone, LableL, or dlglLal camera when lL ls selzed
from a suspecL. ln my experlence, Lhose lnvolved ln crlmlnal acLlvlLy [usL can'L help Lhemselves
when lL comes Lo documenLlng Lhelr crlmlnal acLlvlLy ln plcLures or vldeo. ln llLerally hundreds
of cases, l found suspecLs Laklng plcLures of Lhemselves uslng drugs, vandallzlng properLy,
commlLLlng arson, abuslng chlldren, and ln some cases, even murder.

Whlle havlng plcLure or vldeo evldence of a suspecL acLually commlLLlng a crlme ls Lhe Lype of
evldence LhaL makes a prosecuLor exclLed abouL a case, Lhe dlglLal lmage ls [usL Lhe beglnnlng of
Lhe sLory. lmaglne lf we could Lell whaL camera was used Lo Lake a cerLaln plcLure LhaL was
found on Lhe lnLerneL, or could llnk an lmage found on a suspecL's compuLer wlLh Lhelr personal
phone or dlglLal camera found aL Lhelr home? 1hls ls all posslble Lhanks Lo someLhlng called
meLadaLa.

MeLadaLa ls slmply exLra lnformaLlon abouL a flle, or some people refer Lo lL as daLa abouL
daLa". ?ou are probably famlllar wlLh meLadaLa buL maybe noL wlLh Lhe Lerm lLself. Pave you
ever rlghL-cllcked on a compuLer flle and seen Lhe properLles? uaLes, Llmes, who was Lhe
auLhor, when Lhe flle was lasL prlnLed, eLc., are all examples of meLadaLa. lor dlglLal plcLures
and vldeos Lhere ls a speclflc klnd of meLadaLa LhaL exlsLs known as Lxll (Lxchangeable lmage
llle lormaL) daLa. Lxll daLa ls lnformaLlon embedded ln Lhe lmage or vldeo LhaL can conLaln all
or some of Lhe lnformaLlon below (whaL ls acLually ln Lhe lmage depends on Lhe camera
manufacLurer):

Make of Lhe camera LhaL Look Lhe plcLure/vldeo
Model of Lhe camera
Serlal number of Lhe camera
uaLe / Llme Lhe lmage was Laken (accordlng Lo Lhe camera's clock)
lllename
llash seLLlngs
AperLure seLLlngs
lmage resoluLlon
SofLware
And more.

A forenslc compuLer examlner can examlne a plcLure or vldeo for evldence of Lxll daLa and use
speclal programs Lo lnLerpreL Lhe lnformaLlon. 1here are many free programs avallable on Lhe
lnLerneL Lo do Lhls and many phoLographers use Lxll daLa Lo lmprove Lhelr phoLographs. ln
facL, Lxll daLa was orlglnally creaLed for phoLographers so Lhey could look aL Lhelr camera
seLLlngs sLored wlLhln Lhe Lxll daLa Lo flnd ouL whaL seLLlngs worked or dldn'L work when
Laklng plcLures under dlfferenL condlLlons.


ScreenshoL from an Lxll daLa parslng Lool

1o lllusLraLe how Lxll daLa can be used Lo solve a crlme, lmaglne Lhls scenarlo. l was
lnvesLlgaLlng a case where an adulL male was suspecLed of havlng a sexually expllclL
conversaLlon wlLh a 14-year-old female vla Lhe lnLerneL. 1hls adulL male was sendlng expllclL
LexL messages and lL gradually escalaLed Lo hlm sendlng lmages of.well, you can lmage, Lo Lhe
vlcLlm. When Lhe vlcLlm reporLed Lhls Lo a Leacher aL school, our unlL became lnvolved and we
forenslcally analyzed Lhe vlcLlm's cell phone.

When revlewlng Lhe plcLures on Lhe vlcLlm's phone, we found Lhe plcLures of Lhe suspecL.
none of Lhe lmages showed hls face and all of Lhem were obvlously Laken from lnslde of a
resldence. Slnce he senL Lhe messages from hls cell phone, we were able Lo Lrace Lhe phone
number Lhey came from and ldenLlfy Lhe sender. When we revlewed Lhe plcLures senL from Lhe
suspecL, each lmage conLalned Lxll daLa. 1he Lxll daLa showed LhaL Lhe plcLures were all
Laken from a Samsung cellular phone and slnce he had hls geoLagglng feaLure enabled on Lhls
phone, each lmage conLalned Lhe laLlLude and longlLude of exacLly where Lhe phone was when
Lhe lmage was Laken. 1hls allowed me Lo creaLe a Coogle LarLh map, whlch happened Lo place
a blg red doL rlghL over Lhe suspecL's aparLmenL.

!usL from Lhe Lxll lnformaLlon we could prove LhaL Lhe parLlcular sexually expllclL lmage was
Laken by Lhe suspecL's phone, from Lhe suspecL's home, aL a cerLaln daLe/Llme (slnce phone's
clocks are generally seL by Lhe cell phone neLwork, Lhey are rellable). AnoLher crlLlcal elemenL
Lo prove ln a crlme ls LhaL of venue (provlng Lhe crlme happened wlLhln a cerLaln [urlsdlcLlon).
WlLh Lxll daLa, lL ls noL dlfflculL Lo prove Lhls aL all, slnce we know Lhe exacL CS coordlnaLes of
Lhe crlme scene.

Lxll daLa has also been used Lo locaLe vlcLlms or suspecLs of crlmes from lmages and vldeos
posLed on Lhe lnLerneL. lmaglne waLchlng a vldeo LhaL was uploaded Lo Lhe lnLerneL whlch
deplcLed Lhe raclally moLlvaLed assaulL of a person. lf Lhe camera used Lo creaLe Lhe vldeo ls
capable of embeddlng Lxll daLa and Lhe webslLe Lhe vldeo was uploaded Lo doesn'L remove
Lxll daLa, lnvesLlgaLors can download Lhe vldeo and examlne Lhe Lxll daLa Lo poLenLlally flnd
ouL more lnformaLlon Lo lead Lo a suspecL.

Whlle Lxll daLa has proven lLself Lo be an amazlng Lool for law enforcemenL, lL has also been
explolLed by crlmlnals. lf you have used any of Lhe geoLagglng feaLures of your favorlLe soclal
medla slLes (1wlLLer, Coogle+, ?ou1ube, lacebook, loursquare, eLc.) Lhen you are aware LhaL
you can share your locaLlon wlLh your posLs and plcLures. 1hls Lechnology ls slmllar Lo Lxll daLa
by uLlllzlng Lhe devlces lnLernal CS funcLlonallLy Lo embed your longlLude and laLlLude lnLo
your posL.

Crlmlnals have begun uslng Lhls Lechnology as anoLher Lool for cybersLalklng. 8y downloadlng
lmages and vldeos LhaL people posL Lo Lhelr personal webslLes or soclal medla slLes, Lech-savvy
crlmlnals can do Lhe same Lechnlque law enforcemenL employs Lo locaLe where someone was
aL when Lhey creaLed Lhe lmage. lf you are a vlcLlm of sLalklng or have been LhreaLened by
someone ln Lhe pasL and have gone Lo greaL lengLhs Lo hlde from Lhem, all lL would Lake ls Lhem
geLLlng ahold of one lmage placed on a soclal neLwork slLe Laken by your cell phone or hlgh-end
dlglLal camera wlLh bullL-ln CS. lf LhaL plcLure was Laken aL your home, work, chlld's school,
eLc. LhaL's all Lhey would need Lo flnd you. lL's a scary LhoughL and one LhaL people musL
conslder when uslng Lhls klnd of Lechnology LhaL ls generally Lurned on by defaulL.



!osh Moulln

!osh has a long hlsLory of publlc servlce, beglnnlng ln 1993 as a llreflghLer and LM1. AfLer elghL years of varlous
asslgnmenLs, !osh lefL Lhe flre servlce wlLh Lhe rank of LleuLenanL when he was hlred as a pollce offlcer.

!osh spenL Lhe nexL eleven years ln law enforcemenL worklng varlous asslgnmenLs. !osh worked as a paLrol offlcer,
fleld Lralnlng offlcer, arson lnvesLlgaLor, deLecLlve, forenslc compuLer examlner, sergeanL, lleuLenanL, and Lask
force commander.

1he lasL seven years of !osh's law enforcemenL career was spenL as Lhe commander of a reglonal, mulLl-
[urlsdlcLlonal, federal cyber crlme Lask force. !osh oversaw cyber crlme lnvesLlgaLlons and dlglLal forenslc
examlnaLlons for over 30 local, sLaLe, and federal law enforcemenL agencles. under !osh's leadershlp, Lhe forenslcs
lab was accredlLed by Lhe Amerlcan SocleLy of Crlme Lab ulrecLors / LaboraLory AccredlLaLlon 8oard (ASCLu/LA8)
ln 2009.

!osh has been recognlzed as a naLlonal experL ln Lhe fleld of dlglLal evldence and cyber crlme and frequenLly speaks
across Lhe naLlon on varlous Loplcs. Pe has LesLlfled as an experL wlLness ln dlglLal forenslcs and cyber crlme ln
boLh sLaLe and federal courL on several occaslons. Pe also holds a varleLy of dlglLal forenslc and law enforcemenL
cerLlflcaLlons, has an assoclaLe's degree and graduaLed summa cum laude wlLh hls bachelor's degree.

ln 2012 !osh lefL law enforcemenL Lo pursue a fullLlme career ln cyber securlLy, lncldenL response, and forenslcs
supporLlng a federal agency. !osh now leads Lhe MonlLor and ConLrol 1eam of a Cyber SecurlLy Cfflce and hls Leam
ls responslble for dally cyber securlLy operaLlons such as, lncldenL response, dlglLal forenslcs, neLwork monlLorlng,
log revlew, neLwork perlmeLer proLecLlon, and flrewall managemenL.