The Audit - Episode 28 - We are pleased to introduce you to Andre Champagne, an expert in the intriguing world of cyber and digital forensics. Andre’s journey, from the Anoka County Sheriff's Office, through the Illinois Attorney General's Office, to the state of Minnesota, provides fascinating insights into a career in stopping cyber-crime.
Andre also recounts his time managing a digital forensics laboratory, shedding light on the intricate balance between risk and technology in the digital landscape. He shares stories about investigating arson cases, using phone evidence to reveal the diversity of online predators. His anecdotes provide a sobering perspective on the challenges and rewards of a career in cyber forensics.
Finally, Andre breaks down the reality of the cyber security field beyond what you see in TV and film. His experiences range from putting together reports for the courtroom, dealing with data breaches and ransomware, to handling HR investigations. The conversation takes a darker tone as we address the chilling reality of online predators while Andre provides valuable advice on ways to keep children safe online.
The Audit - Episode 28 - We are pleased to introduce you to Andre Champagne, an expert in the intriguing world of cyber and digital forensics. Andre’s journey, from the Anoka County Sheriff's Office, through the Illinois Attorney General's Office, to the state of Minnesota, provides fascinating insights into a career in stopping cyber-crime.
Andre also recounts his time managing a digital forensics laboratory, shedding light on the intricate balance between risk and technology in the digital landscape. He shares stories about investigating arson cases, using phone evidence to reveal the diversity of online predators. His anecdotes provide a sobering perspective on the challenges and rewards of a career in cyber forensics.
Finally, Andre breaks down the reality of the cyber security field beyond what you see in TV and film. His experiences range from putting together reports for the courtroom, dealing with data breaches and ransomware, to handling HR investigations. The conversation takes a darker tone as we address the chilling reality of online predators while Andre provides valuable advice on ways to keep children safe online.
Hello, I'm Eric Brown and you are listening to the audit presented by IT Audit Labs. Today, we will be speaking with Andrei Champagne about his extensive experience in cyber and digital forensics. Andrei is no stranger to the dark side of computer-based crime. Fair warning though today's episode touches on some topics that may be disturbing or upsetting to some viewers. Viewer discretion is advised. Joining in on today's conversation are IT Audit Labs professionals Scott Rizdal and Nick Mellum, as well as our podcast producer, joshua Schmidt. Stick around until the end, because you're not going to want to miss one second of this episode.
Speaker 2:Yeah, andrei and I go back to the state of Minnesota's early days security operations center. I think he started in there as a security analyst maybe a few months before I did. I got there I was halfway through grad school and this was not my first security job, but kind of my first time, like living in the fishbowl that is a security operations center, and Andrei was one of the first people to help me and train me and kind of tell me what the whole place was all about and what our capabilities were, and also the things that we couldn't do yet and some of the bad habits and political barriers that existed at that time. And we both stayed there and worked there for a couple of years.
Speaker 2:I left the organization and Andrei transitioned to a better job, but we spent our time in the trenches together at the security operations center at the state of Minnesota, so one of my favorite people still from my cyber career. So I'm really happy he's here to talk to us. Yeah, so, andrei, maybe with that little intro, would you mind just telling us kind of your career trajectory a little bit and just kind of where you started, where you met me in the whole, the whole cycle, and then kind of where you're at now.
Speaker 3:So currently I'm at the state of Minnesota. I am the supervisor for the minute digital forensics laboratory. I was actually hired by the state to do forensics but when I got to the state they needed help in the security operation center, which is which was pretty new at the time Didn't have a lot of people in there with experience doing, you know, security work and forensics work, so they threw me in there for a while but eventually I did crawl my way down to the basement and into the lab full time and that's where I reside now and that's and I got a small team down there how I got to the state quickly and we can certainly dive in deeper. I started out at the Anoka County Sheriff's Office. It's a north suburb of the Twin Cities and I was the head IT guy there for the Sheriff's Office for almost 18 years.
Speaker 3:I started dabbling in forensics around 2006. Decided that was where I wanted to transition full time and then in 2012 I left the Sheriff's Office, moved to the big city of Chicago and took a job with the Illinois Attorney General's Office doing criminal work criminal investigations. Stayed there for roughly a couple years, eventually migrated back to Minnesota. I was a civilian investigator at the Wright County Sheriff's Office doing forensics, and then after that I came over to the state. So that's the quick career path for me and how I got to the state. And then, yeah, started working with Scott and it's been nothing but joy ever since.
Speaker 2:Especially when I left right.
Speaker 1:No, I was just going to ask if you only knew Scott as a colleague, or did he come up in any investigations?
Speaker 3:No, I couldn't tell you if he did, but I don't think so. No, scott was. I couldn't have had a better coworker. That night talked about not just work, but we talked about personal things and politics, and I think Scott will be the first to tell you that we don't necessarily come from the same political background, we don't necessarily agree on all of the stuff happening outside of work, but somehow I think it worked really well. We worked really well together. It didn't affect us at work, but we were able to jab each other. I think a little bit made it a little fun. But yeah, scott was great to work with and sadly, when we have great employees at the state, oftentimes they leave, and that's what happened with Scott.
Speaker 4:It's the nature of the beast.
Speaker 2:Thanks, andre. This podcast is really all about me, and so I appreciate you staying on message.
Speaker 5:That's really entertaining to find out about your background, andre, and then your relation with Scott. I've also found out you're a drummer. As a musician myself, I was kind of interested in what kind of music you like to play, and maybe some of the names of your bands have been.
Speaker 3:Yeah, so yeah, I love playing drums. I'm a drummer. I have been since I was about probably eight years old, banging on my mom and dad's dashboard in the truck as we were driving up north every weekend. My dad decided that I needed a drum set when I was about 10 and told my brother to go out and buy one for me. My brother was a lot older at the time Got me one and I pretty much was self-taught. And then from there I joined a band when I was 17, still in high school, played rock, you know top 40, that kind of stuff. We jammed out for probably five or six years through my college years, all over mostly Central and Northern Minnesota parts of North Dakota. It was a blast. We were all young, all in our early 20s and having a good time, had a few years off. Then I joined a band called Shag in here in the Twin Cities. I believe they still play another top 40 rock band cover band. I was with them for geez, I think, all eight or 10 years, which is a long time to be in a band. And then when I was I don't know around 40, I'm in my early 50s, now 52. Around 40, I stopped playing in a band, but I've subbed in band sense and I still jam out at home.
Speaker 3:Yeah, I think you mentioned in your email you asked me about what do I play? So I play tomah drums. I have three acoustic sets. I collect drum sets, kind of like guitar players collect guitars. I have electronic set. I have a lot of money wrapped up in my equipment. I've been collecting it, obviously, since I was about 10 years old. I still have most of my original stuff all the way up till now. It's a lot to store, yes, but I have a lot of land and a lot of shelf space. But yeah, I love playing, I love jamming. I'm mostly a rock guy and that's what I do. That's what I do in my spare time.
Speaker 5:That's amazing. I really like the name designated driver that you I really like the name designated driver you had shared with me, and I thought that was a fun band name. Also, another fun fact is Scott and I were in a band actually in high school our first band, I think from the time we were about 11 to 13 or 14 in that zone too. So yeah, full circle.
Speaker 2:I had no idea. That's awesome. Yeah, that band was called a few things, but the one that sticks with me is Chunder, which is the Australian slang for puke, and we lived up to that name, I think.
Speaker 5:It came from the song Men At Work from Down Under.
Speaker 4:Yeah.
Speaker 5:That came from that tune. So, fun fact, we're all kind of connected here in various ways.
Speaker 3:So in my bands a fun fact we had some real musicians. We had a drummer and a bass player and then we also hit, you know, threw in some guitar players.
Speaker 2:What do you call a drummer without a girlfriend? Andre?
Speaker 5:Homeless, uh-oh, homeless yeah, nice. Or three musicians and a drummer walk into a bar.
Speaker 3:All right, let's move on.
Speaker 5:The drummers don't like the drummer jokes all the time, but we want to hear more about what your day-to-day today looks like, andre, and some of the challenges you face in your sector, working for corporate forensics for the state.
Speaker 2:Maybe, just before we do that, could you just explain, andre, what cyber forensics is? I think most people who have any idea of what it is imagine that TV show NCIS. There was that character, abby with the long ponytails and the knee-high boots, and there's just always techno music pounding in her lab. Tell us how much it is like that.
Speaker 3:Yeah, I can tell you it's not like this. If you can see me where, you're like pulling stuff across some kind of imaginary board.
Speaker 4:I'm not in an army report.
Speaker 3:Doing this and then boom, there it is, there's the evidence, there's the answer.
Speaker 3:It's not like that. So, yeah, so you know, cyber forensics it's a lot of things, right. It's IT work, it's incident response work and it's forensics all combined, and then with a little sprinkle of legal stuff on top of that, a little sprinkle of compliance stuff on top of that, and then you get cybersecurity investigations. What really happens in the day to day when we're getting into the actual work and I'll step back and kind of give you a general overview as well but for the work itself, it's identifying evidence. In your case, and that evidence, right Again, it's not the moving around the screen stuff, it's logs, it's stuff that might be on your servers, it's physical devices, it's laptops, it's tablets, it's phones, it's literally everything that can contain digital information. We also will pull in on investigations, since we do investigations for the entire executive branch of Minnesota. We work with the Department of Transportation, right, recently we had to examine a device that sits on the roadway and track some information, but we had to examine that and there's probably never been a person that's ever done a forensic investigation on one of those devices before. We have to figure out. How do you examine that? How do you get the data? How do you extract the data. If you can extract the data, then if you can, how do you analyze it? What does the data mean?
Speaker 3:There's a lot of testing, a lot of research that goes into the work. It's not always just you find your evidence, you pull it in and you're able to just sort through it and do what you need to do. So this kind of work, a lot of testing, a lot of research goes into these investigations. You might have to learn a new skill, learn a new tool. You might have to interview someone. You might have to call a company up and try to track down an engineer that knows something about a device or about the data. So there's a lot of different things where an investigation can go. So it does keep it interesting, right, but also it can get very complex very quickly. As far as stepping back and just like what happens on a basic day, like a quote, unquote average day, I would say an average day really doesn't exist because they're all completely different and no matter what you think is going to happen that day when you go into the lab it almost never happens that way Something else comes up, something you find in your investigation. You have to take a left turn or a right turn and go down a different path that you weren't expecting. So that is one of the things that I really like about this work is that it's different. Every day is different. Yes, you're working investigations every day, but they're all different right, and even a single investigation might feel like two or three if they take all these different turns. So that is one thing I like a lot of variety in the job.
Speaker 3:But again, getting back to when I get into the lab every day, or when my examiners get into the lab, most of my examiners have anywhere from three to six cases on average at any given time. That can spike up to as many as 10 or 12, which we've had recently. That starts to become a lot of work for a single person. But they'll come in, they'll check the status of their tickets. They'll start acquiring evidence. If they need to acquire more evidence, they'll check the status of evidence that's being acquired. They will reach out to customers that have new requests coming in and will do what are called scoping calls. So that's just what is the investigation about what questions need to be answered so that we can focus our resources, focus our time and try to get to those answers as quickly as we can and then identifying those evidence sources.
Speaker 3:Like I said, they can be all over the place. If there's physical devices, we need to get them, oftentimes physically, into our laboratory. So we have to coordinate that with people. Some data we can remote out to and grab and if we can we'll obviously do that We'll pull logs, we'll do all of that kind of stuff and then, once you get your data, then the examiners will throw that into whatever tools they want to use for that case and they have to process that data. The processing could take hours, it could take days or weeks, depending on how much processing we're doing, how much data there is. So these are all things that we're doing when we get into the lab every day and just kind of moving our cases forward, and then, when it gets to doing analysis and report writing, right, as a human being we have one brain, one set of eyes, one pair of hands. You can only do analysis on one case at a time, and that's where the bottleneck comes right, or you have to focus your energy on one case to do that work. So then, yeah, then we'll do the analysis and then report writing.
Speaker 3:I do want to touch on this a little bit because report writing is that one area, I think in all of forensics, and probably even in cybersecurity and general incident response, that is kind of ignored. It's not talked about, there's no time or energy spent on it, and I would argue it's the most important phase of your investigation. If you can't communicate your findings to your audience, then it doesn't matter what you found, it doesn't matter how much work you put into the investigation. If you can't communicate it, it doesn't matter. So I spend a lot of time and a lot of focus in our laboratory with my team doing peer reviews on reports to improve report writing skills. We've developed templates for the examiners to follow to help them be consistent in the look and the feel of our reports or.
Speaker 3:Our customers are accustomed to a standard look and feel and they know how to interpret our reports when they get them. But this is a big thing in forensics that's ignored. I talk about this all the time. Wherever I go, whatever audience I'm in front of my peers, when I go to vendor outings and webinars and seminars, I focus on what is your tool do for reporting? How can it give me data that I can put into my report that will make sense. And again, there's just not a lot of focus on this, but in my lab, reports are like the number one thing that we focus on at the end of the day, because they're the most important.
Speaker 1:So, Andre, a couple questions for you and thanks for elaborating on that. On the report writing side, do you use any artificial intelligence yet to help with the report writing or to help pull the data together?
Speaker 3:No, currently we don't do anything like that. Our report writing now consists of again, we have a template right, so it has a structure and then each examiner, depending on the investigation because every investigation is pretty unique will determine what information needs to go into the different sections of the templated report. If there's sections of the report that need to be removed that are not relevant for that particular investigation, we pull reports out of our individual tools. Generally they're not that great, they're Excel spreadsheet reports or they're cheesy HTML reports, but we get the data that we want out of our tools and then we have to massage it to make it look pretty, to make it understandable, and then we put it into our reports. So reports are all of our reports are peer reviewed by someone else in the lab. They're peer reviewed for administrative things like just page numbers you know formatting, spell checking, grammar, those kind of things and then they're peer reviewed from a technical perspective.
Speaker 3:Right, is what you're communicating? Does it make sense? Is it accurate? Did you put the right stuff in your report? And then really the third thing is is it readable by the average person? Are they going to be able to get something out of your report? Because our reports. At the end of the day, they may go to executive leadership, they may go to a jury, right? An attorney may need to read them, a judge may need to read them and these people are not forensic experts at the end of the day, right. So we have to communicate highly technical analysis that we've done in our findings and we have to put it in the report so that another forensic examiner that is reviewing it will understand that we know what we did right and that it's accurate. And then we also need to put it in there in such a way that someone with no forensic experience can read it and go oh, that makes sense. I understand that. So the bottom line is no, it's a very manual process and we could spend hours or days just writing a report.
Speaker 1:We talk about that same thing of being able to articulate clearly as being able to explain some of the things that we do at the Thanksgiving table. Right, so you show up family gathering. Could we explain what we do day to day to the average person around the table? And sometimes that's hard to do, especially when we get into some of these topics like quantum computing that we had on a couple episodes ago. That's tough to talk about. But, Andrew, what I wanted to ask you as well is when the examiner is preparing these reports, would they ever get called to be the expert witness to defend the report, or does somebody else do that?
Speaker 3:Yes, they might be called to court or to a deposition or to one of many other legal types of settings. To, yes, to go over the report, defend their findings or explain their findings. Yes, absolutely. For me it happens about once a year on average, so it's not something that happens a lot, but it does happen.
Speaker 1:And for the listeners, can you just elaborate and give a little color as to what exactly what sort of things you're dealing with Are we talking about? You know there was some data leaked from a site. Are we talking about somebody hit a spy cam somewhere? Are we talking about somebody may have stolen some credit card numbers, like what's the meat of the matter? What are you digging into on, say, your last three or four cases?
Speaker 3:So a quick answer is all of those things you just mentioned yes, yes and yes. So the things that we will get involved with are all over the place. I'll start off with we will do the actual cybersecurity investigation. So that's a potential data breach. Someone hacked a server, someone went into a state website that was insecure and changed, you know, the data on that's displayed on that server, or defaced the website, as we like to say. So we get involved with that. Servers that are hacked. And then you know, obviously, malware, ransomware, attacks, things that are coming in through phishing emails that then spread to other assets throughout the organization. So we'll get involved with those investigations.
Speaker 3:And then really, another big thing that we do, though, is we do internal investigations or HR investigations. So this is what our state employees doing, right. What are they doing, and are they doing bad things Could be they're working a second job on state time, right. It could be that they're using state assets for personal use. It could be that they're destroying state data because they're about to get fired and they have a big chip on their shoulder. It could be that they're stealing data outright and exfiltrating it off to their personal email or a boxcom account or a Dropbox account and maybe they're selling it to a vendor or to even bad actors.
Speaker 3:So these are all things that we deal with and investigate. We also have people, unfortunately, you know, surfing porn right. So we do those investigations. And some of these investigations turn into criminal investigations, right At some point where there might it might go beyond just a policy violation or some kind of regulatory issue, but it might actually be a criminal issue. So in those cases we will work closely with external law enforcement, whether it's the BCA here at the state FBI, you know the ATF. We deal with a lot of different organizations outside as well on some of our cases.
Speaker 1:Whenever we're surfing porn at work, we just say we're testing the security.
Speaker 3:Yeah, well, yeah, that doesn't work at the state that's why Scott's not there anymore? Yeah, we did have a big drop off in data exfiltration after Scott left and I don't know what that was all about.
Speaker 4:Yeah honor.
Speaker 3:This is a lot of good information here.
Speaker 4:I think one thing that's sticking out to me is, or I'm curious about, is what tools are you guys using? Have you found one that's made more specifically, you know has led to you know, better findings? Or what are you guys using to be effective?
Speaker 3:We use many, many tools. I think you're going to find that any or most digital forensics laboratories are going to have a variety of tools, simply because there's so many different types of devices and data out there and they're all organized and structured differently that you really need to have tools that are designed for specific file systems, for specific operating systems, for to be able to read specific types of logs. So we use a variety of tools. We do have enterprise tools that the enterprise IT teams roll out. So we have, like you know, an endpoint tool for detecting malicious activity on, you know, devices. We have different logging going on on the network for network traffic. So we have lots of enterprise tools and we pull reports from them to see, you know, are we seeing strange things as far as data crossing our network or coming in or out of our network, those type of things? We look at normal logs like Windows logs, right, and SQL database logs. So we have tools that will parse those out that are specific to those types of logs. And then we use a lot of the industry standard tools that most digital forensics laboratories use.
Speaker 3:We use magnet axiom. That's one of our primary tools. We use open text and case. That's an excellent tool for deep diving into security events. I love that tool for, specifically for that, we have X ways specialist or WinHack specialist. That's another good deep diving tool. We use celebrate and you fed for mobile phones and mobile devices. We also have forensic explorer. It's kind of a niche tool for us, but we use that to launch VMs, like when we get a VM clone, we can throw it into that tool and we can actually spin it up and see what's going on on the live device, but in a forensics, forensically sound environment. And then we have probably, you know, another dozen or two dozen small utilities and smaller tools to do like Mac forensics and some other things in our lab. So we have a lot of tools and with that, you know, we're asking our examiners to know a lot of tools and therefore they have to spend a lot of time testing, a lot of time training and understanding how the tools work.
Speaker 4:Yeah, I was actually just going to ask that if everybody was expected to be, you know, an expert in all those tools, because that's quite the list that you that you named off. One quick follow up that I was just thinking about when you were listing those tools off is earlier you had mentioned that you had migrated to Chicago for some time and then back to Minnesota. I guess, just curious on, did you notice a difference in cases that you might have in Chicago versus Minnesota, or vice versa?
Speaker 3:I was specifically doing criminal cases in Illinois and then I did criminal cases back here in Minnesota, so I'll talk about that first.
Speaker 3:Sure, the main difference there is, I mean, it's not forensics, right, forensics is forensics, doesn't matter whether you're doing it here, there, you know today, tomorrow. But the difference is is how the how the laws are written and how the courts react to different crimes. I'll give you an example in Illinois we would work a child porn case. And if you worked it in the northern half of the state, which is Chicago area, that side of the state, and you had a case and let's say that that person, let's say they get a year probation, six months in jail for their particular child porn crime, you take that same crime in the same state of Illinois, but you go down to Springfield, in the southern half of the state, that same crime, going into a court, that person may get 10 years in jail with 20 years probation.
Speaker 3:Oh, wow, that that's how radically different things are handled just in within that one state. And then, when you're comparing Illinois to Minnesota, I guess my the only thing I'll say is Minnesota is generally much more lax on these crimes. Oh, illinois has much tougher penalties for child porn. But but the work is really not any different. Right, it's just the court process, what judge you get in front of, right, and then what the penalty actually ends up being.
Speaker 2:Yeah, andre, I just wanted to ask how often you find that you're working on a case or your examiners are working on a case and they just Flat out, don't have enough evidence, they can't process the evidence for some reason, or for whatever reason. It just sort of falls apart Before it would get to the point where it could be presented in court, or whatever the outcome would be there.
Speaker 3:There is a lack of, you know, some types of evidence, some types of logging for certain types of investigations that just don't exist. Right, we're just that, at least in our environment, or the environment at my current employer and in really, that it's like that in a lot of places. Right, because there's so much data going around, right, transversing these networks, so many different you know types of things going on with employees and staff and different applications, that boy, if you're tracking everything, I mean good for you and that's great and it's great for investigation purposes, but it's a lot of storage, it's a lot of work, it's a lot of tools, it's a lot to maintain. Right, you got to have experts on staff that know what they're doing. You know upgrades and updates with systems and then things change. Then you got a tweak To keep up on things. So it's a lot of work.
Speaker 3:We've, you know there's been great strides in this area, am I where I work now and I think probably across most Organizations in the last, you know, five to ten years. As tools become cheaper, things Maybe start moving towards some standardization and how logs are built and defined and they can be pulled into these, these data logging compliances, right, where it's easier to get at them and sort through them and do things with them. But yeah, it can be difficult on some cases absolutely to find all the answers that we really want to find, but generally there's something we can put our hat on and say well, you know, we may not have all the answers, but we have these answers here and then you know, sometimes that's the best you can do, right.
Speaker 1:You had mentioned that you're most people. You work with our examiners. What does it take to become an examiner?
Speaker 3:Yeah, what does it take to become an examiner on my team or in general? So I'll give you either.
Speaker 3:I'll give you on grace Andre's preferred qualifications. To be a digital forensic examiner doing this kind of work, you have to have a strong IT background. Now, I know my counterparts that I've worked with in law enforcement that come up through traditional law enforcement ranks Will probably have a large argument with me over this, right. But I Think you have to have a strong IT background because everything we're doing in this realm is Related to information technology stuff. Right, it's it's computers, it's phones. Right, it's smartphones, it's tablets, it's it's logs Across them. You know going across a network. It's understanding ports and protocols, and you know understanding hex all of these things, right. And how do you tear apart a specific type of laptop? What if it has Storage medium that is not removable? Right? What's the difference between 512 case sector and a 4k sector? Now, I'm getting in the weeds here a little bit. Right, I'm not expecting everyone here to even understand all of this stuff, but these are the things a forensic examiner needs to know, right? So IT background, strong, diverse IT background I think that's a must, that that opens up the first door for you, for some labs that might be willing to train you further. Right, and give you specialty training to make you an examiner. But beyond that, certifications, there are certain forensic certifications that are helpful. There's some private Organizations like IASIS. They have a certification. It's really big in law enforcement circles but you don't have to be in law enforcement to go through their certification. It's well known in the industry and then you can look at, like, all of the sand certifications. A lot of those are excellent, not just for you know doing Forensics, but just doing incident response and other types of security work. So sands courses I would highly recommend there.
Speaker 3:There are some two and four-year degrees and I will caution people here. There is a big difference when you go to colleges in what you get for an education in forensics and do your research ahead of time. Make sure you know what you're getting into. Make sure that the degree you're getting is Is actually going to teach you something and be marketable. There was a lot of people going and getting degrees Five, ten years ago when they first started coming out with digital forensics degrees when you would look at the curriculum or I would.
Speaker 3:I would look at the curriculum and there was one forensics course in a four-year degree one, but they called it a digital forensics Four-year degree and guess what? Those people are having a tough time getting a job because they don't have tangible skills. Right, you have to actually know something in this field, right? You can't just have a nice pretty degree hanging on a wall. You actually have to know how to do the work. So just be careful before you spend tens of thousands of dollars Know what you're getting into. A lot of times you can just go get a certificate or a two-year degree at a college that's hands-on For almost all of the courses and actually learn some skills. That's the way to go. If you're gonna look at a four-year degree, make sure it's it's one that is well known. Good, good recommendations. People are finding jobs, etc.
Speaker 1:So do your research and do the people that work for you Need to be in law enforcement.
Speaker 3:No, you don't need law enforcement experience, like I said you need. You need a healthy IT background. Hopefully you've had some forensic experience before you get on my team, but I ask a lot from the people on my team. I don't really have like junior examiners, and in a tiered structure because I have a small team. So everyone that comes on my team needs to really Know what they're doing and can run a case from start to finish. But bigger labs right, bigger labs will bring in junior analysts with less experience and then help train them up right and give them a career path. So don't think you have to have a lot of forensic experience going in. It all depends on where you're gonna get a job right and what your employer is willing to do with you, but obviously it does help.
Speaker 3:I will mention one additional thing, and I think this is probably just good and advice in general for people in the job market, but I'll talk specifically here about forensics Do something that sets yourself apart from everybody, and what I mean by that is Okay, you know, let's say everybody has IT experience and everybody has some forensic experience. But learn how to script, learn some Python, learn some PowerShell right, learn some other skill that sets you apart. But yet an employer will look at that like, yes, I can, I can have this person do some other stuff. Right, I can help. They can help automate things in the lab. They can help write some tools in the lab that do things that are Consumer-based tools that we're purchasing don't do right.
Speaker 3:So again, try to set yourself apart. Try to get Some experience in an area that other people don't have, even if it's Like a forensics course or something that maybe is like database forensics, for example. I'm just throwing that out there. A lot of people don't have necessarily specific training on database forensics, but if you decide to go out and take a course on that and put it on your resume, you're gonna stand out right, you're gonna be different. So I highly recommend you do those types of things. And if you're not really sure about what things might set you apart, then find someone like myself, find a mentor, find someone you can talk to and say, hey, you know what other things can I do to land a job? Or you know, hey, I've applied for a bunch of jobs but I'm not really getting past the first interview. Like, like, what can I be doing differently? And and then just you know, try to work on that. That's excellent advice.
Speaker 5:Thanks, Andre Eric. Did you have any other more follow-ups before I move us along? I've probably got a lot, but I would be interested in hearing some of the stories too. Yeah, you kind of had mentioned some of your time with law enforcement in Illinois and you know kind of how that compares to Minneapolis. But We'd you know for our listeners that are interested in getting involved in forensics work, I'd love to hear some some cases that you've worked on that that stand out and might be informative for our audience.
Speaker 3:Yeah, we could. We could talk cases all day. So I think we have a few that we've, I think, vetted, which are some of my more Favorite ones to talk about. Start with the arson investigation, if you don't mind. So you know, I guess let's just pause for a moment and let's understand when you're doing Forensics work, you're doing Forensics in a corporate environment, like I do today. You're dealing with, you know, hr cases, you're doing with the cybersecurity hacks and that kind of stuff, right. But when you're doing forensics on the criminal side, for law enforcement, the cases are completely different. Generally you're never doing, or almost never doing, internal investigations. It depends. You're generally not doing hardcore cybersecurity investigations, but what you're doing is is arson investigations, fraud investigations, cp investigations. You're doing criminal sexual conduct investigations, a homicide investigations, right. All of the things you see on TV, right, all the crimes going on. That's the stuff law enforcement is working on.
Speaker 3:So in this first case I worked an arson case. This was a case here in Minnesota. There was a fire in a town home and Thankfully it did not spread and kill anybody right, because town homes they're connected. But there was this fire in a town home. Our people went on scene. They took photographs, collected evidence and our detective came knocking on the door and said hey, andre, I have a phone for you in this arson investigation. I need you to look at it, tell me what you find. We sat down, talked about Some of the basics of the investigation, who was involved, what they know about it, what happened, all of that stuff. I got a copy of you know the report, date, time when things happen, all of this good stuff, and I got the phone and I do remember this phone very, very well. It was a white phone, but that's not why I remember it. I remember it because it was a windows based phone, which are very, very rare, and we didn't get a lot of those in the laboratory.
Speaker 1:Everything was Android or iOS, right the windows should have made it real easy to get into.
Speaker 3:Yeah, so. So windows. So that's why I probably will always remember this case, just because it was a windows based phone. So I, you know, I grabbed the phone. You know we did all of our exchange, evidence, exchange, chain of custody, all that good stuff. I did use a celebrate on this particular device and I was able to Acquire all of the logical data on the device. I did not need a physical image on this particular device, but I was able to retrieve all of the logical information. And for those of you that Don't really understand the difference between the physical logical, logical is anything when you're on the phone that you can see. That's what I was able to pull out right. And then a physical. If there was stuff that was deleted that you know you can't see it anymore, a physical Extraction would allow you to see, or potentially see, some of that data. So I, again, I made a logical of this particular phone.
Speaker 3:So then Andre does what he normally does is he parses that out, starts looking at the phone. You know I'm gonna be looking at communications, right, I'm gonna be looking at internet history. I'm gonna be looking at videos, images, all the different categories of data that one might see on a phone for this particular phone. I I got to the photo piece, right, the images. I'm looking at the images on the phone and I'm scrolling through the images and I remember it like it was yesterday and all of a sudden I came to a whole bunch of photos and they were photos of what appeared to be like collectible toys and Different types of collectibles, right, all boxed up, nice and neat. They were against a wall and you know, photos taken right with the can't, with the camera on the phone, of these particular collectibles. I'm like, wow, this is interesting. Why are there all of these photos on here, all these collectibles, right? So I'm doing what any good forensic examiner, slash investigator would do I'm scratching my head, I'm thinking, hmm, this is kind of weird. So I start looking at the date and time stamp of the photos and I go, oh, interesting, that was a week before the arson.
Speaker 3:So I went to the next step and I was like, well, let's look at the metadata for these particular images. They were JPEG images. Sometimes JPEG images have metadata. I looked at the metadata and I found something very, very interesting. They all had GPS coordinates taken to them, every last one of them. You don't often see this on phones, especially back then. This case was probably around 2014 and at that time not all of these smartphones were tagging with GPS, but this Windows phone was tagging very reliable GPS coordinates on these images. So I'm like, yes, I have another breadcrumb to follow, right? So I took those GPS coordinates and I again went off to the Googler and I was looking at them and mapping them out and they all came back to one address In a city, a couple cities away from where the arson happened. All of them, all these photos, came back there. So now, like, I want to know, okay, what's particular about that address? Right, because it's not the arson address, it's a different address. So, thankfully, since I worked in law enforcement and I had easy access to property records, got a name of a person that was a family member's address for the person we were investigating. Okay, that makes sense. Bingo got it. He was taking photos of all of his high-end collectibles at his the residents of the person that he's related to a couple cities away a week before the arson, because he was going to do insurance fraud, right, he wanted to collect money. Bad news for him, he didn't know he was tagging his photos with GPS coordinates showing that they were not in fact at his house. They did not in fact burn up in the arson and he was not only going to be charged with arson but probably other things to include financial fraud. So that was great.
Speaker 3:I wrote up my report, I submit my report. This goes to trial. And who has to go testify? Yep, little old Andre, I had to go testify. So I went to court and again I remember this like yesterday, because the courtroom I was in was super small and I was sitting here, you know, I got sworn in and literally if I turned to my left, like about three feet away was the jury box with all the jurors sitting there Like I could have shook their hand. That's how close I was to them.
Speaker 3:So I get asked a question by the prosecutor to, you know, elaborate about my report, about what I found with these images and the GPS coordinates. And I just, I don't know. I just felt really good at the time, right, I just he asked me the question, I turned, I stared at the jury the whole time as I gave my answer. I explained I found these photos. You know they had GPS coordinates. The GPS came back to the family members house, so that's where they were taking all of this stuff. And then I turned back when I was done giving my answer and looked at the attorney and then, you know, we moved on with the jury and we got the conviction and we won.
Speaker 3:But it was, it was a really good feeling. You know, I really finding that information treasure trove, gps getting this guy convicted. I mean, think think about this guy. He was so brazen, he could have killed people, starting this fire in a townhome complex right, all because he was, I think, going through divorce at the time or separating. He wanted money. He thought this was a quick, easy way to make some money. But he didn't get away with it and thankfully he didn't kill anybody.
Speaker 4:Wow, that's awesome. Yeah, Just real quick, andrea. I was going to say like it's kind of probably seems like a thankless job or industry that you're in doing all this stuff, seeing all these different things, so taking that when there has got to be, you know, huge for you guys.
Speaker 3:Yeah, you don't. You don't always win all your cases and actually when you're a forensic examiner in law enforcement, oftentimes you don't even know what the final deposition or disposition is in a case. Okay, sure, unless you go look it up right, because you're not testifying. In most of these cases, the detective or the prosecutor isn't necessarily coming to you and the case is over and saying hey, andre, guess what happened? You know it's just everyone's moving, moving along. So sometimes you don't even know what happened. So it's, it's, it's nice to know what happened in a case and know that the work you did actually benefited and got got justice.
Speaker 4:Yeah, that's really cool.
Speaker 5:That's got to be, you know, thrilling, you know maybe some adrenaline when you're there and finding those items you mentioned. You know you work with. You know in the corporate sector you work with attorneys and HR people, but you mentioned to me you're kind of working in a chain of command. When you're working with law enforcement, correct, you're there with the officers and sworn in.
Speaker 3:Correct, yeah. So yeah, when you're in law enforcement doing this work, generally the forensics people are reporting up to like a sergeant or a lieutenant that are in the official command structure, right. That's generally how most law enforcement agencies work. There are some slight differences here and there, but that's generally how it works and you know, oftentimes the people you're reporting up to I mean, their background is law enforcement, right, they come up through the ranks. They don't necessarily know a lot about forensics, but they're managing you and managing the forensics team. So you really have to develop a close relationship with them and educate them and try to get on the same page so that you know you can really be effective doing this work.
Speaker 5:Yeah, that sounds exciting. You had mentioned another case that you worked on that involves some creative thinking. You mentioned a narcotics case that was particularly interesting in that regard. Can you tell us a little bit more about that?
Speaker 3:Right, yeah, this is another case that I absolutely loved working and I love talking about it. This is a good illustration of not only the power of digital forensics but the power of having a well-rounded investigative. I guess mind and mindset in pulling from different disciplines to get to your answer, and you'll see that once I walk you through this particular case. So, yes, there was a narcotics investigation that I was involved in. So in this particular investigation a bunch of devices were seized. This was another investigation I was not on scene for but the devices were collected by other law enforcement agents and brought back to the laboratory. And there was a one particular phone that they collected. It was a smartphone and evidently the suspect in this case, even though this phone was found at their residence along with a bunch of other stuff, suspect said I don't have any clue whose phone that is. I've never seen that phone before. I don't know anything about that phone. I've never touched that phone, never used that phone. Probably someone that spent in the house. I got people in and out of the house all the time, right Parties and you know all this stuff going on. Someone left it here. I don't know what you're talking about. It's not my phone. Okay, well, that that's fine, I guess we're gonna. We're gonna see if we can figure out whose phone it is. Right, that's our job.
Speaker 3:So once again, the detective comes knocking and says hey, andre, I got a phone for you, got a new case. Gives me the background on the narcotics case, what they did up to that point and I got the phone. You know again, chain of custody. All that good stuff followed. I have the phone in my, my little hands, ready to ready to operate on it. So this particular phone I do remember it was an Android phone, I'm pretty sure Again did a normal collection using celebrate, got the extraction On this particular case I don't remember if it was a logical or a physical, doesn't really matter, but I got an extraction on the phone Started examining the data on the phone, step through, doing the same things we always do. You're checking communications, images, videos, internet history, right. You're trying to find links to other other things that you know about the case and the individual, trying to figure out what's going on.
Speaker 3:So, once again, this, this is a case that involves images. Thankfully, everyone likes taking photos of everything these days. Right, I mean everything. So there's all kinds of photos on these phones and it's oftentimes good information, right. So I'm scrolling through all these images and there's all kinds of images on this phone, you know, pictures of friends and cars and all kinds of stuff.
Speaker 3:But I was scrolling through and I stopped and I found something that I thought was kind of interesting. It was a picture of a hand with some drugs in the middle of the hand. Okay, you could tell they were drugs right In a hand and I'm like, wow, that's kind of weird. I mean it's a drug case, it's a narcotics case, right. Okay, there's some drugs, there's a hand. But I'm looking around the phone, I'm looking at communications and other things and not really finding anything else that I can really grab on to, right, so that's not good enough for me, right, I got to figure something out here. So I go back to that image with the drugs on the hand. So I blow the image up on the screen and I realized that, wow, this is a really high resolution image. I mean the ridge detail on the fingerprints in the palm where the drugs wasn't sitting, I mean it was really good. I was like, hi, that's interesting, I wonder, and I was thinking, picked up the phone and I called down to our latent fingerprint examiner and I said, hey, I have an idea here.
Speaker 3:Can you help me out? I have this image. I printed it out from a phone image. Can you run that for me? Do you think, will that work? And he's like, yeah, I think so, come on down. So I scurry on down the steps and I hand him the image and he starts doing his work. Now I have other things to do, so I'm like okay, I appreciate your help. Let me know if you find anything. I go back upstairs, back up to the lab, and start working and later that day, you know, ding, ding, ding, I get a call from him.
Speaker 5:Hey, I have a hit, I'm like yes, you got a hit.
Speaker 3:So I scurry back down down there to get my information and, lo and behold, the hit a name. Who do you think? What's name do you think I got back? Well, it was the name of our suspect, right? That same guy. I don't know whose phone this is. I've never seen it before. I have no idea. Blah, blah, blah, blah, blah, blah, blah, blah, blah, blah. Yeah, so I took that information, I took it to the detective work in the case. I do remember the detective work in the case was kind of astounded that we were able to do that and find that information and tie that phone to him with his fingerprints and with the picture of those drugs in his hand, right, and yeah, that was a big, big win for the detective, a big win for the case. Definitely helped the case, you know, proved he was a liar, proved that he had drugs in his hand. But regardless, we at least had a minimum tied that phone back to him. And then we did find some other stuff eventually on the phone that was a little incriminating and now we could tie that phone back to him. So that was a big, big win.
Speaker 3:So in this particular case, right, it was not just me working on this, but it was. You know, it was two forensic disciplines right Layton fingerprint examiner and digital forensic examiner. We were combining our skills, working this case together, and this is one of those things where, especially if you're a new examiner getting into this field, if you're working it doesn't matter if you're working law enforcement or not, but try to be creative. You have to think outside the box sometimes. What other things can I do? Or other teams I can pull from? Other expertise I can use to further my case right to further my investigation, and I'm just happy in this particular case, it all worked out and it makes for a great story, even years later.
Speaker 1:Andra, I remember, and that is a great story and that would be a fun one around the Thanksgiving table too. I remember a couple of years ago I don't remember if it was a Krebs article or where I read it but with the advancement of digital cameras getting into like the 8k range, I remember there was a proof of concept where you could take a picture of someone from relatively far away and have the resolution high enough that you could print out their fingerprint and use it to get into biometric devices. So that's pretty cool that you essentially did the same thing to actually catch a criminal in the act.
Speaker 3:Yeah, I mean, you know technology can be our friend in these investigations, but you have to again. You have to know how to navigate things and sometimes you have to be creative, right?
Speaker 2:Andra, if we could, I'd like to shift from the tales from the trenches stories to see if you could tell us a little bit about this book that you're writing. You told me a bit about it and obviously you're a you know, at least statewide authority Midwest authority in digital forensics, so you seem like you're in a good position to write the book. Tell us about the book and the process and what you're kind of aiming to accomplish with it.
Speaker 3:I was actually reached out to buy a publisher several years back. They evidently found a couple writeups that I did for an online magazine and then they reached out to me, got a hold of me and asked me if I might be interested in writing a book about the topic of, you know, digital forensics and, specifically, laboratory management. So you know, I was humbled that someone would would reach out to me and ask me about that, you know. So we talked about it, pitched some ideas back and forth, did some research, you know, is there anything else in the market? There really wasn't much. There's one book and I think till today there's still only that, really that one book out there and it hasn't been updated in many years. So, yeah, so you know, we negotiated a contract, started doing some work. This was pre-COVID. Then COVID hit and kind of things stalled out on both sides the publisher side, my side. But we've since resurrected that and I'm in the final stages of finishing this book up. This book is going to be how to start up a digital forensics laboratory and how to manage digital forensics laboratory. So, whether you already have one or not, hopefully there'll be some tips and tricks in there to help everybody out whether you're new or whether you're in a established lab. There's going to be chapters on just about everything you can think of a chapter on networking, on software, on hardware, a chapter on accreditation, if you're seeking accreditation or if you are accredited. I'm going to have a chapter on kind of the quick and the easy, I think something like that I'm calling it, but it's you know, if you don't have a lot of money, you don't have a lot of time, you don't have a lot of resources, but you need to set something up. You know, what can I do? How can I get started? And then how can I plan to expand over time? I'm going to talk about infrastructure, environmental controls, how you manage your staff, train your staff put, implement training programs. So it's going to be a pretty much all-inclusive beginning to end what you need to do to either start up or manage a digital forensics laboratory, and I'm hoping that some people will find it helpful. And yeah, I'm super excited.
Speaker 3:It's been fun writing it. I think the hardest part really isn't writing. I mean, I think fast, I type fast. I type like 80 words a minute. I can type out a chapter in like no time. But the real hard work that I'm finding is doing the additional research, like you know, putting charts in there and finding other things resources to connect, you know, to engage the reader, to develop my own, you know, images and stuff to stick into the chapters. That's really the challenging piece. The writing it isn't too, too bad, but putting this book together with all the other things you have to do that's a bit challenging. But at least I have a publisher that will help me along the way and you know they do all the editing and you know all the grammar and spell checking and formatting. I just have to throw the information together and shoot it on over to them.
Speaker 2:Awesome. That sounds like a labor of love and a lot of fun and blood, sweat and tears as well put into it. I'm still waiting for my advanced publication copy.
Speaker 3:Yeah, we'll see about that. We'll talk about that at coffee. Scott Alright sounds good.
Speaker 5:Andre, when you finish that book and you do have it out we'd love to have you back on the podcast to kind of do a deep dive into your book and the process and that topic as well and help promote it as well. So keep us in the loop on that, please.
Speaker 3:Yep, absolutely Thank you.
Speaker 5:So we're going a little long today, but I think that's great because this has been a really entertaining episode. There's one more main point I'd like to hit, and that's you know, we're all about keeping ourselves and our loved ones safe online and to that extent you know, maybe you could give us some information on, kind of, the big elephant in the room. You know, when you have our kids online, how do we keep them safe? What are you seeing? You know, with law enforcement, maybe you have a story about, you know, some exploitation that you've seen that can shed some light on really what's going on there and why it's so important to keep our children safe online, and ourselves as well.
Speaker 3:Yeah, absolutely. This is extremely important and close to my near and dear to my heart, because I worked these cases for many years. I'm going to start out, joshua, saying something that I told you when we met the other day. When I went to Illinois and worked with the Illinois Attorney General's Office, one of the first things our chief told me when I got there we were having a conversation was that there's estimated to be this was in Illinois. At the time this was 2012-2013 timeframe there was estimated to be between five and six thousand child predators online in the state of Illinois. There, there's, there's ways. Law enforcement knows about that, right, because there's certain things they do, but that that was the estimate.
Speaker 3:Now, illinois is a big state, right, popular state, right. Not every state is like that, but I would say, if you take that number down let's just say two thousand and you average that across 50 states, that's a hundred thousand child predators online at any given time, with nothing better to do than to target children all day and all night, on every single platform that's out there, whether it's Twitter, youtube, you name it. They're there, you know. They're pretending to be young girls, young boys. They're. They're Saying all the right things, right.
Speaker 3:So that's scary, right, that's scary to know that there's that many people out there actively looking and pursuing Children which, in their eyes, children are prey, right? So the internet is one big hunting ground and their prey are all over and they're looking for them, their target. So now that I've scared everyone, right, because that that is scary, when you start thinking about that, you know what can you do, what should you do, right? I mean, I'm sure a lot of parents out there, like you know, well, I don't know what to do. You know, there's, there's computers and phones and everything all over the place. What do I do with my, with my children?
Speaker 5:Well.
Speaker 3:You know Andre has some advice, right? Andre, advice is some of this is pretty obvious. But in your own home, right, you really need to control access to your digital devices with your children, right, I would recommend limiting or eliminating Any kind of screen time in their bedrooms or in private areas of your house. Nothing good ever comes from that, you know. Have those devices out in public areas In your house, like the living room, the dining room, your, your media room where you're hanging out watching movies, whatever it is, but have them use that, those devices, you know, in an open area. That's a suggestion, you know. I know a lot of parents allow use in their bedrooms, but you don't really know what's going on when that door is closed, right? The other thing is there's plenty of tools these days to limit access to the internet within your home. Right, you can Implement different software devices and even hardware devices that will limit access to sites, limit the amount of time your child can spend on a device and then it'll time out and they can't go out to the internet any longer. All of these things are good and you can find free and cheap Options out there to help you set, you know, get those things in place to help protect your children. The other thing and again this is an obvious thing, but you know, have some Conversations with your children, right, talk to them about internet safety. Talk to them about what data they should and shouldn't be sharing. You know, don't share information about where you go to school, you know, don't give out your address, obviously. I mean, for the most part, don't even talk about what state and city you live into people you don't know. These predators out there, they're trying to gather as much information they can on a target, right, and then they'll, they'll go out and they'll Google search and they'll, they'll pull another information, they'll go out, look for yearbooks, and they'll, they'll do all of these things to try to find this person, this kid that they're, they're targeting. So, although these little bits of information may seem, you know, innocuous to a child, that that predator is taking all of these pieces of information, combining it and Think about this they're doing an investigation on their prey, right? That's what they're doing, and they're putting together this case file with all this information so that they can take their next step. So talk with your children, just say you know, make sure you know what they're doing.
Speaker 3:I suggest to, if your children is into game, gaming and you know, maybe learn how to play their favorite game with them once in a while, so you know what they're doing and you understand what they're doing in the chat services, because this is another big area that I don't think parents understand. It's not just these websites children go to, but if you're playing these, these games through, like your Xbox or your PlayStation, they have often have chat chat services built in and other things built in and the children are getting tied up with that. They're playing the game and then they're they're saying, oh yeah, you know, blah blah blah, I'm going down to the Dairy Queen Down off Main Street and blah blah blah, you know, I'm meeting up with my friend Sherry and Again, the predator is taking all this information, putting it into their case file and they're targeting that child and they're trying to try to do something get that child to send them nude photographs, get that child to meet them somewhere. Whatever the case may be, it's never something that's good. So again, I can't emphasize enough Just know what your children are doing, be involved in their lives, talk to them, show some interest in what they're interested in so that they'll open up to you and talk to you about things. But, yeah, combine that with. You know some, some parental controls that I talked about also. As far as those controls go, you can also get cheap VPN services that will help at least obfuscate some of your information on the internet. You know there's, you know Nord Proton Express VPN. Those will help too. But ultimately, your child is the one giving up all of the important information, and that's what you really need to try to control, and you know it's not easy, right? Um? And children outside of the home, right? How do you know what they're doing? Right, how do you know where they're going? Well, I would highly recommend you have some kind of tracking device on their phone. If you have a young child, there's no doubt about it, because if something does happen, you know, maybe there's a chance you'll at least know where they're at or in. I can tell you one just quick story. I know we're over, but I think this is this is a good story.
Speaker 3:Back in the day with my stepdaughter, we had a computer. We had it in a family room. She would chat with her friends and emails, do that kind of stuff. I had some software on there that that recorded literally every action on the computer, did screenshots it, it did everything. And One day she was like oh yeah, I want to. You know, friday night I want to go hang out with my friend and blah, blah, blah. So I Checked some of her chance, because it's something wasn't really sitting right with me and she was like oh yeah, I'm gonna tell Andre and mom that I'm coming over to your place, but then I'm gonna go hang out with this person, we're gonna go do this. And so it was this big scheme For her to go do something else which potentially would have put her into some dangerous situations.
Speaker 3:And then when she came to ask us, hey, can I go do this on Friday? You know I already had, I was armed with that information. I didn't tell her that, I knew what she was up to. But you know, we just told her no, you can't, we have something else going on and you can't go. But again, that's just one small example. But know what your children are doing and don't be afraid that people are gonna say you're spying on your children. No, you're trying to keep them safe and you know you have to do what you have to do. And this, this is not the same world that we had in 1990 or 1980 or 1950. This is a different world and there's things you can do to protect your children.
Speaker 5:Are there any other? You know stories that just show how, how important it is, you know, to to stay up on this with your children.
Speaker 3:Well, I mean again, I worked a lot of these CP cases and I'll just say this there is no such thing as an average Predator. You know what they look like, what they do for a living. They're all over the place. They've been. They've been grandpa's that have nice homes in the suburbs. They've been kind of wackadoodle gamers with filthy bedrooms and monitors mounted above their bed in Everything in between. So you just never know who's who the predator is. Again, look at, look at Jared Fogle, right, a subway spokesperson Did. Did anyone have any clue Jared was Doing what he did? I mean His wife didn't even have a clue, from what it seems. I mean you just don't know, right? So again, just just want to let everybody know. They come in all shapes and sizes, these predators. They can be any, anywhere at any given time. They could be in your own home and you not even know it, because they really their secretive, they hide their activity.
Speaker 3:I will say that, speaking of hiding their activity, I will say one quick story here, just because it's entertaining and Scott's heard this one several times. So in we were serving a search warrant and I was on the search warrant and it was a very high, upper-class suburb that we were in very nice homes and we serve the search warrant on a house we went in and the suspect in this particular case was an older gentleman. He was in, I believe, like his late 60s. You know, grandpa had children, had a wife, had grandkids, all of this stuff, and we were searching. He had a fully finished basement, a huge Room down there. He had his computer down there, couches, all this stuff, and we were doing a search. The interesting thing about the room was it had a drop ceiling right above it with little tiles, and one of our Detectives that was in full-swat gear at the time when we went in there Got a little step ladder and was gonna, you know, look in the tiles. And I Kid you not, this was a huge room, probably you know a hundred or so tiles right, drop-sailing tiles all over the place. It was just a big room. The first tile, he popped, the first tile, he moved, he looked and I remember he looked back at all of us there's probably like eight of us in the room and Big smile on his face and he was kind of a. He was probably about five, eight, kind of a Stocky guy weighed like probably like 240 on this little step stool and he started doing this little little dance and he said I hit the mother load. And he pointed up there and we looked and there was probably like a hundred CDs and DVDs Stashed up in the drop ceiling. And of course, you know, we, we inventoryed all that and eventually, yes, all of that stuff did have Exploitative material on it, right, but we all broke out like kind of a roar and we were all laughing and because it, I mean it was just, I mean a good feeling that we found it and it was kind of funny the way he found it.
Speaker 3:So the chief, the chief is interviewing the suspect upstairs and he runs down the stairs and he looks at us and he's like what, what the heck's going on? You need to keep it down. Blah, blah, blah. And Someone I can't remember who said, chief, we found it, we found the stash.
Speaker 3:And the chief just had this huge smile on his face all of a sudden. So he went from, you know, ripping us one, to this big smile and then he just said, well, keep it down. And then he ran back upstairs to finish his interview because now he knew we had the goods he could change his style of in the interview. But you know it was just. It's a good feeling when you find stuff like that, when you're when you're doing these investigations and you serve a search warrant. Not every search warrant you serve is Productive. You don't always find what you want to find right, but that one we found it first. You know first tile and it was. It was just funny maybe a little funnier when you were there than me telling it, but it was a good time and I'll always remember that that particular search warrant.
Speaker 1:Andre, with these predators, is it 99.9% of the time men, or there ever any women involved with with your investigations?
Speaker 3:Yeah, that that that is an excellent question. Yes, it, in my personal experience it is almost exclusively men, but not always. There was one particular case that I wasn't directly involved in but I was working with the examiner who was working on it and that was one where an actual a mother was involved with Exploiting their own child and yeah, it was a horrible, horrible case. So that particular one, you know, obviously a woman was involved, but the vast majority of these things are men. But there, you know, there are some sick and depraved women out there too, but it's mostly men.
Speaker 1:And Andre I know we're probably all expressing the same thing really appreciate what, what you're doing here to to help, you know, clean up the internet, so to speak. I'm sure there's things that you've seen that you just can't unsee, and I'm sure that's hard, but really appreciate you sharing these stories here with us today too.
Speaker 3:Yeah, no problem, any time glad to share, glad to offer. You know, up my, my experience To all of those out there and I'll come back anytime share more stories. I got plenty more to share, unfortunately, but some of them are interesting.
Speaker 2:Andre, we like to send our guests off with some IT audit labs swag, so if you could let us know your head and and clothing sizes.
Speaker 3:Told you that yesterday, scott.
Speaker 2:Did you? Sorry, I'm just doing it for the camera here, just just showing how good we are with our guests, so we get you back and we get other quality guests. Yes yes, you did tell me, andre, what size you were. I'd have to read it off the message.
Speaker 3:You can feel free. I'm not proud, but it's true.
Speaker 1:You know the truth is the truth, we'll send you something.
Speaker 5:Yeah, all right.
Speaker 1:Yeah, we'll get you something out. In the current technology landscape, managing risk, among other operations, can be incredibly challenging. Let IT audit labs experts provide a detailed, thorough examination in preparation for your upcoming audit. Contact us to learn more. Thanks to our producer, joshua J Schmidt, and our audio video editor, cameron Troy Hill.