Category Archives: Computer and Cell Phone Forensics

Institute Of Computer Forensic Examinations And Criminal Investigations


The Institute of Computer Forensic Examinations and Criminal Investigations is Duly Licensed  as Continuing Education CE Training School (Y15802201)  by Texas Department of Public Safety Regulatory Services Division.  Additionally, ICFECI is a C.E. Provider registered (Registration Number :  2229)  by the Texas Department of Licensing and Regulations.

ICFECI offers training in relation to computer/cell phone forensics and criminal investigations with primary focus on Federal Criminal Code and RULES, Title 18 § 3006A.  Additionally, ICFECI offers training regarding RULES OF CRIMINAL PROCEDURE, Rule 16.  Discovery and Inspections.

ICFECI offers training in computer and cell phone forensics, including repair and maintenance of computers and cell phones.

Computer equipment training is done on Tableau products.  Computer and cell phone forensics tools training is done with Accessdata’s Forensic Tools, Oxygen Forensic Tools and Autopsy open source forensic tools.

The Institute’s training is offered to examiners who are already involved in digital forensics and need continuing education.

Taking computer/cell phone forensics continuing educations classes requires an introduction to ethics as a code of professional conduct and or responsibility.

Certificates of Completion

Upon completion, continuing educations certificates issued.


If for any reason, courses do not meet your expectations, apply and a full refund will be issued.  If a course is cancelled for any reason, a refund will be issued or the fee can be applied to another course of your choice. C.E. credits will not be issued for or may be retracted for refunded courses.


Dan James

Institute of Computer Forensics and Criminal Investigations

4364 Western Center Blvd., #304, Fort Worth, TX 76137

How to protect yourself from false forensics

It is commonly understood that once something leaves the closed system of your phone or computer, it is out of your hands. Text messages are saved by providers, blog posts are screenshotted and saved, and calls are logged or recorded. When it comes to technology, nothing is ephemeral.

That said, technology is highly adaptable by nature. Every time we think we have found a way to outsmart it, a new strain of deception appears. Many people are aware of ‘deep fakes,’ a method of effectively impersonating someone via video editing. Considering how simple it has become to alter someone’s face and words, the act of altering text is hardly outside the realm of possibility.

Problems with digital evidence

On top of this, a number of problems prevent law enforcement from accurately assessing digital evidence. This includes the amount of digital evidence (thousands of texts can be sent within the span of a few hours); the difficulty of obtaining original copies of messages (screenshots are easily edited and tech giants are notoriously slow at providing data); and the ease of cherry-picking information from a seemingly endless source (you might have searched for a term tangentially related to the crime five years ago).

False forensics can be particularly damaging in cases that involve fraud and sexual assault. Messages can be erased or edited to appear in someone else’s favor or to hide evidence of misrepresentation. Especially when dealing with law enforcement who might not be trained to deal with digital evidence, a doctored email could sway an entire case against you.

Computer forensics in Dallas

Bearing everything in mind, it is crucial to consider your own technological safety. Computer forensics should be handled by experts, who have a professional understanding of the evidence. ICFECI offers computer forensics in Dallas and computer forensics in Fort Worth with the goal of protecting you from false accusations or mishandling of crucial evidence. Our experts are trained to identify relevant parts of data, in addition to often overlooked warning signs for when messages have been deleted or doctored.

In today’s world, it is easier than ever to frame someone using technology. You need to ensure that you are doing everything you can to make technology work in your favor.

How Cell Phones Can Save the Day

When people think about the insidious and, frankly, not unwelcome, growth of technology in our lives, it is usually with a twinge of guilt: ‘I shouldn’t spend so much time on Twitter,’ or ‘I’m working on keeping screen-time to a minimum,’ and so on. But the rise of mobile technology is probably here to stay: it’s just too useful to us! Need milk? Message your partner to pick some up. Running late? A quick phone call, email or SMS reassures the person you are meeting that you are on the way.

But there are other ways that being ‘always connected’ can help, and that is when a crime is committed and someone else ends up being accused because of an unfortunate coincidence. This can be a resemblance between them and the real criminal, crossing paths with the real criminal as they make their getaway, or any number of happenstances that can occasionally happen – some of them being so very unlikely that a writer of fiction would not dare make them up. As the saying goes, life is often stranger than fiction as seen by this tale, often recounted in cybercrime anecdotes all across the US, from cyber forensic services in Fort Worth to police forces in Seattle and Minneapolis.

Charley Bergin, a tow truck driver, was called out one night to discover that a man had got his truck stuck in the New Mexico desert. The man had called his son, who obligingly drove out to rescue his dad, only to get stuck himself. The man and his son then called on another friend to help them, and that friend got stuck too! Realizing they needed expert help, they finally called on Charley who came out and pulled all three trucks free of the mire. In the midst of all this busy-ness, Charley’s wife phoned him and they got into an argument. Tiring of his beloved’s voice, Charley lobbed his phone into nearby bushes, finished his job and drove home to face the music. The discovery of not one but several bodies in the vicinity, alongside Charley’s phone, had Charley on the hook for serial murder, but after he told his highly unlikely tale, the police checked it out, and soon had the real murderer safely locked up!

But phones can save suspects in other ways too: Larry T Roberts looked very much like a man wanted for murder and was accused. Witnesses, misunderstanding their instructions, picked out Roberts as the guilty party, and things looked very bleak until his cell-phone was forensically examined, and a timeline of his calls and movements over the night in question showed that he was many miles away for considerable time on either side of the murder. On the brink of being jailed for a very long time, Roberts was hugely relieved that the truth was uncovered in time.

And this is the worth of cyber forensic services in Dallas and all across the US: done correctly they can ensure that the truth of your innocence is revealed ensuring that justice is correctly served for the victims as well as for the innocents wrongly accused of crimes they did not commit.

Retrieve Data from Damaged Cell Phone to Uncover Evidence of Crime

Cell phones are the most used communication tools in the current generation. Everyone regardless of age uses the cell phone and it becomes a part of human life. With the boom in cell phone technology, it has become a storage device as well. The increased uses result in an increased number of damages. Since cell phones become important in almost every aspect of one’s personal and professional life, gaining access to the information is critical to an investigation to secure evidence. Cell Phone Forensics is a branch of digital forensics which is used in extracting data/information from mobile phones with the help of forensic techniques and equipment. It is possible to recover deleted text messages from a cell phone if you have the proper forensic tools and training. A great deal of erased data can be recovered including but not limited to

  1. Detailed Call Logs
  2. Address Book
  3. Calendar
  4. Memos / Notes
  5. File System
  6. Pics
  7. Texts or SMS
While it’s important to recover texts we should not limit ourselves to just one portion of evidence and instead make a concerted effort to recover every possible tidbit of information and evidence available on that device. In many cases, phones are damaged, dramatically, to destroy evidence. Some professionals are available that know the process of how to recover various types of data from damaged cellular devices. Not only do these experts know how to undelete deleted text messages, but they can also retrieve email addresses, text messages, SMS messages, caller ID, contact names and telephone numbers, graphics and pictures, videos, address book, and call records with detailed information such as times and duration of calls made and received. A cell phone forensic investigation is the best investigative tool available today to uncover crime.
A professional cell phone investigator is one of the most eminent functions that any person would want to take advantage of. Since the necessity of this technology has become prevalent in modern times, you would be surprised with the kind of advanced tools and techniques that have been developed to deal with the ever-changing cell phone designs and software. When you recover deleted text and other important data from the damaged phones, it is important to rely on a professional that knows how to undelete text messages without damaging any of the data that is on your cell phone. However, this process is something that is used and implemented in a legal manner or as an investigative service aid. The technology is practiced and implemented by only those who have the knowledge, skill, experience, equipment and are legally licensed.

At ICFECI, data recovery from the damaged cell phone, accidental screen damage, water damage or electrical power damage are handled by a professional who has experience can solve complicated problems. They know different types of problems and provide Certified Cellular Examination and analysis using court-validated digital forensic services with tools. You will certainly be satisfied with the service you receive from us.

The Importance of Using Digital Forensics in the Public Sector

The public sector is an integral part of global business. An effective network is needed to collaborate across global clientele. The digital instruments are also signed of our expert lifestyle. In short, our daily work could be very difficult to perform without these devices but these devices also create problems for us like insecurity of our data. You can be the victim of digital crime at any time and your data is always at stake. Misuse of technology in the public sector is increasing in recent years. Unfortunately, this increased usage and the widespread availability of the internet has led to a higher number of criminal cases involving computers. So the public sector is adopting digital forensics and there have been some historical movements in this industry already. It is a necessary tool in analyzing evidence and solving cases. Having a network that is well-protected against both external and internal disruption should be a goal of every public sector. This can indeed take a whole range of guises to track any misuse or rogue activity.

Hiring the experienced Computer forensics Dallas, one that has seen “all the tricks” used by those that would attack a public sector network, is an ideal way to implement and maintain a high level of network security. Typical services offered by this firm also include deleted data recovery, e-discovery, mobile phone forensics, cell site analysis and secure data destruction. They work closely with their clients and inform them of any evidence that they uncover. They can recover deleted files; analyze Internet data to determine websites that were visited from a certain computer even when the browser history and cache may have been deleted. A secure computer network is vital in the protection of intellectual property such as original research and prototypes of software applications. Digital forensics can help provide the level of security appropriate to any business operations.

Computer forensics Dallas investigators are trained to be professionals who apply the science of forensics. The first function of a forensics investigator is to assess the legality and appropriateness of collecting evidence. The investigations process requires evidence collection and analysis be performed in full compliance with the law. Their experience with thousands of computer forensics investigations has enabled these specialists to strengthen their exiting robust processes into a solid and highly reliable platform for forensically retrieving data. Due to the volatile nature of digital evidence, their examiners follow rigorous methods to ensure that the integrity of the data is not compromised in any way. They can easily trace the digital footprints of the cybercriminal who was responsible for a hack. They can handle any cybercrimes or attacks.

Let our specialist team of examiners and analysts take control of your digital forensics investigation, for the safest, most secure and most successful results. For more information on the processes which we use within digital forensics, contact our team today, who will be happy to help. Contact us today @ 214-384-3246.

Dangerous Digital Playground – Perverts, Pedophiles and Pimps ARE Hunting for Children

It’s an arduous task protecting children. After it’s too late, devastated parents want to know how their children could have been protected. As a criminal defense investigator, almost one-third of my cases involve sexual exploitation of children.  Sadly, I’ve handled more than 1600 these tragic situations. In the past, I’ve spoken to church and civic groups on this unsettling and disturbing topic.

One example of a case that haunts me: I was asked to forensically examine a laptop belonging to a thirteen year old child. The laptop contained the typical social media platforms. Within those social media platforms were pictures, videos and text of an inappropriate and enticing nature, sent directly to the child. There were subsequent text messages and photo exchanges. The end result was tragic.

Everyone seems to understand the dangers of The Internet, and we know that there are plenty of websites that are inappropriate for minors. I want to be very clear. Fewer kids are using email and websites. That means, social media platforms are the playgrounds for perverts, pedophiles and pimps.


I use the term “predator” to cover the “3 P’s” of the digital playground: perverts, pedophiles, and pimps.  I define perverts as those who derive sexual gratification from something that is illegal and/or outside the “norms” of society.  Pedophiles are bit more specific—adults who enjoy sexual acts with children. There are other, more specific classes of “-philes” that identify specific age groups of minors.  And, the pimps? These are the “entrepreneurs” of the dark world of sex crimes.  Motivated by money, they profit from their illegal sexual “business.” To keep it simple, I’ll call them predators.

Predators hunt.

Minor children (male and female) are being targeted by predators (male and female). It’s not just opposite sexes to be concerned about. An older female (even an older teen) will befriend a younger girl on social media.  The same is true for boys. This has nothing to do with a child’s sexual orientation. To a predator, a child is an “object,” not a person.


Predators are seeing to “groom” (introduce, foster and normalize) children into sexual activity.  Although many believe this is limited to actual physical sexual acts, it’s much broader and complicated than that. Predators seek photos and videos of children dressed, naked, and “taking direction.” Once a child is groomed into a sexualized situation, the predator has opened the door to personal contact.  This can be a “date” (in the predator’s mind), but I’m seeing any contact feeding human trafficking.  Children are bought, sold, and traded across jurisdictions for sex.


These tragedies are happening across the US, and all over the world. If a community has cell towers, computers, and digital devices—the predators are already there. We have a tendency to think, “This could never happen here.”  It’s happening.  It’s already happened.  And, it will happen again.


Cellphones, tablets  and any type of computer (including game systems) are “open” 24//7. Predators are hunting for children every morning, noon, and night.


Most predators make outbound contact with a potential victim on a social media platform by “liking” or commenting on a topic or photo your child is interested in.  Frequently called a “DM” (direct message), the predator will often contact a child via the platform’s messaging plug in features. The messages often start with humor, or a subject a child has expressed interest in via a “fan page,” group, or “friend of a friend.” As I said above, these people are experts in children. From the initial contact, the predators often encourage children to download other apps, such as WhatsApp, SnapChat, or others.  (Predators mistakenly believe these apps are 100% private.) Once contact is established, the process of grooming a child for exploitation begins. Within a few messages, these predators can convince many children to send photos, video, and identifying data.


This is the most asked questions by the families of victims. It’s also the hardest to answer. The bottom line is this, some people are evil.

There are people that are sexually attracted to children. There is no polite way to convey this concept. We can indulge in long theoretical discussion of “if” these people were once victimized.  But, the bottom line is this is a horrific crime.

And, the emerging reality—exploitation of children is a business for some predators.  There are people on social media, both male and female, that are actively “recruiting” children into prostitution and human trafficking.  They “pimp” (sell or rent) a minor, male or female for sexual purposes, for money. The bottom line is this, exploitation of children is a crime.


Next time as an adult, you receive a message to be friends, and the messages have inappropriate materials, know that your children are receiving the same. Yes.  This IS happening if your child is on social media. My advice is this: Social media is not the place for children!  If your child must be on social media, monitor what they are doing.

As technology continues to change and expand at a breakneck pace, we have to be vigilant regarding social media. As quick as I can type, there are new websites, apps and social media platforms being released every day.  Know what’s on your home computers, your children’s phones and other devices, and keep the communication in your home flowing both ways.  This is an important topic, and we will circle back around to additional specific strategies in the very near future.`

Introduction to Digital Documents

With the influx of digital expertise, the character and perpetration of white collar crime is undergoing stern change. Unfortunately, this has brought down some decisive security vulnerabilities that put digital credentials at menace. In the space of just 40 years we have gone from the Selectric — arguably the most technologically advanced typewriter of its day — to the computer age. A document creation system that had just two parts in 1961 (typewriter and element) can now have multiple components — some based in software and some in hardware.

We live in the Information Age, a time when information is being generated, published, and stored at an ever-increasing rate, and computers play an integral role in all three of these activities. Digital images are misused for plentiful reasons with and without a criminal intent. Images are cropped, rotated and compacted to make them fit for a document. In the days before imaging software became so widely accessible, creating adjustments to image data in the darkroom mandated considerable endeavor and proficiency. But now with the help of Photoshop it is very simple, and consequently tempting, to adjust or modify digital image files. Therefore, stating the genuineness of a document is becoming more and more difficult these days since scanners, printers and computers are good enough to generate fraud documents.

A number of clues can be used for detection of manipulation by visual assessment, like discrepancies in lighting, intensity levels, color distributions, edges, noise patterns and compression artifacts in the conversion among the tampered and original parts of the questioned image. The availability of powerful digital image processing programs, such as Photoshop, makes it comparatively easy to generate digital forgeries from one or numerous images. Cases of manipulated hard and soft copies of documents are frequently encountered due to their large acceptance in both business and legal matters. These types of forgeries have become remarkably frequent position in today’s scenario. Which is why, it is necessary for the forensic document examiners (FDE’s) to evaluate the authenticity of the digitized and hard copied documents and reveal evidence of manipulation if present. Therefore, it is also essential for the forensic document examiners to stay abreast of the latest scientific advancement in the field so that they can meet the challenges of the future and address new forms of evidence.

This article provides a boiled-down version of what is believed to be the most important information for those engaged in the forensic exami­nation of computer-generated documents.

The Pre-Examination Evaluation

The examination of digitally prepared documents should begin with the same pre­cautions and care that would be prudent with any type of examination. The pre-examination evaluation of digital documents is no different than document examinations of any type.

Examination Procedures

The well-established principle that documents should be thoroughly scru­tinized on both sides, corner to corner, is just as valid for modern, computer-generated documents as it has been since the dawn of forensic document examination.

Is the Document an Original or a Copy?

This is a question that may seem trivial to a new FDE, but daunting to the experienced practitioner. It may be difficult to deter­mine if the evidence is an original machine-printed document or a machine copy. Modern computer technology can blur how we define an original vs. a copy as well as the physical distinctions between an original and a copy. For instance, it is possible for multiple original versions of the same electronic docu­ment to be printed on different printers. This occurs daily in the modern world when e-mail attachments are printed out by the recipients. A preparer sends a policy change to individual employees in branch offices, who then print out the text on their machines. Each can lay claim to having an original document, even though some originals may have been printed on inkjet printers and some on laser printers. From a forensic standpoint, the problem is that the same machine that was used to print an original document may later be used to copy it. Original machine printed documents can have machine-rendered sig­natures. Several companies can take one’s original signatures and convert them into True Type fonts. Because these signatures are scalable fonts, they can be smoothly resized, bolded, and italicized to give them visually different appear­ances. A toner or inkjet signature appearing on a document, therefore, is not necessarily proof that the document itself is a reproduction.

Can the Printing Technology Be Identified?

It is a common practice for document examiners to step through their examinations attempting to first determine class characteristics, followed by efforts to ascertain more individual, identifiable features. Following this formula, the starting point for an examination of a computer-generated document will usually involve a micro­scopic examination of the printed text in order to determine the most general type of evidence — what technology was used to print the document.

The classifications that can be made from visual (microscopic) examinations will initially revolve around three basic determinations: Has the document been printed (1) in black and white or color, (2) using an impact or non-impact process, or (3) with toner, wet ink, or other medium?

Has More Than One Technology Been Used to Prepare the Document?

In some instances it may not be possible (without chemical or instrumental analysis) to determine much beyond the technology that was used to produce a computer-generated document. Depending on how the document was allegedly produced, however, this may be all that is necessary to resolve the issue. The two types of cases where this information can be of considerable importance are reinsertion and page substitution. In the first situation, a document is placed back into a printer after the parties have signed and agreed to the terms in the document. If a questioned passage is printed with a different type of printer than the surrounding text, it can be considered proof that the document was changed by reinsertion. An example of this occurred in a patent case, in which all of the unquestioned text had been printed on a dot matrix printer while the questioned assignment of the patent had been inserted with an inkjet printer at the bottom of a page that began with dot matrix printing. In the second type of case (page substitution), one or more pages of the original document are removed and different ones are inserted. This situation arises frequently in probate matters where the signature page of a will is left intact, but the preceding pages are replaced. Depending on what stories the various parties tell concerning the creation of a questioned document, merely being able to determine that more than one printer technology was used may be sufficient to resolve the litigation.

Is there Evidence that One or More Pages are Prepared Differently than the Others or that Text has been Altered

If there is a possibility that alteration has taken place, features such as font changes, formatting, paper type, etc., must be considered. In the case of computer printing technology there are several approaches that one can take to help determine if text (or entire pages) have been added, removed, or altered. The first step should be an attempt to determine if the same printing technology was used throughout the document.

In this regard, literally everything that is printed on the document should be examined, including the printing process used to prepare the letterhead.

Even if only one technology was used to create a document there may be evidence that passages were created on different machines. In some cases it may be possible to make this determination non-destructively; in other instances only destructive testing such as ink and toner analyses will provide definitive evidence in this regard.

Assessing Alignment, Spacing, and Copy Distortion

Various measurement techniques can be employed, including glass or plastic measuring templates or the use of scanning and graphics software. Regardless of the method employed, the FDE must be cognizant of any distortion, linear or otherwise, that may be present. This is especially true for multi-generation or fax copies, in which it is not uncommon to see the text baseline undulate across the page. In such circumstances, only very general measurements can be made. To properly assess any distortion present, multiple line mea­surements should be made. It would be a mistake to focus solely on the entry in question relative to the lines immediately above and below. Differences in line and margin spacing are only relevant if the surrounding text is consistently spaced.

Whether evaluating a facsimile reproduction, photocopy, or computer-generated text, Adobe Photoshop® or other similar software can be a valuable tool in assessing line ori­entation. The document is scanned into Photoshop, where the measurement tool is used in concert with the Rotate Arbitrary function to bring the document to a right angle based on a selected line of text. Once this is done, the same set of tools is used to obtain information about each line’s orientation.

Digital Manipulation Detection Methods

Various methods have been proposed to detect alteration done in computer generated documents which include automatically detecting and localizing duplicated regions in digital images, pixel- based techniques that detect statistical anomalies introduced at the pixel level, format-based techniques that leverage the statistical correlations introduced by a specific lossy compression scheme, camera-based techniques that exploit artifacts introduced by the camera lens, sensor, or on-chip post processing, physically based techniques that explicitly model and detect anomalies in the three-dimensional interaction between physical objects, light, and the camera and geometric-based techniques that make measurements of objects in the world and their positions relative to the camera.


It is safe to say that just as the technological methods used to create modern documents continue to change, so the forensic examination of computer-generated documents will continue to evolve. For instance, many laboratories around the world are currently doing research to determine if an analysis of toners, inkjet inks, and other media can be individ­ualized to a particular manufacturer. Devices used by the electronic printing industry itself to determine output quality and image banding are beginning to see their way into the forensic arena as identification tools.

As we can see a new field is emerging for forensic document examination in which not only the knowledge or experience in document examination but also good knowledge of modern computers and materials used to prepare computer generated documents is needed. This is because of the effect of computers in almost every aspect of our lives and their use in daily routine. Thus a fusion of computerized technology and documents is needed to deliver the justice in the modern times.

Shabnampreet Kaur
Research Fellow
Department of Forensic Science,
Punjabi University, Patiala


Technology paved the way for development and also opened the door for criminals to commit crimes without being caught for years. Presently the mobile phones are a double-edged sword; it creates innovative security risks whilst offering valuable sources of verification for cell phone forensics investigator. Their competent capabilities make mobile devices more like computers that serve us to navigate the world. It uses information hoard on and generated by mobile devices to restructure our communications, movements and other personal details.
Cell phone forensics, being an integral part of digital forensics is vital to accurate investigations associated with criminal and civil litigation’s. It comprises of SMS recovery, locations tracking and recovery of multimedia files, contact records of a cell phone, date and time of incoming and outgoing call records. If anybody is intentionally engaged in illegal activities, he will take predictable precautions to hide their tracks. Some of the protective measures adopted by criminals to avoid being caught are listed below:

Encrypting data
Wiping tools
Secure deletion tools
Remote data storage devices
Digital data compression

The cell phone forensics requires a lot to extract information from smartphones, cell phones and other devices. We, as forensic investigators of cell phones generally adopt 7 ways to extract and determine cell phone activity as listed below:

Bypassing Security Codes
With the help of specialized tools, digital forensic investigators can haul out the security code from some locked mobile devices. This bypass security code facilitates in acquiring data with forensic software from the device.

Safe SIM Card
The confidential data in memory is destroyed if the wrong SIM card is inserted in a cell phone. Keeping in mind this issue, investigators create “safe” SIM cards for inspection purposes.

Live acquisition
The valuable and confidential proofs might be destroyed if the battery is removed from the mobile phones before the performance of forensic acquisition. In few cases, to make sure that all evidence and useful information is conserved, investigators can leave the mobile device powered on until the forensic operation can be performed, in order to avoid external influences, it’s mandatory to take some precautions beforehand.

Trusted Time Source
Though the clock on the device shows incorrect time, still the network generated system functions properly and offer the accurate data. As an example, the time shown in SMS is generated by SMS service center, not by the phone.

Tracking movements
Several mobile devices store site-based data related to actions and bound media on the device. The investigators will recover this data to perceive this information to conclude the geographic location at a particular time on a mobile device.

Recovering Deleted Data
Accidentally or intentionally deleted information related to call logs may be easily recoverable by the investigators with the help of certain ready to use forensic tools. Such tools offer detailed information of missed, dialed and received calls.

Getting Physical
It is easier for the investigators to recover the extensive amount of deleted data from rising number of mobile devices by analyzing and acquiring the complete memory contents.