Trucking Risk and Insurance Podcast

Forensic Investigations and Truck Drivers, What Could Go Wrong?

October 08, 2021 John Farquhar & Chris Harris Season 2 Episode 3
Trucking Risk and Insurance Podcast
Forensic Investigations and Truck Drivers, What Could Go Wrong?
Show Notes Transcript

Trucking Risk and Insurance Podcast

A huge THANK YOU to our Guest, 
Jason Conley, Digital Forensics Examiner
Contact Info
Cell: 1 647 208 0482
Office: 437 317 0580

Here is how you can get in touch with your hosts: 
Summit Risk Solutions

Chris Harris
Safety Dawg Inc.

Hi, thanks for joining us here. On another episode of the trucking risk and insurance podcast, we have a lot of fun here and today's no exception. We've got a great guest, Jason Conley of Invista, and Jason is a digital forensics expert. And one of his expertise is mobile digital items. Your cell phone, what market you asked for. So we're going to have a little fun with Jason going to tell us a little bit about himself and some of the fun that he could have. So we look forward to you joining us. And by the way, don't forget to subscribe and like this program. And if you don't like it, when I'm done, that's okay too. You don't have to worry about it. So do me a favor, hit the dislike button twice. John Jason, one of you tell me what it is that we're talking about today. John, Let me tell you, we're going to talk about forensics, but only a certain portion of forensics. As we know, there's all kinds of different forensics out there and whatnot, but we're going to talk about Jason's expertise, which is related to cyber electronics and some really neat stuff. And I think one of the funniest parts that I like about it is it deals with this little thing right here. This is, this is a lot of fun. We play games on it. We communicate on it. You know, we take pictures with it, but I don't think people realize how important this little device is and what it could really tell you. So we're talking recently, I had the opportunity to speak with Jason. I was working on a bit of a project and interesting enough, it takes, it filled me in on a lot of neat stuff. So that's why I thought this would be a great opportunity to bring Jason on board and let him tell us what he knows. So we're talking about truck drivers and cell phones. Why not? Jason, tell us a little bit about yourself, who you working for and what do you do for a living? Certainly thank you, John. Thank you, Chris. So I'm a digital forensic examiner and I have one for about 18 years now. I, my existence is completely dependent upon people having digital evidence that may need to go to court 99% of the time. It doesn't especially in Canada, but there's always that 1%. And so, you know, no two days are ever the same. You know, we deal in cyber investigations, which of course there's a huge, a huge outbreak of especially given the circumstances. So that's out of hand, we do a lot of that. We do a lot of civil investigations, as I've mentioned earlier, there's a lot of, you know, employees who jumped ship and take precious info with them to a competitor or the business, things like that, all kinds of civil situations, criminal defense work, get to see the darkest aspects of society. Of course, someone do the dirty work to make sure justice is balanced. So it's, it's all over the map. And certainly as, as John alluded to one core component, especially in the last two sections that we were, that I described is mobile friendly. So in computer forensics, computer forensics or digital forensics is a very broad, broad term. And there's many specializations beneath that. One examiner may have one or several specialties and mobile forensics is certainly one of mine. And, you know, any examiner in today's world would be foolish not to make it theirs as well, Encourage others to get in competition with you now. So you're saying recently, John and I were talking about the truck driver for the Humboldt crash, Mr. Sudu. And one of the things that came out in that court proceeding was that he was not on his cell phone. So they would hire somebody like you to dig into that and to give back a report to say whether he was, whether he wasn't. Is that right? Yes, That's absolutely correct. As a matter of fact, you know, the type, the types of evidence can both secure, preserve and extract can get right down to milliseconds. So that obviously in a traffic accident situation can be critical to a court case or insurance case or with That's interesting, sorry, I'm just thinking I I'm working with a lawyer as well on a different crash and the evidence they got the cell phone records and it looks like the driver may have been on the phone at the time of the crash, but they didn't hire, at least to my knowledge, they haven't hired somebody like you to determine. And perhaps that's because the truck didn't have a GPS system. And so they may not be able to determine that the exact time of the crash and to be able to match it up with the exact time of the, of the phone call. I see. Yeah. There's, I mean, there's certainly a lot of sources for evidence when it comes to the trucking industry. I mean, I, in a recent yeah. Favorite stuff. Yeah. I've got a, as a matter of fact that have a trucking case, that's on the go right now, of course I can go into any specifics, but essentially there is, you know, a truck driver whose future is at stake essentially. And you know, this was a very, very serious case for somebody extremely hurt from an accident. And it's, it's very serious, but anyhow, it's, it's another case that's showing me just how many different sources of evidence can be brought to the picture. You know, there's the GPS component, there's the cellphone component. There can be the, the data box, right? The infotainment system on the vehicle itself, or there can be the dash cam, right. That's pretty instrumental in the case that I'm involved in. And, you know, they, they all might have a slightly different date and time on that. So, and then the basic documentation, like the drivers, you know, logs, those, those can actually be really critical and good all paperwork. So it's, there's a lot of different components that can factor in to a, a trucking investigation litigation. It's fascinating. John, go ahead. Well, I was just wondering, let's kind of do a little hypothetical fun here, so that way we don't have to worry about some other case let's create something. Cause, cause that's what we're all about. We create, we invent here. So let's just say I'm driving down the road was talking on my phone. Hi. How are you? Yes. I got to go now talk to you later. Bye. So I hang up from the phone and then, oh, interesting. My brother texts me. So I'm going to take an text, my brother back and then, you know, carry on down the road, put my phone in the phone in the, the cup holder. And then I'm going to take a notice that it beeped at me. So I'm going to pick it back up and it's going to wake up and I'm going to look at it and go, oh, my kids are WhatsApp. Send me, ah, send them a message while all this time on tootling down the highway at about 120 K. Okay. So I'm sure I'm a good driver. So anyway, fortunately, no, God, no, no, no. I'm from New Zealand. You're not from Ontario is I hope. No, exactly. Yeah, yeah. In Western Canada maybe. But so, so we're, we're ultimately involved in a crash and I'm going to lie my face off and tell you I was not on my phone at all, you know, you know, so yeah, I took that phone call, but it was my hands three device, I think I'm sure it was. So from there, what are you looking for? What could you tap into? What do you can look at to prove me the liar that I am Certainly. So from your phone, I would have a copious amounts of artifacts that would show me wanting your infotainment system or your Bluetooth headset was not engaged, would have 30 Jason. That was my price question. You can tell whether a phone call was taken over the headset or certainly it was okay. Yeah, sure. And cool. The, you know, the messages themselves, of course those will have date and timestamps when the message arrived, when the message, you know, when your message was composed and sent, you know, the duration of your phone call, of course, when that started, when that ended. So, you know, we'd have all that data and of course, none of that. Yeah. So what about something like Snapchat? Right. That's gone in, in, in a few seconds, know I've texted whatever message that's gone. So that's, that's not still on here. Is it? Snapchat is one of the very few exceptions. And as a matter of fact, so the data may still reside on the server for 48 hours. This is what my understanding it. So chances are that eight is probably going to be long gone, but that's one very rare. Just about every other application you could possibly imagine will have some form of artifacts present. Okay. So what about, what about say I've downloaded the latest YouTube podcast of safety dog, the trucking risk and insurance guys. Okay. I downloaded that my phone and I've decided while I'm driving, I'm going to set it up on a dash and I'm going to watch it, but it's on my phone. I didn't download it as I didn't stream it. I've already downloaded it. So, you know, you can't tell that I've been looking at that. Can you Sure. Okay. Oh, so there's just some kind of background information that there are, there's a host of, of processes and operations that are more diagnostic oriented, right. That are constantly running in the background, regardless of your phone type, both in iPhones, Androids it's they both have all the, you know, a truckload of, of resources that aren't visible to the user, right? And the whole purpose of these resources is to enable the programmers of the device to, you know, to improve upon, you know, their products to re log log and report problems essentially. And even logging reports performance. So, you know, they're beta testing, new things, you know, new programs or new version of a program, new version of an operating system. They will have the records to go back and check before they actually released the stuff. And in other cases, of course, you know, there, there may be like with Microsoft or with apple Google, they may want to be able to diagnose this really quickly, right? If this is something major, you know, there could be some serious liabilities involved. Let's imagine that, you know, Google maps is something where you sending people into ditches or something like that. You know, there's just to be able to go back in and see, okay, where did Google maps? Right. And with every last bit of eight, including whatever possible location information is available. So, so there's all kinds of programs running in the background and logs being created that are diagnostic or, you know, an orientation they're not intended for forensics, but they're the forensic examiners, best friend. And most people are Now my best friend then not, not if you're the devil that you made yourself out to be John. Yes. I'm not like that by any means, but a yes. You know, I had to switch phases. So Go ahead. So I was looking at, in contrast for the driver who is, you know, in an accident in one, which they're not at fault, this same information could be their savior and best friend. Sure, sure. No provide provided, provided. They know, first of all, that this exists and you know, this is the holy message I'm bringing today. And two that they'll know how to preserve it. Right. And how not to let somebody else muck it up. That's the really important stuff is getting that evidence on ice. So that the truth, cause the truth is going to come out, regardless of whether they're innocent or guilty. It's just a matter of, you know, whether they have the ability to get that evidence preserved as quickly as possible, which really means there'll be more evidence available. You know, I had one case the driver, you know, and this is great that you're bringing me on here because so few people know about our practices. We're not a well-known, you know, when I started my own business years ago, I've heard the quote in the presentation. It's just to educate people on the existence of my work. And it's still the case today. So when it comes to, you know, cell phones or computers and things of that nature, the more time the lapse is from the event, typically speaking, the less artifacts that will continue to reside, right. You know, on a traditional computer, hard drive eventually become overwritten. If they get deleted, they'll become over it with Ty and similar, similar with the fall. Some things disappear within hours, some things in a day, somethings within a week, some things within a month, I had a cell phone, lots being one trucking case where the driver was still using the, been, it had been almost a year. It was like 11 months. Well, you know, the lawyers just didn't, you know, they didn't know to advise your client, Hey, bring a phone in here. I've got a, you know, a forensics person or call we're going to get in, you know, this phone, put on ice right away, go out and get yourself a little bit cheaper. And her phone in the meantime, you know, in fact if I wasn't a driver, knowing what I know now, I ch I checked one in my, in my box. I keep a burner phone. So yeah. So that's, that's the criticality is getting that information as soon as possible. Not continuing to use the device because that can cause data to be overwritten. And the one thing I would like to say, you mentioned, well, if you were involved in a crash, that's not your fault. The phone could be your best friend by the same token. If it is my fault that I had a crash, frankly, I want to prove that I wasn't on the phone because that if I was on the phone, that's going to escalate everything. Yes, I'm a human, I can make a mistake and I have a crash, but dammit, I'm not going to be on the phone if I can possibly, well, I know I won't be on the phone. So I want my phone to prove that I wasn't on the phone that I screwed up. I'm a human. Yes. And, you know, in truth, through that point, in another case, you know, it's, it doesn't seem so black and white when it comes to distracted driving, right. We all have the fear of God putting into us when the laws came out, you know, six points. If you're seeing on your phone still to this day, I can't pull up at the intersection where seeing in somebody's phone and it's usually the fall. I'm pretty sure. So, you know, it's in this particular days or the driver had an accident and he was using his phone. In fact, he was, you know, he had a radio station that he liked to listen to. It was kind of unique and it wasn't something you just pull up on the OAM MFM and we played it off his phone. And, you know, the circumstances were such that I can demonstrate, but his use of the phone was not, was not related to the act. Let's put it that way. I can demonstrate at least that he had not touched the phone in a matter of a number of minutes based on the information available. So, you know, it's not, you know, it's not to my, from what I've gathered through a lawyer, I cannot, but it, you know, it doesn't appear that, you know, judges will automatically use their fault. It's just a matter of what's the use of the phone in payroll to the act. Yeah. And then that's what I was saying about, you know, I can have a crash, but I don't want my phone to be involved. Right. No, no. So, right, Exactly. Let me ask you this, you alluded to it. Go ahead, John. Nope. Go ahead. You first, I was going to say you alluded to it. So if I am involved in a crash, whether it's my fault or not my fault, whether I'm on the phone. Well, I guess if I was on the phone, I should use my phone as much as possible. Sorry. No comment. How, what, what is the best way to preserve the information on the phone? Certainly. And then follow them up with this. If I was on the phone and it contributed to the crash, should I just destroy my phone? Okay. So I definitely can't comment on the ladder. It doesn't, the water is how much information can you get from the Rogers, the Telus, the bell of the world and not from my device and what it, and then of course, why would you have destroyed your phone? That's pretty intimidating. Yeah, Certainly. Certainly. So if it was a perfect world, I would say the best way for that to be preserved is for the person to turn off all the network connections. So the cell cellular data, the wifi, you know, Bluetooth, everything, anything and everything. That's, you know, a network connection airdrop, if you're on an iPhone and then preserve that and get it or to their lawyer to get to me. And if the battery's near dead, you know, and the lawyer's suggesting they take a while, keep it plugged in and on. Okay. Because that's the absolute best case scenario. It never happened. I mean, I've never been that lucky in a vehicle case thus far, but that is the best case because there are some things lost when the form was shut down. Okay. Turn my phone off, preserve it Nine times out of 10 that's what's going to happen or it'll just run out of power before it actually makes it to me. So, and you know, someone doesn't remember to follow those steps, you know, that's, that's the next best thing is, turn it off, back on and get it to me. So that's Number one is turn off, put it on airplane mode. I'm an iPhone. Sorry. I was just going to say what airplane mode and turn off the wifi in the, Yeah. Now some, there are solving versions of phones. We all still some connections the mode is on. I don't think that's a foolproof. So you still want to make sure you turn off your wifi. Yeah. Right. Okay. Okay. And then the second thing would be to, and not the best thing, but would be the power. It doubt The second best thing. Yes, absolutely. And, you know, put it in a box, tape it up, you know, put the name, name, date, what it's for that kind of thing. Lock it up until you got your lawyer. And now it comes to me through the lawyer, that sort of thing. That's usually the path quite often, lawyers will want to establish the agreement directly with the examiner, just for the sake of preserving the client. So, you know, these things get pretty serious and intense. They want to ensure that the least amount of information can go to the other part. So typically a lawyer will engage us directly quite often will start with, you know, most often insurance carrier actually, you know, insurance adjuster will get the ball rolling, but lawyers will call us directly on this too. Johnny, you had a question. Cool. Well, I was just going to say if I were to put you in front of a room full of drivers and, and not necessarily just truck drivers, but any kind of driver. Sure. What would you say to them to prevent them not to prevent, to get them to think twice about picking this damn little thing up. Yeah. And you know, that, that, that would be an opportunity. I would never turn up based on the fact that distracted driving is like being number one killer. Now, you know, it's, I would simply tell them that, you know, you're, if something serious happens, you're going to get caught. You know, you got, you know, you've got luck that is, you know, incredibly, incredibly beyond the norm. You chances are you're you're, you're going to go down for it. You know, if the police get their hands on public law enforcement, private industry folks, we basically used the exact same tools. If you have the same training, only the police are going to have that follow up. If you know where somebody is in a car accident. And of course, if the driver's deteriorated at the end, you know, in an ambulance to the hospital, they're not going to have much to say about police, you know, should look at their phone or not. So the shirt there's so much, you know, data that they're not aware of documenting all kinds of activities that they shouldn't even pick it up. Right. Yeah. Cause I think you told me once before that even picking up the phone and it wakes up, you can actually record that how many times you've done it. So I haven't done anything with it, but I've just looked at it each time I pick it up and look at it. You can actually track that and measure that. Yeah. Every state change on it falling is typically record it. You know, a certain mix of models vary, but you virtually every, every change of action will have an alignment, an entry line. And there's always a date and time with that line And the log file. What I just heard. And I repeat what I heard, because sometimes what I hear is not what you said, but if I've got a phone in a cradle, which is where it's supposed to be, every time I touch it in the screen lights up again, that's a state change basically. And you can, it logs itself somehow. Yes. Scary. So I have a phrase for that and I, and I got this from a good friend of mine. Every echo has a behavior. Oh, look at that interest. So we're, we're hitting close to 30 minutes already believe, but I do have one more question if I was guilty and I destroyed my phone, how much information can you get from the provider? The bells that tell us the, I forgot all the American ones, but there's quite a few of them, but how much information can you get or do we, or should I just cut that question out of the interview? I know That's fair. That's fair. So I won't speak so much about, you know, the applications and what they store on the cloud, because that can vary from app to app, but you know, law enforcement for sure does gain access to that stuff. You know, civil guys, not so much. Okay. But certainly when it comes to the carriers, you know, we added this to, we actually have a very unique group in our forensic team that do still site analysis. So, so they actually will go and do drug testing and they will map out what all the cell towers actually captured on a map. So they can with absolute precision and with the scientific methodology, determine whether or not, you know, a, a statement is true or false. An opposing party is proposing this. This is very, very popular in the U S of course, where there's a lot of herbs. There's a lot of high prime activity where cellular gated location in particular is of great value. So they actually pioneered this process and they're up against the FBI and all kinds of folks on a regular basis, which is fascinating in and of itself. So what I've learned from that is that what the carriers hold onto is actually a lot more than, of course what you see on your phone though, right. And it's kinder. It's actually scary in a very big picture way, because you want to know more about us than we really do. If there were to sit down and do some analytics, you know, they could tell you where you were 12 years ago and where you went every day, what your timings were like, and you know, where you went on Friday, last marriage, any of that stuff, it's all recorded. And you know, no, I'm not aware of anybody jumping up and down. I'm sure all, that's your rigs. So, and yeah, that's, that's another kettle of fish, but anyhow, it's, it's substantial what they hold on to. And it, you know, it's from a geolocation. It's very, very powerful. Interesting, really interesting. Yeah. Jason, I didn't know. Well, I know, I I'm glad that cause I know one thing's for sure. If I'm ever involved in a car collision, crash or incident of such cert with a third party, regardless, whether it's a truck or a car, I will be instructing my legal counsel to contact Jason directly. So you're of the same belief that I am, that it, the cell phone would not have contributed to the crash. Yeah, no, not at all. It's like It's similar to many trucking companies to kind of switch subjects. A little bit, many trucking companies will send their drivers for a drug and alcohol test to prove that they're not guilty to, to eliminate one accusation. And of course, I think every lawyer would accuse us if we're at fault in a crash, even if we're not at fault. Well, you should have been able to take evasive action. Had you not been on your phone would be the accusation accusation they're going to That's happens frequently. Oh, so Jason, Over one accusation to construct drivers. Yup. Sorry, say that again. Jason Distracted driving is one of the number one accusations and truck driving litigation. I just want to make sure everybody heard that. Yeah, exactly. Creed John and I are proponents of drive safe and, and let's get off the phone and that type of thing. Yeah. And the drivers have heard it. So unfortunately they've heard now that if they are on the phone, people like you are going to prove that they were on the phone. Yes. It can. It can say a motor carrier hire you directly to analyze a phone in that fashion for a defense or would it be wise to go through their lawyer first? I think it would be wise to go through the lawyer. Yeah. For the, for that, by the time I I'm the type of person that, you know, if someone shows up at my doorstep and they've got a piece of evidence, you know, all, all ensure it's preserved right away. I just won't produce any reports until that the legal aspect is kind of accounted for. Right. Great. I'm just thinking from a defense perspective, you know, the driver's adamant, I was not on the phone, please. I'd be happy for you to analyze it and exonerate me from this situation. I think a motor carrier from a defensive perspective would be smart to jump on that and say, Hey, Mr. Lawyer, we've preserved the phone as best we can. Let's get this thing analyzed right now to help us in our defense. So we can kind of squash anything. A plaintiff lawyers are gonna throw up. Absolutely. And to be honest, I wouldn't even be surprised if, if in the future, if it catches on with chocolate insurance, I wouldn't be surprised if the underwriters come out with this is this is a part of your process or, you know, something like that or turn it down. You turn over your phone as soon as you step out of the cab. Yeah. Well, I'd like to see more, more companies put in stronger, best practice, distracted driving policies and procedures. You know, they all talk a good game where, you know what, turn the phone off. Don't talk on the phone whatsoever. But I think because of what you've enlightened us with today is all the more reason to go. Guys don't even use it. Don't touch it unless you're parked safely. Absolutely. Hey, if, if anyone out there ever wants to do a, an intake or random checkup or integrity test on their drivers, that could be arranged. Yeah. Her contact info is in the show notes below. Perfect. Thank you. Thank you. It was a pleasure speaking with you. Well, I jeez right over my head now, what was that last question I had? Oh, it was this, you tell us to preserve the evidence, right? So can we preserve the evidence and keep the same phone number? Or is that out of your expertise? In other words, I'm not on the phone. I want to give you this phone to prove that I wasn't on the phone, but I've had this same phone number for God, probably 20 something years. And I don't want to switch phone numbers. That's a really good question. Well, thank you. I Only said that to my question, you know? Yes. I noticed that. I noticed that. Yeah. Preferential treatment here That is very, very doable because if we get a SIM card out of there, I mean, I'd like to take a copy of that, but we get the same card out and give it back. You should be fine. Going back to your carrier and getting a new phone. You put it in. Beautiful. Cool. Thank you, Jason. Thanks so much for coming on the show. I really appreciate it. This was great information. My pleasure. I chose your folks. I I'm glad to have Jason on our side. Yes. Any last words or piece of advice? Just drive safe. Everybody drive safe. Beautiful. Thanks, Jason. I appreciate that so much. I didn't know. There was so much information that could be scrubbed from cell phones and of course used in court. Thanks to my co-host Mr. Johnny Farquhar from summit risk solutions. I'm your other host? Chris Harris safety dog. And that's it for this week. If you're getting value from this program, please like subscribe and maybe even leave a comment. Thanks. That's it. Safety dogs.