top of page

Counter Forensics pt.1

If your only understanding of forensics comes from movies and TV shows, then prepare to have some misconceptions ripped away. Forensic science is not the all-knowing, all-seeing force that some shows portray it to be, in reality, forensics specialists are more of a generalized intelligence than a specialized intelligence. What we mean by this is that most forensic specialists are taught the principles of the scientific method and deductive reasoning before being sent out into the world, with this training, they can be given any variety of situations and can make their own theories, tests, and determinations to what they think happened. For example, if police found a man dead at the base of a cliff and called a forensic specialist to determine if the man was pushed off the cliff or jumped to commit suicide, the forensic specialist may throw dummies off the cliff to see if there are patterns between a pushed dummy and a ‘jumping’ dummy. If you think that example is closer to art than a ‘strict’ science then you will be surprised to learn that example comes from a 2013 cold case investigation headed by Interpol. Because of forensics ‘artistic’ approach to many investigations, it is not uncommon for any evidence that is outside of their ‘key domains’ (Facial, Fingerprint, DNA, Time of Death and Ballistic analysis) to be held in low regard by the courts.



As we have a lot to cover, we will be splitting this essay into two parts. Part 2 will focus on ground, tool, and ballistic/firearm forensics. Once it is uploaded it will be linked HERE.


Scope


Our objective is to build a basic understanding of how forensic specialists identify individuals from an investigation, in addition to the flaws and exploits in these analyses. We will specifically cover fingerprint, DNA, facial, and gait analysis in conjunction with methods to mitigate and deceive these investigations.


AS NON-GOVERNMENT CRIMINAL AGENCIES BECOME MORE ADVANCED, SO DO THE TECHNIQUES REQUIRED TO PROTECT YOURSELF. THE TECHNIQUES DISCUSSED IN THIS ESSAY ARE ONLY MEANS TO ENHANCE YOUR PERSONAL PRIVACY AGAINST PRIVATE, ‘EXTRA-LEGAL’, AND CRIMINAL STALKING. YOU HAVE A RIGHT TO YOUR PRIVACY, THAT INCLUDES PERSONALLY IDENTIFYING INFORMATION LIKE YOUR FINGERPRINTS AND DNA. WHILE WE WILL DISCUSS GOVERNMENT DATABASES, DO NOT THINK THIS IS ‘ANTI-GOVERNMENT’. THESE DATABASES HAVE BEEN BREACHED, LEAKED, AND SOLD TO BAD ACTORS IN THE PAST.


SUBVERTING AND DECEIVING THE COURSE OF JUSTICE IS CRIMINAL. DO NOT MISCONSTRUE THIS ESSAY AS SUPPORTING CRIMINAL BEHAVIOR.


Definitions and Acronyms


FS - Forensic Specialist


Investigator - A non-government bad actor tasked with the analysis of someone's actions.


Un-sub - Unknown Subject, the individual being investigated by the forensic specialist.


Fingerprint Analysis


As mentioned, fingerprint analysis is one of the more refined sciences that FS's have in their reach. The main essence of a fingerprint check (otherwise known as a friction ridge analysis) is to find unique sections of your print, for instance, a ridge that forms an island, areas where ridges split, or damage to your print caused by scars; using a handful of these identifiers, automated systems are able to compare to millions of recorded fingerprints to find potential matches. In this manner, even a partial fingerprint may result in multiple matches which can be weeded through to find potential suspects or connected investigations.


So how do your fingerprints end up in these databases? First, we can rule out any paranoia you may have in regards to having your fingerprints documented when you were born. Your fingerprint grows and changes rather significantly during adolescence, making a child's fingerprint unrecognizable when compared to the same person's adult prints. You should remember if your prints have been collected for security checks/applications in the past or if you were printed after an arrest. Even if you believe that your prints haven't been collected, you must remain vigilant. A common technique used to retrieve your print is as simple as offering a bottle of water to you and then retrieving the bottle from a waste bin to pull prints off of it.


With all of this in mind, the best solution to this ‘problem’ is twofold. The first is to do everything in your power to ensure your fingerprints are not collected and stored, which is a continual and diligent process you must undertake if you believe there is a reasonable chance that a bad actor is attempting to pull your print. The second lies in trace evidence reduction, which will be covered after DNA analysis.


DNA Analysis


DNA analysis is a very complicated rabbit hole all on its own, but don't confuse that with DNA analysis being a resource intensive process. A common misconception is that dna analysis involves the complete sequencing of someone's DNA, it does not. In reality, an analysis can be done with minimal and cheap equipment. The objective of most analyses is to test for the presence of certain alleles (sections of DNA) between a sample and a suspect. If a test looks for 20 alleles and both a sample and suspect match on all of the alleles, then it is very likely that the sample came from the suspect.



Unlike fingerprints, your DNA isn't typically stored by any agency, however, there are exceptions to this. We have seen a slow increase in the amount of registers that digitize their DNA findings, this means that unknown suspects can be matched to other investigations if their sample DNA is put into these systems. It is hard to find much information on these systems or which agencies employ them as they are usually still in the pre-adoption phases, however, as time progresses we may see more widespread use of these registers.


Finally, how do bad actors pull your DNA? The process is rather simple, all they need are pieces of trace evidence that you may leave behind. Blood, mucus, semen, sweat, and skin all contain your DNA, and FS's don't need much of it either, a DNA profile can be made from less than 30 skin cells which is far beyond what can be seen with the naked eye. A common misconception is that DNA can be pulled from your hair, while this isn’t wholly inaccurate, the truth is that hair doesn't contain ‘usable’ DNA, however, strands of hair usually have flakes of skin attached to them that can be used.


Our mitigations to DNA analysis follow a similar line to fingerprint analysis, with our main goal being trace evidence reduction.


Editors Note - 03 DEC 23 : The Australian Federal Police released a document via Freedom of Information regarding a Pilot Assessment into using Genetic Genealogy Databases (services like 23andMe, or others that collect genetic data from customers) as methods to assist in forensic investigations. This includes using the databases as comparison points to match an un-subs DNA or to find closely related individuals to the un-sub. The Pilot Assessment was very supportive of these techniques and, as Australia is a leading force in the forensic space, we would expect whatever policies they enact to be utilised around the world in coming years.


Services like 23andMe typically have a clause in their user agreement that dictates they can work with and provide information to law enforcement without seeking your consent. While some feel they can get around this by using a pseudonym when using these services, the reality is these pseudonyms are still linked to your account, payment details, and (if a family member has used their real name) to your families DNA.


The only unknown in this situation is how much data is stored long term by these genetic genealogy services. Some services claim to delete your sequenced DNA after they conduct their analysis, this may be interfered by this new forensic process. The Pilot Assessment states:


"We therefore agree that it is appropriate for the laboratory and the company to be required to permanently delete any DNA Data once the bioinformatics analysis has been performed and the DNA Data has been provided to the AFP (Australian Federal Police)"


Reading between the lines, we can see that the data will not be truly deleted, the ownership is only being transferred.


As of 2021 it was estimated that 1 in 5 Americans have used 23andMe or one of its competitors. You may think its a good idea to find members of your family that have used these services, we urge you not to do this. Not only will it cause unnecessary strife, but, depending on your families size, you may have to ask hundreds of people.


Probability of Detecting a Genetic Cousin Relationship:

Cousin Relationship

Probability of Detecting

First Cousin (share grand-parent)

~100%

Second Cousin (share G-grand-parent)

>99%

Third Cousin (share GG-grand-parent)

~90%

Fourth Cousin (share GGG-grand-parent)

~45%

Fifth Cousin (share GGGG-grand-parent)

~15%

Sixth Cousin (share GGGGG-grand-parent)

<5%

Assuming each parent in your family has two children, that would mean that you have 32 fourth cousins. In short, if a genetic cousin relationship is found between an un-subs' DNA and that un-subs' fourth cousin, then the forensic investigator has just narrowed down their suspect list to 32 people. Given the 1/5 statistic from earlier, this is an almost guaranteed situation for every investigation.


We no longer live with anonymity. This type of investigation is already being trailed in Australia, it will be on our doorstep soon.


Trace Evidence Reduction


Trace evidence operates under the principle that any contact between two objects will leave a trace or sign of the interaction. Trace evidence refers to fingerprints, human cells/other DNA carrying traces, fabric/clothing fibers, as well as evidence that isn't directly related to a person such as soil traces or chemical residues. It is not only the presence of these traces that must be mitigated but also how investigators find them, for instance, blood droplets that have splattered when contacting the ground indicate a wound to the head or upper body as they would have built up speed as they fell, whereas round blood droplets are likely to have only fallen a couple of feet to the ground.


Mitigating these pieces of trace evidence is not difficult, while the obvious answer is to be mindful and aware of the surfaces you touch, walk over, and brush past, we can go a lot deeper than that. Let's start with your DNA and fingerprints.


1. Wear surgical gloves. There are four reasons to do this: first, they cover your finger and palm prints, second, you can't sweat through them reducing the risk of contaminating the environment with your DNA, third, the latex of surgical gloves is very resistant to leaving traces (you wouldn't want latex traces inside of a patient, would you?), and fourth, even if traces of latex were found, almost every American owns surgical gloves, it can't be exclusively linked to you.


2. Short hair and a hat, or bald. Long hair is an unnecessary risk. Short hair is very robust and not prone to falling out, as opposed to long hair. You can do whatever you deem reasonable for your own hair, but it is very hard to drop something you don't have.


3. Use anti-dandruff shampoo. If you have any struggles with dandruff or dry flaky skin, you must get it under control asap. Moisturizing, and exfoliating daily will significantly reduce the traces you leave behind.


4. Wear a face mask. No one ever plans on bleeding or sneezing, a face mask mitigates both. The mask should effectively stop large droplets of mucus from spreading while also catching and absorbing a significant amount of blood. In terms of a specific mask, surgical masks are better suited than most others, the interior layer of the mask is very absorbent while the exterior layer is hydrophobic, this means that large quantities of fluids can pool in between the two layers.



After DNA and biological traces, the next two traces looked for are fiber/textile traces and chemical/explosive residues. We will cover fiber/textile traces now and chemical traces in part two.


5. Wear synthetic materials. While there are no clothing materials that won't leave traces, polyesters and nylon are less prone to shedding and abrasion than their natural counterparts.


6. Have a disposal plan. It's not good enough to enact these measures if you are going to hold onto identifiable materials or clothing. Burning is the best method, however, complete submersion in >10% Sodium Hypochlorite (bleach) is sufficient to damage DNA beyond identification thresholds.


While none of these methods are perfect in protecting you from leaving traces, they will get you most of the way. Combining them with some forensic deception will make the job of any bad actor almost impossible.


Forensic Deception


Forensic deception is a made up term that refers to any steps taken to mislead a forensic analysis. Common forensic deception techniques involve the contamination of an area with nonsensical or external pieces of evidence, for instance, (if you are not a smoker) leaving behind a cigarette-butt that you found in a waste bin may give investigators the impression that you smoke, while also adding DNA that cannot be linked to you. Through these deceptions you can send investigators on wild goose chases, wasting their time with dead ends and red herrings.


When it comes to forensic deception, creativity is key. Muddy your boots with soil you collected from out of state, bring cuts of fabric to rub against touch-points, leave behind a coffee cup you pulled from a waste bin, or contaminate an area with urine from a public toilet.



The main consideration you need to take into account when employing these tactics is ‘how would the FS analyze this information?’ luckily, because forensics is not a ‘classified’ career, we can find most of this information online. By searching ‘forensic hair analysis’ we can learn that while usable DNA can’t be pulled from the strand itself, an FS can determine the animal, race, and sex that it came from, they can also determine how the hair was removed from the donor (cut, burned, plucked, natural shedding, etc); with this information, we can conclude that sourcing hair that has naturally fallen out will serve better as a deception than hair sourced from a barber that has clearly been cut.


Facial Recognition


Facial Detection is a rather complex beast. In as few terms as possible, automated facial recognition systems identify you through a combination of the following:


Distance between the eyes,

distance between the forehead and the chin,

depth of the eye sockets,

shape of the lips,

shape of the ear, and

shape of the chin.


While many of these identifiers are easy to mitigate through a face mask and glasses, your ear shape is more difficult to practically disguise. In recent years, the ‘science’ of understanding ear development and shape has evolved, resulting in some individuals being identified through their ear shape alone. In a 2020 case, an individual placed duct tape over the top portion of his ear to obscure it from view of security cameras. Other alternatives include hoodies or legionnaire hats.


If this topic interests you, we highly recommend that you read further in our Counter Human Detection essay.


Gait analysis


While gait analysis is not your biggest concern, it is an interesting and developing field. Recent digital systems have been able to identify individuals across different security footage videos by only observing their walking behaviors. While these systems are harder to understand as they use more advanced General-AI rather than the adaptive learning systems used in facial recognition, there is still hope to deceive them.


The historical solution to gait analysis has been to place rocks into a shoe to induce a slight limp, though there have been instances where analysts have been deceived by measures as simple as very baggy pants. While these concerns definitely fall into the ‘extreme’ category, you must remember that once you have denied an FS your DNA, prints, face, and other trace evidence, they will become desperate and start to use these more extreme approaches.


...


AS NON-GOVERNMENT CRIMINAL AGENCIES BECOME MORE ADVANCED, SO DO THE TECHNIQUES REQUIRED TO PROTECT YOURSELF. THE TECHNIQUES DISCUSSED IN THIS ESSAY ARE ONLY MEANS TO ENHANCE YOUR PERSONAL PRIVACY AGAINST PRIVATE, ‘EXTRA-LEGAL’, AND CRIMINAL STALKING. YOU HAVE A RIGHT TO YOUR PRIVACY, THAT INCLUDES PERSONALLY IDENTIFYING INFORMATION LIKE YOUR FINGERPRINTS AND DNA. WHILE WE WILL DISCUSS GOVERNMENT DATABASES, DO NOT THINK THIS IS ‘ANTI-GOVERNMENT’. THESE DATABASES HAVE BEEN BREACHED, LEAKED, AND SOLD TO BAD ACTORS IN THE PAST.


SUBVERTING AND DECEIVING THE COURSE OF JUSTICE IS CRIMINAL. DO NOT MISCONSTRUE THIS ESSAY AS SUPPORTING CRIMINAL BEHAVIOR.

bottom of page