top of page

Counter Forensics pt.2

In the previous portion of this essay, we focused on the forensic methods used to identify an individual from a combination of video and trace evidence. While reading part 1 is not necessary to understanding this second half, it does aid in setting the context and understanding the fundamentals of forensics. You can read part 1 HERE.


Obscuring your identity may only be half the battle, in many situations, a stalking party may glean more useful intelligence from understanding your behaviors. If a forensic specialist can identify your equipment, behaviors, and patterns they may be able to predict your next actions or develop countermeasures against you. The goal in any situation is to deny the enemy as much data as is reasonable, in this portion we will cover ground, tool, and ballistic/firearm forensics.



Scope


Our objective is to further your understanding of the forensic fundamentals discussed in part one. Our primary focus will be on the forensic methods used to identify ground disturbances, buried objects, tool analysis, and ballistics/firearm analysis in addition to the flaws and exploits in these investigations.


AS NON-GOVERNMENT CRIMINAL AGENCIES BECOME MORE ADVANCED, SO DO THE TECHNIQUES REQUIRED TO PROTECT YOURSELF. THE TECHNIQUES DISCUSSED IN THIS ESSAY ARE ONLY MEANS TO ENHANCE YOUR PERSONAL PRIVACY AGAINST PRIVATE, ‘EXTRA-LEGAL’, AND CRIMINAL STALKING. YOU HAVE A RIGHT TO YOUR PRIVACY, THAT INCLUDES PERSONALLY IDENTIFYING INFORMATION LIKE YOUR FINGERPRINTS AND DNA. WHILE WE WILL DISCUSS GOVERNMENT DATABASES, DO NOT THINK THIS IS ‘ANTI-GOVERNMENT’. THESE DATABASES HAVE BEEN BREACHED, LEAKED, AND SOLD TO BAD ACTORS IN THE PAST.


SUBVERTING AND DECEIVING THE COURSE OF JUSTICE IS CRIMINAL. DO NOT MISCONSTRUE THIS ESSAY AS SUPPORTING CRIMINAL BEHAVIOR.


Definitions and Acronyms


FS - Forensic Specialist


GPR - Ground Penetrating Radar


Investigator - A non-government bad actor tasked with the analysis of someone's actions.


UnSub - Unknown Subject, the individual being investigated by the forensic specialist.


Analyzing Tracks


Much like DNA and fingerprinting, footprints and tire-track analysis tends to be the next-most commonly thought of forensic technique, however, this type of evidence is typically less valuable to a FS. While DNA and fingerprints are unique to an individual, shoes and tires are not, meaning that they cannot solely identify someone on their own; instead, the real value of footprint analysis is the situational intelligence that can be collected. It is very obvious that a FS can determine your direction of travel from your prints, but, depending on the surface you were walking on, they can also determine how you walk, if you are limping, your weight, and even if your left or right leg is dominant.


Footprint and tire-track analysis was historically conducted via simple plaster casts of the tracks; this is no longer the case. 3D scanning and very sensitive Lidar sensors are publicly available and their use allows FS to pull much more information out of your tracks. Your counter to these forensic methods depends on the goal you are trying to achieve: you may want to just disguise your tracks so they cannot be linked to you, or you may want to make your tracks difficult to follow (counter tracking).



Before we cover the methods you can use to disguise your tracks we must clarify that it is a misconception to think that you do not leave tracks in urban environments, while it is harder for a FS to find a complete print, it is far from impossible. Most FSs will focus on areas that transition from a ‘dirty’ surface (concrete, soil, or damp surface like grass) to a ‘clean’ surface (indoor areas like tile, linoleum, or wood), it is in these transitional spaces that a complete print is most likely to be found. With this in mind, let's cover the methods you can use to disguise your tracks.


The historical method used to disguise tracks is the use of a fake sole. With this method you have some freedom to use the technique that bests suits your situation, for instance, bootleggers during prohibition would carve fake soles to match animal tracks before smuggling alcohol over the Canadian border, and an equally well known example is the Unibomber who attached the harvested sole of another shoe onto his own. An alternative method is to wear over-boots; CBRN/medical over boots can obscure the treads of your shoes, making it impossible for a FS to identify your real footwear. While these methods are novel, we do not believe they are the best approach. Instead, the best method lies in exploiting the weakness of footprint and tire-track analysis, that is: tracks are not unique to an individual.


The real objective is to blend in and deceive the FS rather than to hide your shoe/tire tread pattern. The Nike Air Force 1 is the most popular shoe in the USA with other alternatives being surplus military boots or police patrol boots. The most common tire is harder to determine and may also change during winter. The best approach is to go with a different tire than the one that came stock with your car or to use the cheapest tire you can buy in your area. These methods will perform well as disguising techniques, however, we must go a bit further to reduce the information we leave behind in our tracks.


The only legitimate way to hide the rest of the information in your track is to employ typical ‘counter tracking’ techniques to break your track as soon as possible. In urban settings, you must travel on the same hard surface (preferably concrete) for as far as you can without switching surfaces. In rural environments, attempt to move on hard surfaces where possible and attempt to find and walk through streams rather than on dry ground. In all situations it is ideal to move off in a different direction than your intended destination during the start of your journey and to walk through areas that have high foot/vehicle traffic as this will increase the chance of your tracks being disturbed. The goal of these techniques is to ensure that a FS loses your track as early as possible. If they are only able to find 10 paces then they may not have enough data/patterns to determine useful information such as your weight or real direction of travel.


Buried Objects and Ground Disturbances


Lidar and Ground-Penetrating Radar (GPR) form the backbone of what is usually referred to as Forensic Geophysics. These two techniques complement one another, with Lidar being used to detect areas of interest, and GPR used as a means to see into and through the soil. Below is a Lidar scan of the 900 year old Angkor Wat, the scan is able to see through the vegetation and into the subtle changes in soil height to reveal the missing structures and buildings of the city.



When this technology is employed in forensic investigations, a FS is able to identify points of interest to be scanned via the ground penetrating radar; this workflow means that if you can fool the Lidar, then you may not need to deal with the more precise GPR.


Countering Lidar is rather simple, the objective is to cover and build up the disturbed ground in a way that looks as natural as possible. The simplest method, though least effective, is to over-fill any hole with extra soil so that when the disturbed soil recompresses it matches the soil around it. The reason this method is not our preferred approach is because it is difficult to match the soil perfectly to its surroundings and most Lidar systems are high enough resolution to detect changes in surface height by less than an inch. If it is vitally important that the ground disturbance is not found then you should start by carefully planning where you will bury your item; choosing a location next to a large tree or structure will typically be overlooked as the structures and tree roots cause distinct disturbances in the ground meaning our buried object causes less of an anomaly. While it may be more difficult to dig past the roots of a tree, these burial locations also act as a great counter to GPR.



Ground Penetrating Radar is a trickier beast to fool, but not impossible. The first goal is to ensure the soil in the hole has as little change as possible, in other words, the only soil that goes in the hole is the soil you got out of the hole. This is because any variation in soil type can appear on the radar, particularly if there is a higher rock content in the new soil. Our second objective comes from our counter to Lidar which is to bury the object next to a tree or structure. This burial location has a two fold effect, for one, structures and trees typically have some level of underground mass (tree roots, rebar, concrete, etc), this mass will occlude and blend your item into the surrounding noise, and secondly, as GPRs are usually mounted on a wheeled trolley, maneuvering them around the base of a tree or structure tends to be difficult, not to mention that surface level obstructions like roots will jostle the cart and disturb the sensors readings. The final technique you can employ against GPRs is to bury your object in dense clay soil, due to the nature of radar waves, clay (which tends to have a higher density and metal content than other soils) obstructs the view of even high end GPRs, while this method is very effective it is dependant on your areas soil type and your willingness to dig through dense soil.


Ballistic and Firearm Forensics


Firearm forensics is one of the more advanced forensic disciplines with its primary focus on matching spent bullet casings and bullets to the firearm that discharged them. A FS is only able to do this under specific circumstances, namely, they have to have recovered a spent casing/bullet from the scene and they must recover a spent casing/bullet from your firearm to compare the markings. To counter this firearm matching you have two options:


  1. Don't leave behind casings. Use a revolver or other firearm that does not eject casings, or, use a casing catch bag like the one seen below. If there is a risk of leaving behind casings, ensure that you wear gloves and sanitize your bullets when loading your magazines.

  2. Swap out your bolt group/barrel between uses. Most of the forensic process for matching a spent case to a firearm comes from the impressions left on the base of the casing. By swapping your bolt group and barrel frequently you will be disrupting the patterns left on the casing and bullet making it very difficult to match them to your gun.



Ballistic forensics is distinct from firearm forensics as it is focused on understanding bullet trajectories and behaviors. The only real utility of ballistic forensics is in finding a bullet's point of origin which is useful in instances of long range firearm use. Using subsonic rounds may confuse an investigator, but it certainly isn't a reliable approach. Until we learn how to curve bullets, ballistic forensics and point of origin analysis will be a hard beast to fool.


Please note that we didn't discuss serial number analysis. This is because it is outside of the scope and intent of this series. While we are not discussing it, there are plenty of resources that cover this topic. We recommend you read into Magnetic Particle Inspection, and Chemical Restoration.


Tool Mark Analysis


Tool analysis can refer to multiple processes, most commonly is the process of identifying a murder weapon, though this is outside of the scope and intent of this essay (murder is bad). For our purposes, tool analysis refers to the identification of physical tools used by an unsub for the purposes of understanding the unsubs behavior/techniques and potentially as a means to identify the subject.


Tool analysis is difficult to counter as they leave a lot of trace evidence. Windows will break a certain way depending on the tool used, shovels will leave impressions of themselves in a hole, lockpicks tend to scrape the internals of locks in unique patterns, and cutting tools will always leave a unique impression based on their jaw/serration type. Because these tools, by their very nature, leave clear signs of their use, the solution is not to attempt to reduce the trace evidence they leave, as this will be a futile effort, but instead to reduce the value of the information gleaned from their remaining trace evidence. To make our point clear, we will give an example:


If an individual uses the same set of tools on three different occasions, a FS may draw the conclusion that the same unsub was involved in those three separate occasions, thereby linking previously unrelated investigations together. Additionally, if you are later discovered to possess the same tools, that may be sufficient for a FS to think you are their unsub.


The best counter to tool analysis is therefore, diversity. Diversity in both your skill set and tool selection. If you find yourself requiring a specific tool, like a hammer, buy and use different hammers from different manufacturers on each occasion. If you find a technique that works well, do not become complacent, attempt to experiment with other methods in attempts to learn and diversify your approaches.



AS NON-GOVERNMENT CRIMINAL AGENCIES BECOME MORE ADVANCED, SO DO THE TECHNIQUES REQUIRED TO PROTECT YOURSELF. THE TECHNIQUES DISCUSSED IN THIS ESSAY ARE ONLY MEANS TO ENHANCE YOUR PERSONAL PRIVACY AGAINST PRIVATE, ‘EXTRA-LEGAL’, AND CRIMINAL STALKING. YOU HAVE A RIGHT TO YOUR PRIVACY, THAT INCLUDES PERSONALLY IDENTIFYING INFORMATION LIKE YOUR FINGERPRINTS AND DNA. WHILE WE WILL DISCUSS GOVERNMENT DATABASES, DO NOT THINK THIS IS ‘ANTI-GOVERNMENT’. THESE DATABASES HAVE BEEN BREACHED, LEAKED, AND SOLD TO BAD ACTORS IN THE PAST.


SUBVERTING AND DECEIVING THE COURSE OF JUSTICE IS CRIMINAL. DO NOT MISCONSTRUE THIS ESSAY AS SUPPORTING CRIMINAL BEHAVIOR.


Comentarios


Los comentarios se han desactivado.
bottom of page