A teenage girl who went missing from her parents’ home in the middle of the night. Sounds troublesome, doesn't it?
This story begins on a dark December night, when a 13-year girl slipped out of her door and silently vanished into the darkness after an argument with her parents. For two days the girl was unable to be found. Though the girl’s parents reported her missing to the police almost immediately when they found her not in her bed the following morning, the search gave no results. The police checked every location where the girl could naturally hide, including her school, her close friends, and even a dancing club where the teenager was practicing her dance skills and soon ran out of ideas and places to look.
As time worked against the police, the parents started suspecting their daughter may have been kidnapped. The more time that passed, the more worried they became.
Meanwhile, the digital forensics department of the local city police were investigating the girl’s personal laptop within their lab. Immediately after waking up the laptop, the investigators captured its memory dump. Computers’ volatile memory may contain the most recent evidence such as last-minute chats or messages sent and received with social networks. Upon the analysis, an ICAC taskforce investigator discovered several recent chat messages from a popular social network.
Read also: A free tool to acquire a memory dump
Checking the girl’s social media account was among one of the first things her parents did, with no meaningful results: the most recent chats were not alarming at all. However, the chats found with the help of memory analysis appeared strange to the parents. The chats did not originate from the girl’s account. Confusingly, the account that the messages were sent from, appeared to belong to an adult male. Looking further into the account, the girl’s parents became even more frightened. The account belonged, if one trusts the profile information, to a 31-year-old adult male.
The next step in the investigation was to attempt to locate a password to that account. Utilizing a known account name, the investigators were able to parse the Chrome password storage, and bingo! They were able to identify a cached password to that very account. The police were then able to successfully log into that account using the newly discovered credentials.
Read also: Browser forensics and the case of Casey Anthony
The chat messages inside this particular account shed enough light to explain what had happened. It appeared that the missing teenage girl had created a fake social media account to hide messages from her parents. The girl’s parents were able to identify the username of who the messages were being sent to as one of their daughter’s friends. As it turned out, the girl had made arrangements to spend a few nights in her friend's home without telling her parents.
A special response unit was dispatched to her classmate’s home, where the missing girl was retrieved and safely returned home.
What a happy ending to a seemingly tragic event. An ending that unfortunately does not always transpire in cases like this one. And what’s one of the most amazing aspects of this investigation? For two days, the police were attempting to locate the missing girl with traditional methods and failed, while the digital forensic department and their highly technical investigators who were equipped with proper tools, were able to locate her in less than 30 minutes.
About Belkasoft X
Belkasoft X is a world-renowned tool used by thousands of customers for conducting computer, mobile and cloud forensic investigations. In the previous years, Belkasoft X was pronounced top-3 DFIR commercial tool per Forensic 4:cast Awards, being nominated to the finals of this prestigious competition 3 times out of 4 latest years (2018, 2020, 2021).
Belkasoft X can automatically acquire, extract, and analyze evidence from a wide range of sources, including mobile phones, tablets, computers, cloud, memory files and dumps.
To try Belkasoft X, download the trial version of the product:
See also
- Why RAM dumping is so important and what tool to use?
- Browser forensics and the case of Casey Anthony
- Preserving chain of custody in digital forensics
- 5 Bloopers of a Digital Forensic Investigator
- Where did this chat come from? The 'Origin path' concept in Belkasoft X
- Why Belkasoft should be your tool of choice for Mobile Forensics