From The Lab: From The Lab: DFS Kevin Chandler on Robberies, GrayKey, and Making Us Wonder If He’s Secretly Superman

Kevin Chandler is a Digital Forensics Specialist at Grayshift with over 26 years of experience in Law Enforcement, specializing in digital forensics and cell site analysis. Before joining Grayshift, Kevin worked for the British Transport Police in various policing roles, and the last 16 years were as a Detective specializing in Cyber Crime, Fraud, and Major investigations.

Chandler refers to himself as a “mild-mannered DFS guy” in this interview but after the handful of cases he reflects on here we can’t help but wonder if there’s more to Kevin Chandler than meets the eye. Read on to learn how Chandler used GrayKey in his former life as a detective to solve challenging cases involving ATM skimming and armed robbery.

It’s obvious you’re a #nerdcop. What’s your favorite type of technology you love to use every day?

It’s got to be my smartphone, like most people I am lost without my phone. It’s convenient to do everything on the move or in different locations. It’s not just calls and texts. I can work, watch Netflix on the tube, pay my bills, everything I want to do; I can do it on my phone.

When you were a digital forensic investigator, what types of cases did you typically encounter?

I was never assigned to the digital forensics lab as an examiner, and my background was as a front-line Detective. I started in the digital world dealing with Bank Card Fraud and the use of compromised data to clone bank cards. Because of the complexities of those investigations, two of us were selected to undertake training in computer forensics. Like all good investigation teams, we were able to adapt when the crime type changed or evolved, and we expanded into dealing with ATM Skimming devices, where the PIN code was being captured by a stripped-down mobile phone stuck above the ATM keypad. This was my route into mobile forensics.

Our office was on the first floor above the custody suite, and we had a reputation for offering mobile phone downloads to officers with bad actors in custody. These were pickpockets or drug dealers, but you need to learn your craft somewhere. Due to our success, I started assisting with other investigations and the unit offered advice and digital forensic support on all sorts of investigations, including complex frauds and providing the digital evidence for a multimillion-pound mobile phone theft gang.

This role would now be considered that of a Digital Media investigator in the UK. The team was bringing value to various investigations, by reviewing the digital opportunities. As a result, leadership moved us to our Headquarters’ major crime unit, where they assisted us with murders, robberies, sexual offences, and serious criminal damage. I always believed that no job was too small and every day was a school day, so I would also deal with anything with a digital element to keep my skills current.

Is there an example of a case you investigated with GrayKey? Can you tell us how GrayKey could have helped?

I assisted with a Robbery case that sticks out. A team had been targeting vulnerable people at ATMs, stealing their bank cards and shoulder-surfing them for their PINs. An investigation had commenced, linking numerous offences all over London, but the investigating officer was having challenges linking the main suspect to the crimes.

The Officer had seized the suspect’s phone, which was PIN locked. Since the device was locked, they placed the phone on the GrayKey and cracked the passcode in just a few seconds. The investigator could not see any evidence linking the suspect to the offences. Being able to get a full file system extraction with the GrayKey, I was able to dig deeper into the phone, I was able to get location data from the phone, that placed the suspect in the vicinity of many of the offences, on the date and around the time the offences occurred.

What is one thing you wish people understood about the job?

That it’s not just a case of pressing a few buttons, the tools are excellent, but you need to understand how to interpret the data or the results the tools have provided you. Keeping up to date is essential.

What was the most challenging crime you solved with GrayKey?

I was asked to assist with an Armed Robbery of a Cash in Transit van, where the guards were attacked. The investigation team was provided with a possible suspect, but he had an alibi at the time of the offence. Officers had seized his mobile phone, which was PIN locked. The phone’s passcode was located with GrayKey, but only a logical extraction was made due to staff shortages. This logical extraction did not implicate or exonerate the suspect. I assisted with cell site analysis and was able to show that the suspect could have been at the location at the time of the robbery, but I could also show that the suspect could have been at the location from where the getaway car was stolen.

On reviewing the phone extraction and identifying it was only a logical extraction, I conducted a file system extraction using GrayKey. This extraction provided additional data, . We could see the suspect had researched the getaway car that was for sale on the internet. He had also studied the offence location shortly after the offence, and for some time, he researched local news media to keep up with reports about the robbery.

Although the location data on the phone did not directly place the suspect at the crime scene, it put him in the vicinity of the crime scene but did not place him in the area of his alibi location. The suspect pleaded guilty to both the theft of the car and the robbery.

What challenges did you regularly face as a mobile forensics examiner?

Investigators did not know what they wanted from the device they submitted. Generally, every investigation may have a mobile phone attached to it now. Still, the investigating officers need to figure out what they want from the phone or achieve from the analysis. The submission form usually just says something like “everything” we know that’s thousands of pages of data. Much of it will not be relevant to their investigation and runs the risk of any evidence being overlooked as there is too much to look through.

Time: There always needs to be more time.

What advice would you give new digital forensic specialists to help them overcome similar challenges?

Don’t just rely on the submission form if you can, sit down and discuss with the investigator what they want to achieve or what weaknesses they have in their investigations and build a digital working strategy with them.

What do you know now that you wish you knew when first starting out?

I’ll have to get back to you on this one.

What’s a secret about one of your teammates that most people don’t know but should?

There are no secrets in the DFS team, or so they tell me.

What superpower do you bring to Grayshift?

I have no superpower; I am just a mild-mannered DFS guy. I am a good listener and I like to question things. I want to problem solve and I am willing to take on new challenges and learn new things.

If Chandler’s answer to question 10 (in addition to the rest of this interview) has you wondering if he’s actually Superman, the answer is yes. But he’ll never admit it. As a member of the Grayshift DFS team, Chandler spends a good chunk of his time giving presentations, meeting with law enforcement professionals, and answering questions. He calls London his home base but logs many miles during the year. If you have a question for Chandler or are curious if he’s presenting at an event near you, feel free to reach out to him at: kchandler@grayshift.com.

Other resources you might be interested in: