Gary Coulthart is a Digital Forensic Specialist at Grayshift with an extensive history and expertise in digital forensics and cell site analysis. Before joining Grayshift, Gary held various New South Wales Police Force positions. He operated as a technical trainer in mobile device collection and analysis for law enforcement globally.
Coulthart joins us from the land down under for a quick 10 question interview to discuss how he thinks GrayKey could have made all the difference in a missing child case he once worked on and the realities of what it’s like working in law enforcement.
- It’s obvious you’re a #nerdcop. What’s your favorite type of technology you love to use every day?
I enjoy the ability to run apps on my mobile device from anywhere around the world – things like enabling security features for your home or office via automation. Also, video conferencing apps for meetings and catching up with family and friends were great before COVID. Still, we saw firsthand how needed this technology was during the height of COVID.
- When you were a digital forensic investigator, what types of cases did you typically encounter?
Corruption, homicide, fraud, and serious criminal offences.
- Is there an example of a case you investigated with GrayKey? Can you tell us how GrayKey could have helped?
I didn’t have GrayKey when I was in Law Enforcement, but it would have helped with gaining more data to obtain locations, messages, and photos.
- What is one thing you wish people understood about the job?
It’s not at all like television. There is a lot more attention to detail, including analysis work, writing reports, and giving evidence.
- What was the most challenging crime you solved with GrayKey?
I never had the opportunity to use GrayKey in the field. But the most challenging case that I encountered was a missing child. I was engaged as a consultant for the matter by the law enforcement agency. I and the LEA’s digital forensics didn’t have any solution to extract a physical or Full File System (FFS) from iOS devices that the parents (the suspects) were using when the child went missing. The investigation had no fresh leads, and it wasn’t until the first-year anniversary of the child going missing that the parents went to a remote bush area with flowers to commemorate the anniversary whilst under surveillance. The parents were arrested and charged with the child’s remains being found. If GrayKey had been around, an FFS extraction from the parents’ iOS devices may have led to the location of the child’s remains days after the death and not a year later.
- What challenges did you regularly face as a mobile forensics examiner?
Lack of resources such as staff and money. Analytical tools take a long time to decode the data obtained.
- What advice would you give new digital forensic specialists to help them overcome similar challenges?
Most of the time, it’s the organisation with resources so try to obtain a sponsor that is senior and has a say in obtaining more staff and resources. For analytical tools, use ArtifactIQ by Grayshift. 🙂
- What do you know now that you wish you knew when first starting out?
That it’s not a glamourous job; there are a lot of long hours, juggling new work, and handling search warrants. When you need to finish writing reports and statements for court, you do that on your own time to ensure the evidence gets before the court when required.
- What’s a secret about one of your teammates that most people don’t know but should?
Like Carder said in his interview, The first rule of fight club is you do not talk about fight club. REDACTED The second rule of fight club is you DO NOT talk about fight club. .
- What superpower do you bring to Grayshift?
I speak Australian 😊
In addition to his Aussie superpowers, Coulthart (like the rest of the DFS team) possesses extensive knowledge of both GrayKey and ArtifactIQ products. If you’re interested in learning more about Grayshift technology for local, state, and federal law enforcement, click here.
Other resources you might be interested in:
- The Investigators Corner (login credentials required/can be requested)
- A Beginner’s Guide to Building and Funding a Mobile Device Forensics Lab
- Simplifying The Digital Forensics Analysis Workflow
- Full Access to Braden Thomas and Scott Hettinger on ArtifactIQ by Grayshift
© 2022. Grayshift, LLC. All rights reserved. Proprietary and confidential.