Digital Forensic Specialist
Grayshift
Stephen Coates is a Digital Forensic Specialist at Grayshift and a subject matter expert in Mobile Forensics. Before joining Grayshift, Stephen’s background for the last 32 years was in Law Enforcement, serving with the Royal Military Police, Royal Ulster Constabulary GC, and the Police Service of Northern Ireland. Since 2005, he has been a Digital Forensics practitioner starting with Computer Forensics and then specializing in the extraction and analysis of mobile devices, assisting investigations involving serious crime and terrorism. Stephen was also an associate trainer/instructor for Mobile Digital Forensics at the UK College of Policing and was responsible for delivering all Mobile Device training within the Police Service of Northern Ireland since 2009.
Stephen, affectionately known at Grayshift as Stevie, brings invaluable expertise to the DFS team. His passion for mobile digital forensics and the art (and science) of data extractions shine through in this interview, overflowing with essential advice for young digital forensic specialists.
It’s obvious you’re a #nerdcop. What’s your favorite type of technology you love to use every day?
It was flash memory removal and the subsequent recovery of data from the flash memory module of a device. That was something that you had to get right the first time every time and was certainly a challenge. With the rapid spread of File-based encryption (FBE) devices, this became a thing of the past, but any equipment that helped me overcome these challenges and get data out of live devices became my next favorite thing. Actively Unlocked devices were the greatest devices to get in that state, followed by AFU, as getting data from those was the best feeling ever. If I ever received a device switched off, I just hoped for a supplied passcode (which was extremely rare or hoped for another solution.
When you were a digital forensic investigator, what types of cases did you typically encounter?
Animal cruelty, theft, drugs, harassment, assault, serious/ fatal traffic collisions, money laundering, missing persons, human trafficking, modern slavery, murders, terrorism, and of course, I can’t forget Child Abuse cases, which was a significant proportion of our job – we were simply a one-stop shop for everybody.
Is there an example of a case you investigated with GrayKey? Can you tell us how GrayKey could have helped?
Fatal Road Traffic collisions were one I wish we had GrayKey for earlier than 2018. The richness of data would have been invaluable for cases like that. We originally bought GrayKey simply as an unlocking tool to get us the passcode and then returned to the traditional tools to examine the device. But over time, we realised how much data was coming from using GrayKey, and we used GrayKey for every case. It also meant we didn’t have to perform up to six extractions of the same device using traditional methods. The one single GrayKey extraction had more than all six traditional extractions combined. So, it made sense to expand its usage from a high-end advanced unlocking tool to our baseline gold standard for data extraction. We used it for everything.
What is one thing you wish people understood about the job?
The complexity of the role and the pressure associated with it. Not only technical pressures but also the psychological challenges of the position, such as viewing CSAM and other material such as extreme pornography, bestiality, and videos of tortures and murders/executions sometimes be encountered on devices.
What was the most challenging crime you solved with GrayKey?
It was a money laundering investigation involving a device that we couldn’t get into for 13 months for various reasons. On day one of GrayKey arriving in our office, we threw the device onto it and got everything we needed in 24 hours. That investigation turned into the discovery of a £215 million money laundering operation.
Learn more about how GrayKey is helping in the field of digital forensics.
What challenges did you regularly face as a mobile forensics examiner?
The biggest challenge was getting into the device and then getting data out.
What advice would you give new digital forensic specialists to help them overcome similar challenges?
Just be yourself, ask questions, be inquisitive, and throw those ideas out of your head and into the open. You may just have something no one has thought of. Don’t be afraid to ask for help.
What do you know now that you wish you knew when first starting out?
Everything I know now. And that only some experts out there saying this is how things are done are correct. Or they may have been right three years earlier but have yet to keep up with technology and got stuck in a rut. So, they may have been experts three years ago, but not today.
What’s a secret about one of your teammates that most people don’t know but should?
That’s secret.
What superpower do you bring to Grayshift?
Just getting on with the job at hand. Trying to anticipate or identify minor issues quickly to prevent them from becoming more significant issues in the future.
Stephen is always eager to share his knowledge and speak with law enforcement professionals interested in learning more about Grayshift technology. You can reach out to Stephen at scoates@grayshift.com, potentially find him at an upcoming event, or browse some of his other resources below.
Other resources you might be interested in:
- Best Practices for Examining Consent Devices
- Understanding Biometrics (Unlocking Best Practices for Digital Forensics)
- Category Based Extractions Demo (login credentials required to access the Investigators Corner)
© 2023. Grayshift, LLC. All rights reserved. Proprietary and confidential.
