Turkish Journalists Acquitted After Six Years on Trial Based on Arsenal Consulting's Digital Forensics
Journalists Computers Ferociously Attacked Until Successfully Compromised
What did Arsenal Consulting's (ArsenalExperts.com) digital forensics reveal?
Arsenal's rigorous analysis of electronic evidence in the Odatv case revealed evidence tampering that was missed, ignored, or misunderstood by many other digital forensics experts. Arsenal used a combination of techniques and tools developed in-house to determine how attackers placed crucial documents on Odatv journalists Barış Pehlivan and Müyesser Yıldız's computers without their knowledge. In addition, Arsenal used the "Anchors in Relative Time" analysis technique to identify the remote access trojan Ahtapot - which had never been seen before or since in the wild. Finally, Arsenal determined that the attackers sent 420 emails in the operation targeting Odatv, but only 24 emails have been recovered from Mr. Pehlivan and Ms. Yıldız - leaving 396 (likely weaponized) emails and an unknown number of additional victims still unaccounted for.
What is Odatv defendant and investigative journalist Barış Pehlivan saying?
"I am a journalist who spent 19 months in jail due to a conspiracy organized by a gang within the state of the Turkish Republic. Arsenal uncovered the fraudulent activity of this illegal organization, which imprisoned me by planting files on my computer. It assisted in my acquittal thanks to its detailed forensic analyses and extraordinary efforts. I thank Arsenal for once more proving that science will defeat lies."
Are there lessons to be learned from Arsenal's digital forensics?
When the stakes are high enough, digital forensics practitioners ought not be surprised that all the relevant timestamps within evidence have been forged. They should also be aware that merely determining malware was present within evidence is not enough to answer serious questions - to the best extent possible, they need to establish whether the malware was operational and what it actually did.
Did anyone stand up with Arsenal during the Odatv trial?
"I would like to thank a small group of people and companies who helped us, publicly or privately, when many others failed to - even after being made aware of the gravity of the situation," said Arsenal President Mark Spencer. "The people we owe a great deal of thanks include Gabor Szappanos, who helped us rip apart malware, and Joakim Schicht and Olof Lagerkvist, who helped us build and improve digital forensics tools."
How can people learn more about Arsenal's work?
A case study related to Arsenal's work in the Odatv case is in development on the Arsenal website at https://ArsenalExperts.com/
About Mark Spencer
Mark Spencer is President of Arsenal Consulting, where he leads engagements involving digital forensics for law firms, corporations, and government agencies. Mark is also President of Arsenal Recon, where he guides development of digital forensics tools. Mark has more than 15 years of law-enforcement and private-sector digital forensics experience. He has led the Arsenal team on many high-profile and high-stakes cases, from allegations of intellectual property theft and evidence spoliation to support of foreign terrorist organizations and military-coup planning. Arsenal is headquartered in the Chelsea Naval Magazine, a historic military structure in which arms for the famous heavy frigate USS Constitution were stored, just outside Boston, Massachusetts.