Earlier today, Jonathan Abolins tweeted about a US DOJ memorandum on detainee Najibullah Zazi. The memorandum is about the motion the US government filed for a permanent order of detention for Zazi. Part of the evidence that supports the order of detention, comes from a forensic exam of Zazi’s laptop. I found a few pieces of evidence quite interesting from a digital forensics perspective.
Some of the browser artifacts suggested that Zazi “searched a beauty salon website for hydrocide and peroxide”. Later, surveillance videos and receipts were used to show that Zazi purchased hydrogen peroxide products from a beauty supply store. Other persons associated with Zazi, also purchased hydrogen and acetone, from three other beauty supply stores. Digital evidence is just one type of evidence. Here digital evidence (browser artifacts) is combined with physical evidence (surveillance video and receipts), to make the arguments more persuasive. After executing another search warrant (at a later date), Zazi’s laptop was seized again. The difference is that in the latter seizure, the hard drive was not recovered (it had been removed). This could be considered a rudimentary form of anti-forensics. You can’t analyze ones and zeros if they aren’t there.
You can view the memorandum here.