Add to collection(s) Add to saved
  1. No category
Uploaded by hamza shah

Digital Forensics Assignment 5(1)

advertisement 
SW NO. 1
STATE of CALIFORNIA, COUNTY of LOS ANGELES,
SEARCH WARRANT and AFFIDAVIT
(AFFIDAVIT)
Peace Officer Joseph Greenfield swears under oath that the facts expressed by him in the attached and incorporated
Affidavit are true and that based thereon he has probable cause to believe and does believe that the articles, property,
and persons described below are lawfully seizable pursuant to Penal Code Section 1524 et seq., as indicated below, and
are now located at the locations set forth below. Wherefore, Affiant requests that this Search Warrant be issued.
HOBBS SEALING REQUESTED:
, NIGHT SEARCH REQUESTED:
JOSEPH GREENFIELD
YES
YES
NO
NO
(Signature of Affiant)
(SEARCH WARRANT)
THE PEOPLE OF THE STATE OF CALIFORNIA TO ANY PEACE OFFICER IN THE COUNTY OF LOS ANGELES:
proof by affidavit, having been this day made before me by Peace Officer Joseph Greenfield that there is probable cause
to believe that the property or person described herein may be found at the location(s) set forth herein and that it is lawfully
seizable pursuant to Penal Code Section 1524 et seq., as indicated below by “ ”(s), in that:
property was stolen or embezzled;
property or things were used as the means of committing a felony;
property or things are in the possession of any person with the intent to use them as a means of committing a public offense, or
in the possession of another to whom he or she may have delivered them for the purpose of concealing them or preventing their
being discovered;
property or things to be seized consist of any item or constitute any evidence that tends to show a felony has been committed, or
tends to show that a particular person has committed a felony;
property or things to be seized consist of evidence that tends to show that sexual exploitation of a child, in violation of Section
311.3, or possession of matter depicting sexual conduct of a person under the age of 18 years, in violation of Section 311.11, has
occurred or is occurring;
there is a warrant to arrest a person;
a provider of electronic communication service or remote computing service has records or evidence, as specified in Section
1524.3, showing that property was stolen or embezzled constituting a misdemeanor, or that property or things are in the
possession of any person with the intent to use them as a means of committing a misdemeanor public offense, or in the possession
of another to whom he or she may have delivered them for the purpose of concealing them or preventing their discovery;
property or things to be seized include an item or any evidence that tends to show a violation of Section 3700.5 of the Labor
Code, or tends to show that a particular person has violated Section 3700.5 of the Labor Code;
You are Therefore COMMANDED to SEARCH:
See Attachment #1 (Page 2)
For the FOLLOWING PROPERTY, THING(s) or PERSON(s):
See Attachment #1 (Page 2)
AND TO SEIZE IT / THEM IF FOUND and bring it / them forthwith before me, or this court, at the courthouse of this court.
This Search Warrant and Affidavit and attached and incorporated Affidavit were sworn to as true and subscribed before
me on this 27rd day of March, 2022, at 9 A.M. Wherefore, I find probable cause for the issuance of this Search Warrant and
do issue it.
Italy
(Signature of Magistrate)
Hahn
,
HOBBS SEALING APPROVED:
NIGHT SEARCH APPROVED:
YES
YES
NO
NO
Judge of the Superior Court of California, County of Los Angeles, Central Court, Dept. 1
Sterling Hahn
(Magistrate’s Printed Name)
REVISED 09-21-2016 MQ404
Search Warrant
Page 1 of 6
CR # 21-9596
Attachment #1 (Page 2):
You are Therefore COMMANDED to SEARCH:
THE PREMISES located at: The Legacy at Westwood Apartments, Apartment # 15, 10833 Wilshire Blvd.
Los Angeles, IN LOS ANGELES COUNTY; described as a six-story residential apartment complex, with
red/white colored stucco, red colored trim, and red colored roof tiles. The front door faces south.
To include all rooms within the specified unit, including lockers, storage areas, files, safes, and attached,
or unattached trash areas and trash containers. Any vehicles specifically connected to occupants or
employees of the location and parked directly on/or nearby the above identified locations that
Detectives can reasonably identify as being tied to the search warrant premises and/or PRIMARY
PERSONS to be searched.
Any person(s) located on the search warrant premises; Any safe or locked device; and any cell phone(s)
possessed and/or controlled by the PRIMARY persons to be searched during this warrant.
For the FOLLOWING PROPERTY, THING(s) or PERSON(s):
PRIMARY PERSON(S) TO BE DETAINED AND SEARCHED
Name: JERRY JUDD
DOB: 11/09/1989
Sex: Male
Race: White
Hair: Brown
Eyes: Green
Height: 5’10
Weight: 190
FOR THE FOLLOWING PROPERTY
1. DOMINON CONTROL: Any items tending to establish the identity of persons who have dominion
and control of the location, premises, automobiles, or items to be seized, including delivered mail,
bills, utility bills, telephone bills, personal letters, personal identification, purchase receipts, rent
receipts, sales receipts, tax statements, payroll check stubs, keys and receipts, vehicle ownership
documentation, recordation of voice transmissions on voice mail recordings, phones messages; in
addition to cell phones, computers, and electronic devices which may contain photographs,
messages, telephone numbers, and/or user account information that tends to establish
identity of persons who have dominion and control of the location and/or a particular area.
2. FINANCIAL TRANSACTIONS: Bank statements and records, keys to safety deposit boxes,
letters of credit, money orders, cashier’s checks, receipts, pass books, bank checks, account
numbers, documents showing the formation of corporations or other entities, and any other
items evidencing the obtaining, transfer, or concealment of assets or expenditure of money.
REVISED 09-21-2016 MQ404
Search Warrant
Page 2 of 6
CR # 21-9596
3. COMPUTERS AND ELECTRONIC MEDIA: Any and/or all computers, cellular phones, personal
digital assistants, electronic storage media, and/or other similar device that may reasonably
store the types of information sought in this search warrant. All electronic and digital records,
documents, application data, messages, emails, backup files, whether deleted or undeleted; in
addition to files, photographs, message posts, social media posts, messages, emails, text
messages, chat logs, notes, call logs, call records, contact lists, phone numbers, calendar
appointments, browsing history, web searches, financial account documents, bank statements,
financial records, records of monetary transactions, electronic copies of utility bills, bank
statements, credit card statements, receipts, and any other digital/electronic records stored
on the device to be searched that relates to the criminal statue being investigated, Penal Code
section 502, 530.5 and 487(A).
4. CELL PHONE DATA: Subscriber names, addresses, contact lists, phone book, text messages,
emails, photographs, videos, GPS data, cell tower data, and telephone numbers for cell phones
in the possession of PRIMARY persons sought in this search warrant. In addition, customer
service records, billing statements, credit information and toll records for the billing months
of March 7, 2022 – March 27, 2022; and call forwarding information on all of the telephone
numbers including name and address for those numbers forwarded.
5. OTHER DATA: All information pertaining to the subscribers including: subscribers’ names and
addresses; telephone numbers; email addresses; IP addresses; types of services utilized;
length of service and start date; means and source of payment, including credit card and bank
account numbers; local and long distance connection records; locations/ dates/ times of cell
tower contacts; and text message records, including the content of all incoming and outgoing
messages, for the below requested telephone numbers. The above requested information is
to include the period between March 7, 2022 – March 27, 2022.
YOU ARE COMMANDED within 30 business days after receipt of this search warrant, to deliver by mail or
otherwise, to the above named law enforcement officer, together with the declaration as set forth below, a
true, durable and legible copy of the requested records listed in this Exhibit “Attachment #1” (See California
Pen. Code, § 1524.2).
IT IS FURTHER ORDERED that any information that is unrelated to the objective of this warrant shall be
sealed and not subject to further review, use, or disclosure without a court order. (See California Pen. Code,
§ 1546.1(d)(2)). If no evidence of criminal activity is discovered relating to the seized property and
associated peripherals, the system will be returned promptly.
REVISED 09-21-2016 MQ404
Search Warrant
Page 3 of 6
CR # 21-9596
STATE of CALIFORNIA, COUNTY of LOS ANGELES,
ATTACHED and INCORPORATED
STATEMENT OF PROBABLE CAUSE
Affiant declares under penalty of perjury that the following facts are true and that there is probable cause to
believe, and Affiant does believe, that the designated articles, property, and persons are now in the described
locations, including all rooms, buildings, and structures used in connection with the premises and buildings
adjoining them, the vehicles and the persons:
Affiant Expertise:
Your affiant has been a Police Officer for over 10 years. I am currently assigned as a Detective for the West
Covina Police Department Investigative and Support Services Division and I have conducted or assisted in
investigations concerning industrial espionage and computer hacking, as well as all different types of crimes. I
am currently assigned to investigate high-tech crimes.
Your affiant has received formal training in Criminal Justice from the Los Angeles Police Academy. I possess
an Advanced POST (Peace Officers Standards and Training) certificate. In addition to my duties as a Police
Officer, I am currently an instructor with the University of Southern California, as well, teaching both
undergraduate and graduate courses of study in cybersecurity, digital forensics, and incident response.
At the academy I received training in basic criminal investigation. In addition, I have attended several training
courses resulting in more than 2,000 hours of training, including ones on electronic crimes, digital forensics,
and cybersecurity, and many others. These training courses were made available through POST certified
classes, department training days and by various local, state and federal law enforcement agencies and
investigators from all of these agencies.
I have received informal training by interviewing informants and suspects arrested for possession of stolen
property, financial crimes, fraud, forgery, and other crimes against property. I have participated in well over one
hundred intellectual property crime, property crime and persons crime investigations. I have also worked with
and had the opportunity to speak with more experienced peace officers in the investigations of such crimes.
I continue my education on new tactics, techniques and procedures used by criminals who commit various
digital crimes by attending current training courses, conferences, investigative meetings and through various
contacts with investigators across the local, state, and federal levels.
Statement of Probable Cause:
The facts stated below were discovered by reading official West Covina Police Department reports documented
under case # 21-9596 and by personally speaking with the victims/witnesses involved in this investigation.
On March 21st, 2022, representatives from the consulting company Logiq Enterprises approached the West
Covina Police Department regarding a potential network intrusion and computer hacking incident conducted by
one of their own previous employees, Jerry Judd. Jerry Judd was fired from Logiq Enterprises on March 16th,
2022, after a sexual harassment complaint was investigated by Human Resources. Forensic analysis of the
company file share server FILE01, Domain Controller DC01, and event logs revealed that a Remote Desktop
Connection was made to Jerry Judd’s work system from an outside IP address on the evening of March 18th,
REVISED 09-21-2016 MQ404
Search Warrant
Page 4 of 6
CR # 21-9596
2022. This IP address had previously been used to RDP to Jerry Judd’s workstation when he was employed
by Logiq. There was a following RDP connection from Judd’s work system to the file server and then from the
file server to the domain controller. By March 19th, 2022, all user generated files on the file share were
encrypted and a note was left demanding a ransom of $500,000 in exchange for the private key. Confidential
client files were copied over the RDP connection to Jerry Judd’s work machine. From my training and
experience, I was able to verify the findings from the report produced by Logiq Enterprises through my own
analysis of the file server FILE01 and domain controller DC01.
On March 23rd, 2022, an informant communicated to me that they had evidence of an individual with the online
moniker “yourguy212” posting on dark web message boards regarding possession of stolen and classified
intellectual property, seeking to sell it. The informant approached the individual, requesting to discuss the
intellectual property and seeking proof of possession. The individual, “yourguy212”, sent the informant two
samples of the intellectual property, which I subsequently received from the informant. I verified these samples
with representatives from Logiq Enterprises, who confirmed that the samples could only have been obtained
from their classified client documents fileserver. Both were images from a clients file regarding a new product
launch. These samples have been attached.
Considering Jerry Judd’s technical expertise, demonstrated possession of classified and stolen material by
“yourguy212”, as well as the forensic analysis conducted by Logiq Enterprises revealing the unauthorized
access of Jerry Judd’s work system to a work system with access to a classified client documents’ fileserver, I
am requesting to search Jerry Judd’s apartment and any and all electronic devices located therein. I strongly
believe that such a search and analysis will confirm his possession of classified, stolen material, his intentions
to sell these materials, and provide evidence as to whether or not he did in fact sell these materials. I know
from my training and experience that analysis may also reveal the identities of other individuals involved,
including potential buyers or co-conspirators insofar as digital communication likely took place between these
individuals, and certainly took place between “yourguy212” and an informant.
Items attached and incorporated by reference: YES
NO
“sample.png”
REVISED 09-21-2016 MQ404
Search Warrant
Page 5 of 6
CR # 21-9596
“Tractor-de-pelouse.jpg”
REVISED 09-21-2016 MQ404
Search Warrant
Page 6 of 6
CR # 21-9596
Related documents
Criminal Procedure Framework bulletpoints
Criminal Procedure Framework bulletpoints
Homework thingy about claims, ground and warrant
Homework thingy about claims, ground and warrant
ASSIGNMENT#3 DIRECT VARIATION
ASSIGNMENT#3 DIRECT VARIATION
Former President Donald Trump greeted the Friday release of a heavily redacted affidavit
Former President Donald Trump greeted the Friday release of a heavily redacted affidavit
brochure1(1)
brochure1(1)
Document15543247 15543247
Document15543247 15543247
Download
advertisement