Lorenz Training and Experience
My Training on In-System-Programming and Cellebrite
In 2014, I took a class on an advanced extraction techniques called JTAG by H11 Digital forensics and was certified. I joined a forensic forum called Mobile Device Forensics Analysis (MDFA) during that time.
After 2016, I became one of 3 moderators on the MDFA forum which was run by H11 Digital Forensics.
Members of our forum included engineers and CEOs from forensic companies including Cellebrite. During my time on the forum, I assisted local, state, federal, and international agencies in advanced extraction techniques including JTAG and ISP. I created diagrams and how-to guides on how to do this and how to use the data using Cellebrite’s software.
In January of 2018, I was contacted by the CEO of Cellebrite, Ron Serber, who asked me if I would do a how-to webinar on Cellebrite’s newest exploit to access smart phones. This new exploit (EDL) relied heavily on skills and techniques used in ISP. Cellebrite had monitored my guides and determined I was suited for this project.
I developed and created the webinar and co-presented the webinar with Shahar Tal, Cellebrite Vice President of R&D, to mostly law enforcement all over the world in February 2018 - https://cellebrite.com/en/webinar-understand-emergency-download-mode-edl-to-get-forensically-sound-access-to-mobile-devices/
Over the next 3 years I presented 3 webinars on Advanced EDL Extractions, which included techniques for ISP. I also wrote two white papers which Cellebrite still has on their website as recommended reading and review for extracting android devices. I was contacted by FBI and DEA, and many other organizations requesting permission to include my guide in their labs for use.
Other Advanced Data Collection Methods - https://cellebrite.com/en/android-data-collection-simplified/
EDL – Emergency Download Mode. Certain Qualcomm processor chipsets have a vulnerability within them that can be exploited to gain physical extractions of the device. This is an advanced level of data collection and reviewing the documentation and webinars done by Scott Lorenz is highly suggested.
Webinar: Safely Collect Digital Evidence with Advanced EDL Methods
Webinar: Accessing Encrypted Mobile Device Evidence Using EDL
Cellebrite provided me access to all of their software for 3 years, paid for my services, and used me for several other webinars, in-person and online presentations during that time.
Journal Publication
In 2019, I partnered with Centex Technologies and we have a lab on the 4th Floor of Texas A&M Central Texas. While there, I conducted research under a grant funded by Homeland Security and the Airforce. The research I conducted was with the Department Chair of Computer Science at A&M. I finished the work on three projects. The first project has been cleared for public release by Homeland Security and the paper I wrote is published in the Forensic Science International: Digital Investigation Journal – IoT forensic analysis: A family of experiments with Amazon Echo devices - https://www.sciencedirect.com/science/article/abs/pii/S2666281723000501
I designed the paper so investigator would know how to apply for search warrants for these devices, and the technical knowledge on how to access the data on these devices. The method I used to extract data from all these Amazon devices is the same method I used to extract four phones in your case – In-system-programming (ISP).
William Scott Lorenz
1410 Camilla Dr.
Killeen, TX 76542
254-535-1209 / 254-526-2708
investigations@hot.rr.com
SUMMARY Licensed Police Officer since 1993 - Master Peace Officer Certificate
International Police Officer for United Nations, Kosovo
Masters of Science degree in Criminal Justice Administration
Master Peace Officer - TCOLE
Criminal Justice Professor at Central Texas College
Owner, Private Investigation Company
Cell Phone Forensics
Computer Forensics
EDUCATION Master of Science Criminal Justice Administration, 1996
Bachelor of Science Criminal Justice, 1993
CERTIFICATIONS
Certified Cellebrite Physical Analyst - 2015
Certified Cellebrite Logical Analyst – 2015
Oxygen Forensic Suite User Certification - 2015
Certificate – Advanced JTAG Forensics and Phone Repair 2014
Certified Cellebrite UFED Mobile Device Examiner 2009
Lorenz Investigations – EnCase Certified Examiner since 2009
Stanley Stinehour – EnCE – testimony in Bell County District Court / Federal Court Western District of Texas, Waco Division
PROFESSIONAL Owner of licensed Texas Private Investigations Company and licensed private investigator, 2003 – present.
Conduct criminal and civil investigations including worker’s compensation fraud, insurance fraud, government anti-trust investigations, homicide investigations, digital forensics.
Reserve Deputy Constable – Bell County Precinct 4 – 2003 to present
Digital Forensics Examiner for Coryell County District Attorney’s Office and other surrounding counties including Bell, Mills, Hamilton, Llano, Department of Public Safety, Texas Parks and Wildlife Department, and Narcotics Task Forces.
Cases involving:
Capital Murder
Various Homicide Cases
Narcotics
Texas Parks & Wildlife Cases
Aggravated Assaults
Child Pornography
Prositution
Robbery
Burglary
Lorenz Previous Court Testimony
Bell County District Court
Capital Murder
Narcotics
Family Law
Computer Forensics
Cell Phone Forensics – Expert Testimony
Coryell County District Court
Family Law
Computer Forensics
Federal Western District of Texas Waco Division
Case Agent and testimony on Narcotics Conspiracy Cases
Full time faculty – Central Texas College, 2014 – present
Adjunct faculty – Central Texas College, 2004 – 2014
Classes Taught:
Introduction to Criminal Justice
Vice and Narcotics Investigations
Crime in America
Ethics in Criminal Justice
Legal Aspects of Law Enforcement
Fundamentals of Criminal Law
Probation and Parole
Community Resources and Corrections
Special Topics in Law Enforcement – Texas Search & Arrest Warrants,
Drug Use and Abuse
Adjunct Professor, Tarleton University, 2005
Sociology
Penology
United Nations Police Officer, Kosovo, Oct 2001 – Oct 2002
Trained Albanian & Serbian Police Officers
Killeen Police Officer (City of 100,000), 1993 – 2001
Patrol Officer for 3 years
Organized Crime Investigator for 5 years investigating long term federal conspiracy investigations.
Security Manager – Southland Corporation 1989 – 1993
Investigated employee theft
Taught store managers loss prevention procedures
INSTRUCTOR Killeen Police Dept. – Arrest, Search, and Seizure
Central Texas Council of Governments (CTCOG) – Arrest, Search, and Seizure
AFFILIATIONS / National Honor Society Alpha Phi Sigma
AWARDS Licensed Private Investigator, Texas (current)
Licensed Police Officer, Texas (current)
Killeen Police Officer of the Quarter, 1995
Killeen Police Officer of the Year, 1995
VFW Officer of the Year, 1996
Killeen Police Plain Clothes Officer of the Year, 1997
Knights of Columbus Police Officer of the Year, 1999
Killeen Police Plain Clothes Officer of the Year, 2000
Killeen Police Commendation, 2001
Twice recognized by Unites States Drug Enforcement Administration for Outstanding Contributions to Drug Law Enforcement
FORENSIC EQUIPMENT &
PROGRAMS
Cellebrite UFED 4PC Ultimate – Cellebrite’s best mobile device forensic hardware and software. Capable of level 3, physical extractions to recover deleted data from mobile devices. Multiple reporting, parsing and analysis options. (Full License owned and maintained since 2009)
Oxygen Forensic Detective 2014 – Capable of level 3, physical extractions to recover deleted data from mobile devices. Multiple reporting, parsing and analysis options. Link analysis software for connecting devices and users in conspiracy investigations. (Full License owned and maintained since 2013)
EnCase Forensic – Industry standard computer forensic software used by local, state, and federal law enforcement agencies. Capable of level 3 imaging of computer hard drives, portable storage devices, and mobile devices. (Full License owned and maintained since 2009)
EnCase Portable – Industry Standard USB device allowing triage and collection of vital data in a forensically sound and court proven manner. (Full license owned and maintained since 2014)
Magnet Axiom / Internet Evidence Finder Triage Advanced (IEF) - Designed for forensic examiners and trained investigators in law enforcement & government, as well as IT security personnel in corporations who are conducting full forensic examinations of Android and iOS mobile devices as well as Windows and Mac computers. (Full License owned and maintained since 2011)
Tableau Imaging and write blocking hardware and software – Industry standard hardware write-blocking and software imaging for creating forensically sound digital images of computer hard drives and portable storage devices for later analysis.
Forensic Bridge Model T35U – imaging SATA and IDE storage devices.
Forensic Bridge Model T8-R2 – imaging any USB connectible devices
T3iu Forensic SATA Imaging Bay – imaging SATA storage devices.
Advanced Forensic Specialization, Training and Experience
JTAG equipped and trained mobile device examiner – Advance method of extraction of mobile device data through direct access with the phones memory through test action ports.
In-System Programming (ISP) – Advanced method of extracting data directly from the device’s memory chip, while it is attached to the device.
Chip-Off – Advanced method of extracting information from a device by removing the memory chip from the device and reading it in an external reader or accessing it