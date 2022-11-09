Bill Aycock says his backyard lab in Ingram is as sophisticated as the Federal Bureau of Investigation labs in Quantico, Va.
“I’m a mobile device forensic expert,” he says. “I extract and interpret data from cell phones, flash drives and tablets. A lot of my jobs are for criminal or civil litigation, but some are to retrieve information from devices that have been damaged so badly they will no longer work.”
He says he works in several layers. First, he has to find some way to connect to the device, to gain access to the information. But what he extracts can be a jumble of hexadecimal code, computer language. He has to parse the hex code and organize the data into data sets, which may be text, audio recordings, or pictures, that humans can understand. Then he has to interpret and report the information, which requires a high level of writing ability so he can testify at an expert witness level.
“It takes a lot of ongoing training and study,” he says. “The industry standards change weekly, and I have to keep up, so I’m constantly learning current best practices. The International Association of Computer Investigative Specialists also conducts yearly training and certification.”
But he isn’t on his own. He says, “I’m constantly in contact with other IACIS experts all over the world. If Apple changes a security feature in their iPhone, an expert in Israel may notice it, work out a way to bypass it, and put it out for the rest of us. Apple focuses on making their devices as secure as possible, but we have an opposing interest in breaking that security. It’s a cat-and mouse game.”
However, Aycock says he feels perfectly safe about the data on his own iPhone. “A cell phone collects all the data it can, from calls made, texts sent, photos taken, to where the phone was located. It’s collecting information whether it was turned on or off.”
He says with a photo, for instance, the phone records not just where and when it was taken, but also what angle the phone was held at, if zoom was used, and if there was a lens or filter attached. Extracting data at that level, though, requires someone like Aycock, who is one of about four people in the U.S., and the only one in Texas, with his skill, tools, and training.
He adds, “To me, that data collection is a good thing. It’s done for the benefit of the user. Today’s enhanced 9-1-1 capability can tell a dispatcher exactly where you need help. When my father, Bobby Aycock, started to develop dementia I activated the ‘Find My iPhone’ feature on his device, and used it twice to find him when he wandered off and was lost in San Antonio.
“Even with the justice system, in criminal or civil cases, I can be called to testify for the prosecution or defense, or the plaintiff or the defendant. My testimony may be about, ‘Was the phone at the location of the incident, or somewhere else,’ or ‘Was the phone in use at the time of the incident or not,’ indicating whether the person may have been distracted or not.”
He says extracting the data depends on the condition of the device. If it’s operating, he can plug in and use software to suck out the information. If the device is damaged, he may have to repair it, so he also has to train in repairing them. If it’s beyond repair, he may have to swap the phone’s chip with a working device. “I use a toolbox approach. I don’t just have a ‘hammer,’ I have a lot of different tools for different situations. If it works, I’ll use it. I even have to understand cell tower technology, so I can tell how the tower is interacting with the device. Of course, that means I also have to go to training in how to use all the software and hardware I have in the ‘toolbox.’ But everything I do is at the expert level. I love what I do, and I’m dedicated to being the best I can be.”
When he reports his findings, he says, he reports facts, but he has to report them in ways that the lay person can understand. “For instance, your cell phone deletes old information. I describe that as a series of trashcans, but each trashcan has to be exactly full before it can be deleted, which is called ‘wear leveling.’ So if a can has 99 bytes of data, and you discard a 100 byte item, the phone will put one byte in the almost-full can, and 99 in a different can. If the phone empties the first can, that data is gone, and I have to explain why I can only retrieve 99 bytes from the ‘can’ remaining in the phone.”
Aycock says he is a Kerrville native, and graduated from Tivy High School in 1989. “I wanted to be a professional musician, so I went to the Berklee College of Music in Boston, Mass. I had completed 30 hours when I felt a call to be a police officer, so I came back home. I worked dispatch for Kerrville Police Department while I completed law enforcement training. At that time, when the KPD station was on Main Street, they weren’t hiring officers without patrol experience, so I went to work for the Kingsville PD from 1994 to 1995.”
It's a good thing he did, because he says that’s where he was set up on a blind date with Ronda Gardner, and they had pizza and went to the beach. They were married in May of 1996, and moved to Kerrville. Now they have three children, all in Kerrville. Their daughter, Madison, owns a mobile coffeeshop; their oldest son, Brandon, is an electrician; and their youngest son, Brady, is an Ingram Tom Moore High School senior.
After returning to Kerrville, Aycock says he worked patrol for KPD from 1995 to 2004, then came to the Ingram PD as a detective. “It was there I started to run into cases involving phones. Back then we had to send phones to Austin, and wait a year to get anything back, so in 2011 then District Attorney Amos Barton helped me take a certification class. I dove into it as a detective and became known as a local expert. I took more training, becoming an IASCS Certified Mobile Examiner, JTAG/ISP Mobile Examiner, Chip-Off Forensic Examiner, certified in Practical iPhone Board Repair, Cellular Tower Analysis Examiner, Certified Cellebrite Mobile Examiner, and Oxygen Forensics Certified Examiner. So when I retired from law enforcement in 2013 I set up my own company, Verifi.”
Today more law enforcement agencies are training officers for basic forensics work, he says. They are doing a lot more with the evidence they receive, but not at his level. He says he has a soft spot for law enforcement, so he’s always ready to consult when he’s needed.
Aycock says, “A lot of my forensic business is word-of-mouth, so my only advertising is a website, Verifilab.com. That keeps my overhead low, so I can offer amazing stuff at not-amazing prices. I get a lot of job offers, but no one can give me a shop in my back yard in Ingram, Texas, so I turn them all down.”
