Thursday, September 11, 2025

How Can You Find the Kirketrator of Trump's Friend?

Back to list


Officer Sean Collier - one of the victims related to the Boston Marathon bombing - during the manhunt for the perps

  1. Stand up unified command. Establish incident command with campus police + city PD + sheriff + state police + FBI/ATF as needed; assign leads for scene, canvass, digital, ballistics, and victim/family liaison.

  2. Make the scene safe & freeze it. Triage victims, neutralize hazards, and immediately set hot/warm/cold perimeters. Log every entry/exit; no one walks unescorted. (Preservation is critical to avoid loss/contamination.) National Institute of Justice+1

  3. Prevent evidence loss right away. Cover weather-exposed areas; shield footprints and bloodstains; stop cleaning crews; halt sprinkler cycles; stop trash removal in the footprint and adjacent buildings. National Institute of Justice

    4. Read more

  4. Immediate digital preservation holds. Issue written “preserve now” requests for all CCTV/NVR systems on campus and neighboring businesses, plus body-worn cameras, dash cams, and stage/AV feeds. Request original exports with metadata, logs, and players; don’t accept re-encoded clips. NIST Publications+2Regional Computer Forensics Laboratory+2

  5. 360° scene documentation. Before moving anything: wide-to-tight stills, video walk-through, overheads (ladder lift / fixed-wing / UAS if authorized), a measured sketch, and 3D scan if available (e.g., total station/FARO). National Institute of Justice

  6. Trajectory & impact mapping. Identify entry/exit, potential muzzle locations, impact spall, ricochet, and backstop. Use rods/lasers and note vertical/horizontal angles, with photographs and measurements for reconstruction. National Institute of Justice

  7. Locate and collect ballistics. Grid search for cartridge case(s), bullet, and fragments along likely flight paths and impact sites. Photograph in place, mark, and package correctly (separate, rigid containers; no metal-to-metal). Maintain airtight chain of custody. National Institute of Justice

  8. Victim & medical coordination. Coordinate with the ME/coroner for full autopsy, radiography, wound path documentation, and recovery of any projectiles/fragments; preserve the victim’s clothing for trace/soot/stippling analysis. National Institute of Justice

  9. GSR/trace where lawful and appropriate. Consider prompt collection of GSR/trace from persons/areas consistent with policy and legal standards; prioritize swabbing of likely firing positions (railings, doorknobs, roof access points). (Follow your jurisdiction’s scientific and legal guidance.) National Institute of Justice

  10. Identify, separate, and interview witnesses. Rapidly identify closest observers (VIP detail, stage crew, media camera ops, rally marshals). Obtain original phone videos/photos (not just shares) and contact info; conduct cognitive-style interviews; avoid co-mingling witnesses. National Institute of Justice

  11. Video canvass & triage. Map nearby cameras (campus, streets, dorms, stores, parking, transit). Pull native exports with hashes/signatures and clock offsets, plus NVR event logs. Build a synchronized multi-camera timeline for the minute before/after the shot and the ingress/egress windows. NIST Publications+1

  12. Public evidence portal. Stand up an upload link/QR for attendee media; publicize via PIO without revealing sensitive forensics. De-duplicate, hash, and index submissions; tag by vantage point and timestamp.

  13. Acoustic/technology sources. If available, retrieve acoustic gunshot detection, radio logs, emergency call timing, and stage mic recordings to refine shot timing and potential muzzle vector.

  14. Develop suspect path(s). From video + witness accounts, extract stills of any person displaying pre-assault indicators (scouting, rooftop access, concealment, post-shot flight). Note clothing, bag, gait, vehicles, direction of travel. Distribute BOLOs to patrols and neighboring jurisdictions. Regional Computer Forensics Laboratory

  15. Vehicles & movement. Check parking cameras, campus gate logs, rideshare/taxi pickup zones, and traffic cams; where authorized, query ALPR in/out corridors around the event time to identify candidate vehicles. (Follow local policies and legal standards.)

  16. Ballistic intelligence (NIBIN). Submit cartridge cases (and test-fires from any recovered gun) to NIBIN for potential correlations to other shootings; fast-track any “NIBIN lead” for investigative follow-up and seek confirmation by a firearms examiner. ATF+2ATF+2

  17. Firearm tracing (ATF eTrace). If a firearm is recovered, initiate eTrace through the National Tracing Center to identify first retail purchaser and trafficking patterns; integrate with interviews, pawn/range/rental records, and FFL theft reports. ATF+2ATF+2

  18. Forensic comparisons. Have a qualified examiner compare bullets/casings to any seized firearm(s) under a comparison microscope; document class/individual characteristics and limitations; request muzzle-to-target distance estimations if applicable. National Institute of Justice

  19. Access control & rooftop audit. Pull building access logs (card swipes, keys, maintenance tickets) and CCTV for rooftops, garages, dorm windows, and vantage points; interview facilities staff about abnormal access or propped doors.

  20. Digital investigations (with warrants as required). Work with prosecutors to seek narrowly tailored legal process for:
    CSLI or geofence data to place a known suspect device at the scene (must comply with Carpenter v. United States and local precedent).
    Account/content records for threat posts or planning communications.
    Cloud/device extractions from arrested suspects. Oyez+2Justia Law+2

  21. Person-of-interest development. Cross-reference prior threats to the VIP/campus, restraining orders, extremist grievances, stalking reports, weapons arrests, recent rooftop trespass calls, and students/staff with relevant histories.

  22. Photo arrays & identifications. Use double-blind, sequential photo arrays; document admonitions; avoid suggestive procedures; record confidence statements contemporaneously.

  23. Warrants/searches & arrests. When probable cause exists, execute searches on residences/vehicles/lockers for the firearm, matching ammo, distinctive clothing, range receipts, maps, access keys, and digital media; preserve logs and video of the search.

  24. Laboratory queueing. Prioritize testing with clear questions (e.g., “Does bullet A match firearm B?” “Is this the same gun as prior incident C from NIBIN lead?”). Stagger requests to avoid bottlenecks; share status with prosecutors.

  25. Analytic timeline. Build a minute-by-minute composite: suspect approach → pre-shot behavior → shot timing/trajectory → egress route → post-incident movements, linking sources (video, witness, ALPR, digital, lab) with clock-drift corrections.

  26. Comms discipline & PIO. Centralize public messaging; solicit tips and media but do not release technical details (e.g., exact trajectory, unconfirmed NIBIN hits) that could taint witnesses or aid evasion.

  27. Victim/family care & notifications. Assign a family liaison; coordinate with the ME, prosecutors, and protective services; manage property return and court updates.

  28. Interagency case conference. Regularly brief DA/USAO on probable charges, discovery posture (Brady/Giglio), digital returns, and lab timelines; identify remaining gaps and assign owners.

  29. Quality control & legal review. Audit chain-of-custody, warrant scope, minimization steps, retention limits, and disclosure readiness; fix documentation gaps early.

  30. Operational follow-ons. If a network is suspected, coordinate threat mitigation (additional security for related events, protective details, campus alerts), and consider parallel financial/communications analysis.

  31. After-action. Post-case, review CCTV coverage, rooftop controls, access policies, radio interoperability, and public-upload workflows; update SOPs and training.

Key references for best practices (selection): NIJ/FBI crime-scene guidance on scene security/documentation and evidence handling; NIST/FBI guidance on native CCTV exports with hashes/metadata; ATF’s NIBIN for ballistic links and eTrace for firearm tracing; and Carpenter v. United States (2018) on warrant requirements for historical cell-site data. Justia Law+9National Institute of Justice+9Federal Bureau of Investigation+9

What about search engine logs - the shooter knew this person was going to be at this college campus. What about pre-crime preparation - like getting ammo, etc - so looking through purchase records?

1. Digital footprint (searches, online research)

  • Search engine/server logs: With proper legal authority (typically a search warrant or subpoena), investigators can request logs from Google, Bing, etc., for queries such as the VIP’s campus visit, rally date/time, directions, or seating maps.

  • Web browsing history: For a suspect’s seized devices, digital forensics (via write-blocked imaging) can recover deleted or cached search terms, visited pages, and metadata.

  • Social media & forums: Monitoring posts, likes, or group memberships that indicate planning, grievances, or interest in attack tactics.

Read more

2. Purchasing patterns

  • Ammunition sales: Depending on jurisdiction, ammo may require ID; retailers may retain transaction logs or surveillance. Investigators would check recent purchases against suspect’s ID, debit/credit card, or surveillance video.

  • Firearm purchase/transfer records: In the U.S., every licensed dealer sale goes through Form 4473 + NICS. Trace requests via ATF’s eTrace reveal first retail purchaser, which helps link a gun to the suspect.

  • Explosives/precursor materials (if relevant): Purchases of black powder, smokeless powder, or large chemical orders can be cross-checked through vendor records.

3. Financial transactions

  • Bank/credit card records: Look for unusual purchases (range time, high-capacity magazines, optics, tactical clothing, travel expenses for reconnaissance).

  • Cash withdrawals: Sometimes suspects switch to cash — but ATM video can tie person + time.

4. Logistics & planning behavior

  • Travel records: Airline, bus, train, or car rental records to reach the campus area.

  • Hotel/Airbnb receipts: To see staging location near the rally.

  • Campus access prep: Checking whether suspect scouted rooftops or practiced entry into restricted areas.

5. Associates & communication

  • Messaging apps / email: With warrants, examine whether the suspect coordinated with anyone else, sought encouragement, or acquired gear via private sales.

  • Phone metadata: Call detail records may show outreach to suppliers, online sellers, or co-conspirators.

6. OSINT & tip fusion

  • Open-source indicators: Blog posts, manifestos, or online handles could reveal motive and pre-attack rehearsal.

  • Community reports: Gun range staff, store clerks, or campus peers might recall unusual purchases or conversations, which should be folded into lead triage.

👉 In short: authorities don’t stop at the bullet and cameras. They work backward from the crime to reconstruct the suspect’s intent, planning, acquisition, and rehearsals, drawing on digital forensics, purchase/financial records, and witness accounts — always under the framework of legal process (warrants, subpoenas, chain-of-custody).


Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)