Brief Simon - you won't look back!
Did you know, there were 27 fraud attacks for every 1,000 transactions in Q4 2015, an increase of 215% over 12 months. Fraud attacks have increased by 11% since 2015 according to the Global Fraud Attack Index. Ask for a complimentary external penetration test today.

Blog updates coming up - there is no better, faster alternative to end litigation than with eVestigator®. Major success stories. See blog section shortly for updates:  

eVestigator® launches a new Android App that is capable of penetration testing 65,535 ports - leaving no chance for risk - as freeware running on more than 40 devices - including most Android and Amazon capable hardware.
eVestigator® is invited to Channel 9's "Today Show" to help demonstrate a major security flaw in the Worldwide Credit Card systems called EMV, demonstrating how easy it is for hackers to electronically pickpocket your credit card details through the air via simple NFC technology available on Android 4.4 devices and above, which bypasses the RFID security and utilises the Contactless credit card technology to get the credit card number and expiry date. You can protect yourself by buying a simple credit card sleeve for 99c off eBay or most wallets these days come with a metallic coating that holds cards. As long as there is metal surrounding the chip - the signal cannot be detected.
eVestigator® Identifies an unprecedented Criminal Reverse Cyber-Stalker behind 7 fake IP entities impersonating others.
eVestigator® prepares to issue a major public cyber-security warning to the entire country by releasing intelligence to the media that will likely influence the country's criminal cyber-laws forever.

Simon Smith is Australia's most elite Computer Digital Forensics Private Investigator, expert witness for the courts, auditor of computer industry expert work, and master programmer and reverse engineering analyst (white hat hacker). An expert witness is a person who has specialised knowledge based on that person's training, study or experience. There are many factors' that distinguish opinions and facts, and in my life, I have been lucky enough to have over 20 years+ of industry experience from the very bottom upwards - not just some limited outdated paper from a jump in the middle of the supercharged industry (without a lifetime of background), although, eVestigator® has lots of formal paper to add to his collection too. His name is Simon Smith (FPI, GDipFDR, Investigator, CEW). He occasionally offers a Direct Briefing service with an NDA. eVestigator® has over 20 years+ experience as an master Computer Programmer, former sessional University lecturer for Swinburne 17 years ago in advanced programming, and an extreme business and IT portfolio in between. For the last six years he has been utilised as a Digital Forensic Expert and Court Witness and Private/Factual Investigator, as well as an Expert Cyber Security Investigator and Auditor and Data Recovery Expert. He is also a Digital Forensics Expert Court Witness for rt, Mobile Cyber Security Analyst, Patentee, Mobile Device Author and a Computer Systems Source Code Auditor. He is able to offer a vast range of Specialist Investigative services. He is renowned in Australia as "Today Tonight's" Cyber-bullying Expert, Digital Forensic Expert Court Witness, Cyber Security / Cyber Crime Investigator, Insurance Risk Analyst, Data Loss/Prevention, Online/Offline Fraud, Intellectual Property eDiscovery / Due Diligence Expert, Education Expert, iPhone, iPad, Android, Windows, Linux, Unix, Mac, Windows CE, Nokia Computer Forensics Data Recovery Expert, Windows Certified Programmer, Family/Dispute Resolution Practitioner, Nationally Accredited Mediator, Source Code Inspection, Ethical Hacking/Reverse Engineering Expert, Corruption Investigator, Surveillance/Bug Detection & Litigation Support. He is highly qualified, experienced and has proven to attain fast and cost effective factual outcomes, complimented by his Commonwealth Graduate Diploma in Family Law Disputes Resolution, Counselling & Grief and Trauma Author.

Simply call 0410643121 (Direct) to book in a time where he will provide you with an opportunity to sign a NDA and receive evidence from you and give you a definitive answer as to the direction he would give to add actual positive value to your situation. You may email or SMS. The email is He only works on successful cases and offers an initial FREE service to assist in ensuring the client has travelled down the right path. Complimenting this, he is also a Nationally Accredited Mediator and Family Dispute Resolution Practitioner, and General Factual Investigator. It costs you nothing. Give him a call on 0410643121 (Direct) and you are welcome to fill in the Non Disclosure Agreement.

An expert that goes above and beyond and aims straight for the point
I am known Nationally as eVestigator® and in the media for my specialist cyber expertise. I am a licensed Private Investigator, holding several Qualifications, being a Practicing Forensic Private Investigator, Trained Cyber Security and Social Engineer Expert, Expert Witness taught by Hugh Selby of Unisearch, holder of several Graduate Diploma's, Graduate Certificates, Diploma’s in Security and Risk Management, Government Investigations, Information Technology and Strategic Management, Cyber Security, Government (Fraud Control), Government (Security) and so much more (see below for so much more).

Skill, Experience & Speed equals low cost service! The higher the Skill, Experience and Speed, the lower the cost. That is what our customers have found out, sadly often too late
My main experience comes from 25 years of the majority of my child, teen and adult life consisting of extensive Commercial Computer Programming and interest in innovation and creation. It all started when I was 11 years old initially programming from a tape deck green screen AMSTRAD CPC464, growing up programming continuously before the birth of the consumer Internet, then programming throughout high school during the birth of the consumer internet with every main language that existed, designing my own mail and internet servers, continuing to this day with knowledge of all frameworks including now as an App Store accredited mobile developer to patentee and Master Programmer (from ground up - not like the template ones they teach today). When I was 19, I was literally handpicked and employed as an Analyst Programmer and taken straight out of year 1 University and offered a full time job as an Analyst Programmer leading to a Senior Analyst Programmer position after being recognised as one of a small group of 3% of Australians who received Quadruple A++ in Information Systems and Processing and Management CATs. In that role the mix between my IT expertise and investigative expertise began to show. I was investigating the binary of a QuickBooks QIF file one day for a corporate client and came across a RAW credit card number. I immediately called QuickBooks who took no interest. Since then I have worked at multiple workplaces and created from ground up several multimillion dollar enterprises all in relation to IP, web, cyber security, reporting, educational, project management, corporate application, mobile, data and voice analysis applications and enterprises from scratch. When I say from scratch, I fundamentally mean from scratch. There is an article I wrote about 'template' programmers you might find interesting on this site.
Computer forensics begin with the necessity of being computer programming master. Gone of the days where people say, "I have this Company certificate from this famous networking firm who happen to develop a widely used product. Developers make products - from scratch, and makers of products are able to understand the engineering underneath. A true expert computer programmer holds the skills and abilities of every other IT discipline, because through the Software Development Life Cycle (SDLC) they have had to conduct the equivalent work and ensure that ultimately their software works with Database X on Server Y or Conditions Z. In the past, I have used my programming abilities within investigations and forensics 'on the job'. If I need the job done, I programmed it myself. A true computer forensics expert is no expert unless they understand the raw essentials of the inner operations of programming from machine code to today's language layers - that way you understand the vulnerabilities from the lowest end. That is what you call a real computer forensics expert. I have often resulted back to source code to help solve cases. I don't rely on other people's tools. The fundamental learning comes from knowing the very backbone of computer programming, its history, (over 25m years- the birth of the consumer internet) its protocols from start to end, its languages from "IMM R0, 0x80" to what they call programming today and beyond. At this point, I knew that I was more than a Senior Analyst Programmer from knowing the complete roots of programming (now at 21 teaching advanced computer programming seasonally), having an advantage over everyone as I don't rely on software, even in investigations, I invent it. I am considered an expert in my field by way of experience and recognition of that experience, complimented by many side fields, especially knowledge of cyber stalking, family intervention and relationship battles and nationally accredited mediator status and it shows in the cases I succeed in. I have solved multimillion dollar fraud SCAM’s (including the fake Microsoft tech-support SCAM and dating SCAMS), resolved reverse cyber-stalking cases, family law cases, plenty of IP tracing and identity theft cases, and corporate crime and insurance fraud cases. I also work and train as a Cth. FDRP (Professional Family Court Mediator), and have trained many Barristers at law to become Family Dispute Resolution Practitioners’ appointed now by the Commonwealth. I am a Nationally Accredited Mediator (NAM) and hold a Certificate of Bail Justice from Victoria University. I am considered a Master in Digital Computer Forensics and Online Education and have developed patents in the subject matter. I have appeared on Today Tonight (7), the Today Show (9) and other media and to the courts as a Cyber Forensic Expert/Witness. I am independent and will act for and/or against the police/government or body corporate without fear or favour as my duty is to the law and the courts.
I have succeeded in every case I have taken on. I have had parties including government department, police prosecutors, and civil litigators withdraw once knowing I have the evidence to stand up against them.

I am a Computer Forensics Expert specialising in Cyber eDiscovery and Expert Evidence and Expert Witness Services for the Court. I have extensive Investigation, Government, Risk and Fraud Management Skills and am a Private Investigator. I have performed hundreds of successful high-tech-crime cases and appeared in court to give expert evidence. I have uncovered many high profile scams and given federal police crucial cyber intelligence in many cases. I specialise in online cyber stalking and cyber bullying cases, and also workplace investigations and family and personal intervention order and court strategic evidence related cases. I am a Nationally Accredited Mediator and Commonwealth Appointed Family Dispute Resolution Practitioner. I have taught Psychologists and Barristers to become FDRP mediator's also under the Family Law Act and have built Australia's largest Marriage Celebrant Academy and software, making over 5,000 celebrants, naturally being Commonwealth appointed myself. I have over 20 years as an expert computer programmer and have created my own commercial full desktop software packages and mobile software packages and was training advanced computer programming 16 years ago for Swinburne University at the tender age of 20. I have built computer based patents and ran large educational institutions. I have built Australia's largest training multi-million dollar non-funded private training organisations, software companies and mobile applications. I now dedicate my advanced programming knowledge to cyber security and ethical hacking and combined with my other credentials have found an extreme niche to help people in this area which one could describe as the step between litigation and crime/civil disputes and the police, that is a mixture of investigation, strategy and forensic evidence and intelligence gathering with advocacy, mediation and knowledge to attain an outcome.

eVestigator completes the Stanford University Cryptology Certification.

Simon Smith is proud to announce he has completed one of the industry's most challenging Cryptology Certifications. Created by Professor Dan Boneh of Stanford University, Stanford have produced an extremely thorough online certification well respected by the industry. Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course heads straight into detailed mathematics of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key.
The Certification covers some of the following:
Stream ciphers, cryptography, pseudo-randomness, encryption, secure encryption.
Block Ciphers, more powerful forms of encryption, AES/3DES, using block ciphers to provide data integrity, build an encryption/decryption system using AES. Message Integrity and classic constructions for MAC systems that are used to ensure data integrity, how to prevent modification of non-secret data, encryption confidentiality and integrity, authenticating large video files, hash chains.
Authenticated encryption, encryption methods for confidentiality and integrity, search encrypted data, studying symmetric encryption, key management and public-key cryptography networking a ciphertext attack on a sample website.
Basic key exchange, setting a secret key between two parties, consider protocols secure against eavesdropping, the main concepts of public key cryptography computational number theory and algorithms dating back to antiquity (Euclid) working up to Fermat, Euler, and Legendre. Also covering concepts from 20th century math and constructing several public key encryption systems.
Public key encryption, deep learning on how to encrypt using a public key and decrypt using a secret key. Public key encryption used for key management in encrypted file systems, messaging systems, and devices.
The two families of public key encryption systems, one based on trapdoor functions (RSA in particular) and the other based on the Diffie-Hellman protocol. Constructing systems that are secure against tampering, otherwise known as chosen ciphertext security (CCA security) and CCA secure public-key systems. Cryptographics mathematics for public-key advanced encryption techniques."


eVestigator® appears on the 7:30 report (ABC) discussing Cyberscammers.

eVestigator® Simon Smith has for a long time raised issues with ACORN and LRD (without or with adverse response) about the ineffectiveness of ACORN and especially the inadequacy of their services when it comes to blame shifting and police refusal to accept that cybercrime is a crime. Today, 1st December 2016, for a very interesting case that was first brought to the attention of ACORN, and left as a cold ignored case, then came to me, then identified by me, this is an interesting story to tell. Despite ACORN failing to do anything here for Gerard, outlined in the below story, the LRD police falsely accused that this incident was not reported to ACORN when it already was! It was not only reported to ACORN originally when they did nothing, it was rereported to ACORN by me, evident by the ABC 7.30 report. A copy of the 7:30 report footage is below. The PR from ABC in relation to ACORN's constant failure to act on cyber reports is also available below:
7:30 Report Video.

eVestigator® appears on Channel 9, the Today Show Extra Program to discuss Dating Scam policing concerns.

Simon Smith of eVestigator, went to Channel 9 with his client Christine for a chat with Sonia Kruger and David Campbell about the devastating effect dating fraud victims face when they merely entrust the wrong people looking for love on 'dating sites'. It is an absolute pity that people are victims to these crimes. Some notes for everyone out there, some of which we did not have time to say live this morning 5/2/2016:
1. Look local. Ensure you call the person on a real mobile number and they call you back from that same mobile number.
2. Ensure you meet the person in a reasonable time frame somewhere public.
3. An online dating site is not for dating. It is to simply introduce you to a real person.
4. If a chatter does not want to be a real person within a reasonable timeframe, say bye bye!
Today Show Extra Interview

eVestigator® issues Cyber-Security warning regarding 'Electronic Pickpocketing' with RFID to EMV via NFC.

There are no major surprises in this story except one. Approximately 65% of Australian and International consumers are carrying a 'Smartphone' that is capable of skimming the numbers electronically from an unsuspecting persons' credit card, right from their pocket. First we should start by saying right out that you can purchase for about $2 on eBay a little sleeve that you should put over any card you wish to protect that uses either Pay pass or Pay wave. Seriously, now! The every day mobile phone with some technical software modifications not so far out of reach of the every day person could be used to swipe someone's digits right from their pocket. Let's first begin with some definitions. Firstly, RFID stands for "Radio frequency identification" and it is a wireless technology incorporates the use of electromagnetic as well as electrostatic coupling in the radio frequency (RF) to give a object a digital identity. This is not new to us, and certainly if one had to crack the algorithm of RFID they would be quite stuck. Now, mobile phones do not have RFID.

Introducing, 'NFC'. NFC is Near Field Communication (NFC) is a short range wireless standard (Ecma-340, ISO/IEC 18092) that similarly uses magnetic field induction to enable communication between two devices as they pair, but only within a few centimetres. It is a shortcut if you like for a digital handshake that can emulate an RFID transaction by learning from another. It can also, on its own act in a capacity to uniquely identify an object but used for much smaller distances like key tags, or elevators etc. Then we introduce 'EMV'. EMV stands for Europay, MasterCard and Visa. It is a combined initiative and worldwide standard for cooperation of integrated circuit cards and IC card capable POS or 'Point of Sale' terminals and ATM's or 'Automated Teller Machines'. It is used quite frequently for authenticating credit and debit card transactions for small amounts under $100 here in Australia, and typically is dependent on the locality. It is limited because it contactless, and therefore vulnerable, but apparently not so much for the three key credit card companies to see as a threat for taking or virtualising a pretend transaction using a simple phone. So, to cut it short, an NFC enabled phone with the right configured firmware with programattical changes (easily demonstratable but not for sale gladly) can technically read and both write the transaction from its memory purporting to mirror the cards first signal. This is the technology already in use but controlled in Google Wallet, Samsung Pay, PayPal Cardless payments, etc. It uses NFC and Android Beam. eVestigator® warns consumers of the absolute possibility that this could be used to fake a transaction, as well as steal the credit card number and expiry date from somebody's pocket. Without going into detail, eVestigator® has recreated the technology already known to be a flaw in the system in the US and in Australia but not to the extent people should wonder if it could be used by anyone.

In my opinion, based on the fact that now Smart Phones are easily accessible with NFC and Android Beam, the technique opens the door to non hackers, and broadens the reach of Cyber-Crime. To protect yourself, you just need to make sure that your chipped cards are covered in foil, metal or some sought of pouch with metal inside as mentioned earlier. Are RFID or contactless credit cards more trouble than they are worth? How much more effort is it to swipe a card and enter a PIN? When did our time get so limited that taking no more than a second to pay for a purchase is worth more than financial security? Sure you can buy a little pocket or sleeve to protect your card from skimming and cloning that takes seconds, with little to no initial risk to the perpetrator as they never touch your wallet and costs them very little to get what they need to steal your credit card information and as little as $35 to create a fake card using the stolen information. The time it takes to remove and replace your card in the sleeve negates the time saved using 'tap and go'. I remember one of the benefits of the added chip being touted as 'extra security'; now people are seeing demonstrated what many of us warned - in front of my own eyes and in a controlled testing environment - IT IS POSSIBLE!

There is virtually no security, on these kinds of payments, but the worse part to this is that it gives you the raw digits, so potentially you could purchase online. It is even possible to generate a Random CVV with the technology. The $100 limit limits the damage of one transaction, but you only need the number once - as people still rely on MOTO (Mail Order Telephone Order). Specifically just limiting ourselves to this technology and forgetting about knowing the card number, we can reproduce a real-time transaction in quick succession, and they can add up before the theft is discovered and the banks have detected any suspicious activity. RFID is easily hackable, by using a 'back-door' style approach via NFC which kind of does away with the encryption of the RFID! All that is needed to make a purchase, particularly online or over the phone is usually the credit card number and expiry date and as a merchant myself eVestigator® can safely say that the card companies do not require a CVV for MOTO transactions, hence the risk has heightened due to the availability of the technology being conveniently packed into an Android Smart Phone which has all the bits and pieces (without software intervention) to replay or copy a card transaction. The name on the card being incorrect is a human fraud check that can be made after the fact but to actually make a purchase it is unnecessary. You don't even need the three or four digit CVV number on the back of the card for most purchases. In any case social media makes identity theft even easier.

The technology in your phone now may be able to take a persons' credit card number and expiry in certain circumstances of which we shall not outlay, but it is not replayable to the average person. Be mindful that even if you have your card packed in your pocket or wallet, a skilled indiscreet passer can brush past you and take what they need. This leads to even further privacy concerns. Birthday messages on Facebook for example, make it pointless to hide your birthdate. So it just might be worth disabling RFID and sticking to swipe and PIN, as credit card numbers are used to sometimes authenticate passwords or gain access to internet banking. eVestigator® will assist the various companies in their cyber-security issues if needed. How it got this far, who knows. Until a revelation or specific information becomes available eVestigator® is happy to keep people safe, and even though this possibly may be another risk or exploit, he sees thousands every year that don't even require technology. He has solved over 15 major scams, and sometimes people don't realise how trusting they are. There is a consumer and criminal disconnection, and whether it is blamed on the computer or not, it still follows traditional methods, so beware!

Cybercrime Expert Witness Simon Smith discusses the 'hidden defendant' appearing in almost every case.

Well, in my words it is "CYBERGEDDON". Not to be dramatic but I have now experienced an element of cybercrime in every single case that I have had to deal with in every jurisdiction including employee fraud, stalking, computer crime, theft (including identity theft), international crimes, police prosecution, civil disputes and extremely aggressive family law cases. As a Family Dispute Resolution Practitioner also, I can appreciate the enormity of mudslinging that goes on in such cases that depend heavily on the credibility or lack thereof, and have reversed many cases by an interesting element of cyber-fraud where the Internet has reversed cases showing fake email evidence admitted into evidence, almost causing loss of custody and destroying families. This is real!

I would like to introduce two short stories of fact anonymised for the benefit of counsel and readers of this newsletter to explain that from conducting a slight investigation and thinking outside the square, almost all cases are resolvable in such a way that they can be mediated or favourable to one side through computer forensics; as despite people thinking they are smart in sending anonymous emails or purporting to be someone else through TOR networks (of which I happen to own ‘Orion Elite Hidden IP Browser Pro++', the largest iOS software but it is supposed to be for the purposes of protecting the users privacy) they are not immune. I have saved many cases where justice has almost been destroyed because sadly in some situations the Magistrate, Justice, Judge or Member do not understand the complexity or the relationship between the technological credentials and reliability of the human and sometimes neither can the client explain it properly to their counsel or lawyer. This is detrimental because if nobody understands how to properly construct pleadings then they are likely to be struck out.

In my first case scenario, a person from India came to Australia to work for a company and provide Search Engine Optimisation (SEO) services. In other words, they simply came down and suggested that they would take over the company's Google marketing. This company was spending about $4000 a month on AdWords marketing. This new "employee" happened to own a SEO company in India, so he contracted himself to perform the work in conjunction with himself as an employee of this Australian company. He also set up various servers and operated several businesses from within this organisation—unbeknownst to the employers—through the company's network. From Google's perspective, all operations were performed by the employer. However, at least seven servers were set up, racking up a bill of $500 000 of debt without permission of the business owner; fraudulently, to the benefit of this employee who later was sacked and then demanded the employer pay more money as an alleged debt with the SEO company, money he claimed to be owed based on the trading relationship. What an ironic situation. I was called in to a very frantic company to determine how to get Google off their back for a half-a-million-dollar debt racked up by this ex-employee. The Google user account and IP address (internet location) pointed naturally to my client because the ex-employee had opened up several ports where he could dial in from home and pretend to be on my client's network in performing his illegal activities, then he left the country. I took a very strong lead in finding negligence on Google's side and technicalities in policy in attaining credit where credit was not authorised in order to defend my client's liability and explain from a cyber legal perspective, before it even got to the point of litigation, that the company was not responsible for this debt. In normal law, most of you would agree that the liability, despite the crime, would still fall on my client. This was an enormous success. This is what I would call a ‘hidden defendant'. You cannot always trust that the defendant is actually visible to you. This is also the case in many jurisdictions; one of which I would like to share with you that is quite extreme and how I completely overturned a massive case.

Most people would like to think that people tell the truth in family law cases, especially doctors. I had a case where I was called in to validate the characteristics of who may be telling the truth based on some SMS's and forensic iPhone discovery. However, I found much more than that. As it happens in this Family Law case, the mother had taken the child and as possession, as they say, is 9/10ths of the law it was up to the father (who had nothing wrong with him) to seek psychiatrist reports, counseling, visitation rights, initiate family law proceedings and go through an enormous amount of trauma to prove that there was nothing wrong with him to still potentially be on the losing side as he didn't have possession. An enormous amount of Affidavits were exchanged with the Family Court. Most Judges do not like to discuss perjury but I am a stickler for evidence and fact and I say it how it is; I did not intend on coming up with what I came up with. What I found was the last Affidavit of the mother, which was all allegations and no witnesses (and most allegations were in regards to forgery, rape, violence and no evidence other than her word as well as no police reports) and were very serious allegations. All of these accusations were of a man who seemed like a normal father, that due to this, limited him to three hours visitation, every three weeks to see his daughter of four months old with no notice. I do not take sides in cases however, I do take fact.

I, in my investigations, usually look at what comes to me rather than what the client asks as my first duty is to the court. In what I found by perusing through what we like to call "big brother" Google records is that a strange IP address appeared that had hacked into his Gmail account. However, what this person did not realise was that this IP address, once in Gmail is also recorded to have searched Google for methods of fabricating evidence in Family Law Courts against ex-husbands, planning methods of suicide and/or faking suicide and cutting brake wires of the same model car as my client. Subpoena evidence showed that the IP address that conducted these searches and hacked into my clients Gmail account, came from the credible doctor who had submitted over 40 Affidavits alleging the opposite to the Court of Law. It also shows that the searcher was looking for fake emailers and on the header of the emails that were submitted as evidence to the court, I note that the exact emailers that she was searching for sent those emails purporting to be somebody else. This is also a crime as we know it of impersonation. Needless to say, I stumbled on something quite large here. My advice to the client was to start talking closely with the other side.

My final words are that I can make a big difference to any case in relation to cyber intelligence. It is part of every case at the moment. Everybody uses their mobile phone, I can find out what they have done, what they have searched for, what their intentions are and what their personality really is. Everybody has a record that is usually uploaded to iCloud in the case of iPhones or the Cloud if they are using Android. Everybody uses some form of security-based email like Gmail or Hotmail that tracks you. There is always a record. I would advise everybody to test the evidence before accepting the inevitable because sometimes, on a simple technicality of fact at a very low cost, an entire case can be destroyed and these are where my successes lie. These are just two examples of some very successful cases. I am currently working on an enormous case which is very similar and involves an accused that is facing a jail term of at least seven years who, based on current evidence, did not do the crime and the withholding of that evidence seems to be an abuse of his rights. I always give counsel, lawyers or clients a free pre-investigation on any case to determine whether I can help to ensure that I can maintain my 100% success rate. I will only assist in cases that I know will produce an outcome.

You are an expert in litigation and cyber elements have unfortunately always existed but people have never realised how serious and how present they are in proceedings, now and in the past. Expert opinions and facts make a difference. Call me anytime on 0410 643 121 or visit and I'm happy to talk, anywhere in Australia. Simon Smith is a Cyber Forensics and Cyber Security Expert Private Investigator, Certified Ethical Hacker, Technologist and Computer Forensics Expert Witness. He has over 20 years+' computer programming experience and has appeared in various news publications regarding smart phone technology and on Channel 7's Today Tonight in relation to Cyber bullying and recently the Today show on Channel 9, discussing credit card security. Simon has a strong persistence in finding a very fast and cost-effective approach to assist cases with evidence that can be detrimental to one side based on his extensive knowledge of programming. An example of this is just in knowing that he has prepared to stand behind somebody in support of two convictions from a legal services commissioner in a state of Australia, based on a technical inaccuracy on their part, they dropped all charges. Being a Nationally Accredited Mediator, although in the court room, Simon works for the court, ultimately his goals is to help produce an outcome that joins all the dots and perhaps resolve a situation in or out of court without compromising fact.

eVestigator® predicts census cybercrime three days before warning Australia

10 August 2016 - eVestigator® - "Only 3 days after releasing the blog entry entitled below, 'Cybergeddon is here - eVestigator® Simon Smith announces the inevitable', comes the news of the 'Website for Australian census 2016 attacked' by a DoS (Denial of Service) attack. The best way to define a Denial of Service attack is for an attacker who attempts to prevent proper and legitimate users from accessing the normal use of a website by overwhelming it with requests, data, sessions, etc."

"Ethical hackers (and those unethical ones) know the limits of TCP/IP connections that are allowed on various servers - and if not protected can cause a exhaustion of the resources of the server, by flooding it with fake connections. Such attacks stop real people from getting onto the server to do what it was intended to do. This is why Cybersecurity is so important."

"I myself have written my own Denial of Service and even Distributed Denial of Service detection and blocking software that others pay tens to hundreds of thousands of dollars for. It really is quite simple. People often test websites to see if they have the proper infrastructure in place to 'put up' with such an attack. If I was investigating this, the first thing I would do would look for traces of mini tests before the incident, and that is often the way you would catch the Cyber criminal."

"I have reported on this issue officially in 'The New Daily' magazine - and as I predicted in my earlier blog Australia just is not ready. This is not a different world to what it was 10 years ago. People have chosen to ignore the same crimes being adapted differently. My view is strong. WAKE UP AUSTRALIA!"

"The published article is here and below (credited).

"It's the most simple attack": How the ABS bungled the 2016 Census
The Australian Bureau of Statistics was unprepared for the "simple" and "obvious" cyber attack that apparently shut down the Census, an internet security expert has said.
On Tuesday evening, the Census website crashed thanks to repeated "Denial of Service" (DoS) attacks, according to the ABS. A DoS attack is designed to make a network unusable by flooding it with millions of fake users.
At 7:45pm - as millions of Australians went online to complete their Census - the ABS chose to shut down the system, for fear of further DoS attacks (see a timeline of the Census night drama below).
The site remained offline all Wednesday and an update posted at 9.15pm was pessimistic about its chances of getting up and running that day.
"We continue to work with Australian Signals Directorate and our providers to get our secure online Census form back up as soon as possible," the ABS said in a statement. "A further update will be provided tomorrow [Thursday]."
It's still unclear what caused the website failure.
Cyber experts have questioned whether a DoS attack caused the online Census to shut down.
Online security researcher Dr Mike Johnstone wrote in Computerworld that it was more likely the failure was caused by too many Australians logging on to do their Census at once, rather than a DoS attack.
He conceded it may have been possible that a combination of a DoS attack and the system buckling under the weight of traffic caused the website shutdown.
But Dr Johnstone concluded: "If it's probable the Census servers simply failed under the weight of their task, then that's the most likely explanation, rather than a deliberate DDoS attack".

Australian government 'cyber security novices'
Computer forensics expert and cyber intelligence investigator Simon Smith told The New Daily that the government's lack of preparation and expertise on cyber security was proved on Census night.
"Wake up Australia, 'Cybergeddon' is here," Mr Smith said. "Australia is probably one of the weakest places in the world (cyber security-wise).
"I'm very afraid to say that we are extremely crap at protecting ourselves. It's not as if the government really put much effort into security, is my first reaction to the Census crash.

"Denial of services attacks are the most obvious attacks, they happen every day."

The ABS and minister responsible for the Census, Michael McCormack, said the attack likely came from overseas.
By Wednesday afternoon, Mr McCormack appeared to have been the subject of hacking on his own website, as News Ltd political editor Samantha Maiden confirmed to Channel Ten's The Project.
'It was a successful attack, not a hack'
Special advisor to the PM on cyber security, Alistair MacGibbon, told Sky News he did not know if the attack intended to steal information, or just to make a point about the hackers' abilities.
"It was successful because the ABS made the decision to take the website offline, because they wanted to make sure the worst case scenario [loss of data] didn't occur," Mr MacGibbon said.
He said the government believed no sensitive data was stolen.
Mr MacGibbon continually referred to the DoS as an "attack", but not a "hack", even though earlier in the day Mr McCormack refused to use the word "attack".

© The New Daily - Credit: URL

eVestigator® shows the public how they are broadcasting their identity without knowing it

A mobile phone finds and connects to Wi-Fi networks by periodically sending out "probe requests". In simple terms these are "Hello, remember me, I connected to these Wi-Fi stations previously? Anyone out there? Here is my Unique mobile phone address to check (MAC Address)". These requests includes a unique identifier called a MAC address, which while making it faster and more convenient to connect to a network, it also makes it possible to collect this information and use it to track people. Knowing your MAC address goes a long way to track your phone if it is ever lost or stolen. While not impossible to change, it is a very difficult process and probably not worth a thief's time. Turning off your Wi-Fi when you are not actively using your phone and/or have no need to access a network, stops this method of tracking while Wi-Fi is not enabled.

A second of inconvenience for a little extra security might just be worth the twinge of annoyance. There are Android apps available that automatically switch your Wi-Fi off once your leave the range of trusted networks, though I personally can handle swiping down the top menu and pressing the Wi-Fi icon myself so I haven't looked into these and prefer not to place control of my privacy into someone else's hands. For iOS apps are limited without jail-breaking your phone, though iOS 7 introduced a swipe menu with quick access to certain settings including Wi-Fi. I won't go into the technical steps of how to create a Wi-Fi monitoring system to track people as is used in some stores for marketing and research purposes but I will say it is a fairly straight forward process and needs a router or a single board computer like a Raspberry Pi with a Wi-Fi adapter. It is not just possible tracking that you should be wary of but also "free Wi-Fi" or open networks.

These networks tend to have little or no security. It gives potential attackers a way in and makes any information sent over them visible. It is why you should never log into your internet banking or secure account using McDonalds Wi-Fi, as an example. A faked or compromised access point to a network, is called a Rogue Access Point (Rogue AP). Using such a network, essentially sends any information you enter to the access point's creator giving them access to email, Facebook and whatever else you might access while online on an insecure network. It can be just to monitor or a backdoor into an otherwise secure system, even if it is a soft AP set up by an employee of a business with or without permission for easier mobile access to the business network to work off premises it behaves as a Rogue AP (Access Point).

eVestigator® draws the line between a phone and smart phone

24 April 2016 - eVestigator® - "While Apple hardware may be well-built and likely to last for years, the software is another story as Simon Smith of eVestigator® discussed with Jackson Stiles of New Daily earlier this week. Read the article here. (link on the 'The New Daily' website at the time of placing this blog - dated April 18 2016)

'A phone is a phone but a smart phone is not just a phone,' says Simon Smith. 'it is fair to say that the majority of phone users these days are smart phone users' therefore this must be considered when discussing phone in general and this is what came up recently."

"With every iOS update consistently, and so it would seem intentionally, aspects of previous coding becomes obsolete, different or removed altogether forcing iOS programmers to update their apps or risk incompatibility with new devices and operating systems. Effectively limiting the usability and life of a smart phone."

"An example of this is the iOS 9 implemented an update which restricted access to insecure websites on older phones. Although this is great for developers like myself who already use an encrypted system internally, such encryption should be part of the operating system and such encryption is welcome. However, with little to no notice to developers such an implementation caused havoc to software and their developers. 'The life expectancy of a phone is three years, in a way. It would probably hold up in a court of law (misquoted as 'life') if something went out of warranty.' you can have a phone, but you’re not going to get the most advantage and functionality out of a smart phone as technology grows because the phone is only as good as the hardware and the software they allow you to use. And sometimes you can actually get more out of the phone with the software, but they don’t let you.”

"A phone is a phone and will last as long as the hardware does but the other functionalities of a smart phone decrease and become obsolete over a far shorter period of time."