 Okay. We're ready to get started. Almost. Welcome to lock picking forensics. My name is Datagram, also known as DG. I run the following two sites. That's my email if you want to contact me about this. What we're going to talk about today is a real quick how locks in picking works. We're going to look at what normal wear on locks and keys looks like. Then we're going to go into examining locks and keys for different evidence of entry based on various techniques. One thing we want to talk about first is that destructive entry is still something that's the most popular method of entry by far. It's also the easiest, usually the cheapest and the fastest. This talk is not going to cover destructive entry, only because from the forensics side of it it's not as interesting as other forms of entry, namely lock picking, bumping, so on. Just keep that in mind. On the website that I run, there's more information on that if you're interested. How many of you know how locks and picking works? Just a quick show of hands? Would the rest of you like a quick introduction? All right, very quickly. This is called the pin tumbler lock. The inner piece right here is called the plug. The outer piece is called the cylinder or the shell. That's how it looks like from the outside. Most people, probably everybody in the United States has these on their work, their home, their garage, everything. The way these work is that inside the lock there are two pins and the bottom pin is called the key pin. The top pin is called the driver pin. Above those two there's a spring. So when you try and just turn that inner piece, the plug, the piece that rotates when you use the key, you're blocked by those blue pins. The blue pins are preventing you from rotating that inner piece, which then engages the bolt or the shackle or whatever you have in your lock. So what a key does is it raises all these pin pairs to the correct position so that the red and blue, top and bottom key and driver pins, they can separate and that allows you to rotate that bottom piece. So essentially when this happens the key raises it, the blue pins are trapped up in the cylinder, the red pins are properly aligned. The point where they meet right here is called the shear line. So here's just a quick animation of how it works. And that's all that happens when you're using your key on these pin tumbler locks. So the way picking works is that we might assume that when these chambers for each pin are drilled and the pins themselves are all perfect alignment, perfect size, they all match. And so when you would turn that inner piece, the plug, we'd be hitting up against all them at once. We'd be blocked by all of the blue pins at once. And in reality what happens is that everything's a little off. The placement of the chambers, the size of the chambers, the shape of the chambers, the size of the pins, the shape of the pins, they're all slightly different. And that leads to the effect of when you turn that inner piece, you're only actually hitting one of those pin stacks first. Now obviously they all need to be moved by the key to prevent rotation completely, but at any given time you're only being blocked by one, in theory at least. So the way we pick a lock is we use a special tool, how many of you bought pick sets in the village? Awesome, awesome. They're great pick sets this year. They also didn't cost a million dollars, which was nice. So the way we pick a lock is we use this tension tool and we apply tension to the plug. Now when we do that we're obviously being blocked by those top pins. What we're going to do is we're going to find that one pin stack that is blocking us, and we're going to use a pick tool to raise those pin pairs in the same way that a key does. When we do that, the top pin will set just like when we use a key. It'll be raised to that point where they're allowed to split. We do this, the lock will rotate a very little bit, and then another pin stack will bind. And we do this consecutively until all the pin stacks have been properly aligned, and at that point the plug is allowed to rotate and engage the bolt work. So here's a quick animation of how it works. Again, we use our tension tool. We apply light tension. We come in with a pick, and so what the animation is doing is he's probing, and he's trying to find the binding pin, and the binding pin will be one that has more tension or it'll feel harder to push up. So that one was the binding pin. So he sets that. So now that pin's trapped above in the cylinder, and he's going and trying to find the next binding pin. So process of elimination, now this one is. So he sets that one. And now the second one. And now the last pin. And at that point that inner piece is free to rotate, and the lock opens. Okay? Has everybody got that? Alright, alright. Let's try to get a grip. So this idea of forensic locksmithing is a lot of times we give talks, almost every year there's at least one lock picking or physical security related talk. A lot of times we talk and focus only on the techniques to compromise locks, compromise safes, and so on. We never really talk about whether or not that's detectable. And in the last talk we saw some examples where it wasn't detectable, because they were basically using just a normal key. So in 1976, a gentleman named Art Bajoki of the Chicago Police Department, I believe he's in the criminology department at the time, he decided that with his knowledge of locksmithing and investigative work, he was going to do all these different tests against locks in terms of different opening techniques and then examine them for different types of forensic evidence. And he basically started this idea of forensic locksmithing. Unfortunately a lot of his original research material is not available. And when I found out about forensic locksmithing and I tried to get more information, it was extremely hard and that's why you're watching this talk now. It's basically the results of me replicating the original tests. So there are a few resources. The first resource, which is probably the best English resource on the subject, with the exception of my site, is a book called... No, the book is actually much more detailed than I could ever be on the site, but again, to buy books costs money of course. So Mark Tobias, who gave the 11 o'clock talk with Tobias, I know I'm going to ruin his name. I apologize if he's in the audience, blues manis. Mark Tobias wrote this book and it's basically this giant tomb of locksmithing information. There's a section on forensic locksmithing and it's extremely detailed. The book itself is somewhat expensive as far as books go, but I believe you could buy just these chapters for 50 bucks. I'm not sure. You'd have to check the website. Another resource is written in German by the gentleman, again, another name I can't pronounce. What that translates to is tool traces. And as far as I know, it's the only book that specifically and only focuses on forensic locksmithing. Unfortunately it's in German, so I haven't read it. However, it does have extremely nice pictures which put mine to shame because he uses a very, very nice microscope set up. Another one that's in both English and German is this book called Impressioning. The English translation is kind of engrishy, but it's still a very good book, and the person who wrote the German tool traces book wrote the section in that book about the forensics of impressioning techniques specifically. So what does a forensic locksmith do? They're also referred to as investigative locksmith. The primary goal of the forensic locksmith is to determine if an attempt or success or both was made to compromise a locker keying system and identify any tool marks, any trace evidence, anything that can help determine the facts of the case, either by identifying suspects, identifying victims, linking things together, so on and so forth. They might also provide expert testimony either as for the defense or for the prosecution on their findings. A lot of times they're also asked to provide testimony just as a, what do they call it, like an independent witness where they just explain things because locks and safes are not something that most people know about, so judge and jury in many cases need that explained to them or clarified just so that they can have the facts about what is possible what is not possible, the difficulty of doing different things, so on and so forth. But that's basically what a forensic locksmith does. So we're going to look at how different levels of wear affect the components in the lock. Obviously if we don't know what wear looks like we can't distinguish it from all the different tool marks and different kinds of evidence. So here is a picture and in all the examples all the components are brass pin tumbler locks. That's the most common in this country. There's obviously different types of materials that they could use for both tools as well as locks. The forensic evidence is still very similar. Wear again may be a little different depending on the type of lock and the components, but this is by far the most common. Excuse me. So in this photo we have a picture of a bottom pin from our pin tumbler lock and if you look at it closely you'll see that there's all these milling marks. We don't see any scratches, we don't see any dents, we don't see any dirt, debris. It looks for the most part new, right? The key itself also looks new depending on where you're getting your key made. This is a factory original key. It's not as smooth and nice as the pins, but then again it doesn't have to be because keys can be replaced easily but the components inside the lock, that's another story. The plug, that inner piece that rotates also looks new. No scratches, no dents, nothing like that. After a hundred uses the pin starts to develop this light dark ring and a couple scratches on it. If we look at it up close what that's doing is that the insertion and removal of the key is actually polishing the bottom of those pins and the reason that it's around the entire surface of the bottom of the pin is because as you're inserting and removing your key you're actually rotating those pins. In the majority of pin tumbler locks there's nothing to prevent you from continually rotating it and there's also no reason. The plug itself, as we're turning it the top pins are riding along it and those will cause a slight bit of wear. The key itself is also going to start to develop these slight crevices where it's rolling along the pin tumblers. I always mention this because it makes me feel better about the time I spent doing this but I did all these by hand, not with a cool machine. Just so you know, thank you for that justification. I was, this is not a joke, I literally sat down and counted and believe it or not 15 year olds with the promise of 50 dollars still find this not in their league. No, no, no, no miscounts, perfection. Okay, I don't want to, we'll laugh about it later and I'll cry about it even later. So after 1500 uses, the pin one, the pin furthest to the, closest to the front of the lock will have the most wear. It'll almost look completely polished. We'll see some light scratches caused by the imperfections and the wear on the key but for the most part all those milling marks are starting to disappear. Pin five is a different story. Pin five is the pin furthest back of the lock and this, as you can see, does not have as much wear and it has more scratches. So why is that? Well, first of all, when you're inserting your key pin one is touching every part of the key and the key is also only touching the tip of pin five. So you think of your key, if it's all the way in the back it's only getting touched by a very limited portion of the key. So that's going to reduce the wear because the tip of the key is also touching all the pins it's the most worn down part of the key for the most part and that's why there's more scratches on here because of the imperfections in the key. At fifteen hundred uses the key also again shows more wear. Well, the black is lubricant from inserting and removing the key so much. Again, the craters are just getting bigger and more deformed. Over time what's going to happen how many of you have ever used a lock and you had to jiggle it or slightly pull it out to work? So that's the key wearing down. So what's happening is the material on the key is going down or the pins are getting smaller and so you have to jiggle them to make sure those pins can separate properly again. At fifteen hundred uses the plug also has increased signs of wear more staggering of the lubricant. At five thousand uses. Thank you. At five thousand uses pin one is almost completely polished. Even the scratches that we saw previously are all but gone now. And after five thousand I decided to be nice to myself. After five thousand wear looks pretty similar to this. It gets a little more polished but for the most part that's how it looks when the lock stops functioning. Pin five again, the same pin we saw previously reduced wear compared to pin one. We also see this funky oval shape. It's not an evenly distributed wear like it is with pin one. The reason for that, again, it's only getting touched by the tip of the key so when we insert and remove the key we're not getting the full range of rotation that all the rest of the pins get. And so it starts to develop an oval shape and different pins designs might also be a figure eight looking shape but it's different and that may be important if we get a bag of pins as a forensic locksmith and we need to determine which is which or hopefully determine which is which. At five thousand uses again the plug wears down. Something we haven't looked at yet. How many of you have seen bumping done bumping know about bumping? So you know that it causes slight damage to the face of the lock. So how does normal wear compare with that? Well normal wear, I'm sure all of you know this this weekend but everyone gets drunk or just too sleepy or too tired and slightly misses the keyhole, right? And you make a little scratch. So after five thousand uses you make a lot of scratches, a lot of wear and at the top of the keyway you're also most pin tumbler locks are shoulder stopped which means that that little piece on the key is called the shoulder is what prevents you from going in further and that aligns the cuts correctly so that they could raise the pins correctly and you could open your lock. Five thousand uses that's going to be slightly worn down but it's different than bumping which is what we'll see in a bit. Five thousand uses again the key starts to wear down more and more eventually again those will not properly align the pin tumblers. So what do we do when we forensically analyze? That sounds retarded but go with me here. When we do forensic analysis on the components of the lock well we're going to look at the components obviously we're going to look at the pins the springs and other types of locks we'll look at whatever components they have we're going to look at the plug, the inner piece the cylinder, the outer piece the cam or the actuator is that piece on the back that interfaces with the bolt work that's obviously very important we're also going to look at all the keys we can get our hands on we're going to look at the bolt mechanism itself because that may be subject to attack we're also, which is something we don't cover we're also going to look at doors, windows, walls everything that could possibly allow somebody to gain entry to either a residence or a business or facility so on. So the first thing we're going to look at is lock picking and how many of you picked a lock this weekend? Very good, I applaud all of you so what you're doing thank you for that smattering of applause sir what we're doing when we're picking a lock is we're invasively manipulating the components of the lock with a hardened steel tool and the tool almost, in all cases has to be a hardened steel tool so that it's strong enough to lift those pins against spring pressure so when we do this we're leaving marks in various parts of the lock and all the red marks where we expect to find locks we'll just jump right into it in tip time so the pins themselves of course we're rubbing a steel tool or lifting with a steel tool these soft brass components that's going to leave a lot of scratches on the pins the next five pictures are from a five pin lock that's been picked once so even one slide of the pick through the lock is going to leave marks in the vast majority of cases so in this picture we see lots of different scratches in different positions different angles, different depth of the scratches themselves in this one we see more different places, obviously kind of a similar pattern here we see, again similar we see these two very large impressions on the pin so when we talk about lock picking in the villages we always demonstrate that there's a method of single pin picking which is what we saw in the animation there's also raking where you very quickly scrub the pins of the locks to raise them to a lot of different heights the long elongated scratches are of course raking they may also be just single pin picking when you're trying to maneuver in the lock but something like this is very clearly a single pin lifting and what they may have done is used too much tension and that's why it required that much force to lift it this is again slightly less but we still see marks, they probably pick this pin very quickly and again you see the big long scratch in the center this is pin 5, again not only does it have less wear than the rest but we see there's very distinct markings on the pin, only a few so this is almost certainly something that was single pin picked unless they got very lucky and happened to rake it with a very tip of the pick sometimes we can determine the skill level of an attacker based on how the marks look it's not always a surefire thing because of course an expert lock picker can always pretend to be an amateur after they're finished to dissuade investigators but something like this is basically a horror show in terms of forensics so you see there's very very deep scratches to me this would indicate they applied extreme tension and that's why they're scraping off so much of this material because under normal circumstances you wouldn't be able to scrape off this much because the pins would raise by the springs so this is just something I thought I'd include well what about if you have an expert attack who's very good at maneuvering the pick knows exactly what they're doing can set each pin stack once they know it's binding immediately just by lifting very slowly then you can get them a lock that was picked by an expert it's really hard to gauge what expert means in terms of lock picking but you can see we still see these scratches they're of course light but there are still scratches along both the sides and the bottom of the pin the sides of the pin are something that are extremely hard not to touch when you're picking a pin tumbler especially in the case where if you consider you have a very low pin next to a very high pin without touching the very low pin so here we see some scratches on the side again none of this is consistent with normal wear both in terms of what it looks like so as the angles of these tool marks the depth of these tool marks here's some more examples light scratching here's even extremely long scratches so the question I get a lot is well could this be caused by the key well we saw what normal wear looks like with a normal key obviously we could have a broken or poorly made key that makes different kinds of marks every situation is obviously unique so you need to consider all that but something like this can almost never be caused by the key because we have full length scratches along the side of the pin and the key really only touches the bottom and the very edge of the bottom of the pin again here's another example of someone who wasn't as skilled you can see the marks are much deeper they're more numerous the plug itself that inner piece is actually a great source of forensic evidence so if you consider when you're manipulating these pins you're also scraping against the sides of the plug the top of the plug top of the keyway is something that the key never touches ideally some locks are very tight but the majority of pin tumble locks will never touch this area at the top of the keyway so if we look here we can see some scratches and generally this is thought of as a virgin territory which I'm sure is something you guys know a lot about but we see that they're scratches and so in that position we normally would not expect to find something so that may be a very good indicator that something was picked based on the markings in that location the walls of the plug are again excellent how many of you have had trouble maneuvering the keyway with your pick tool again that's going to leave a lot of scratches the scratch is going to be probably at various angles various lengths they're not going to be consistent with the use of the key in the pin chambers themselves this is a plug cut in half so that's why we can see all this very well in the pin chambers themselves we might find deformities so again this isn't something that a pin would do or a key would do otherwise it would probably do it to more than one chamber and we'd be able to detect by examining the key again here's another example but I like this example because it's actually extremely an extremely good tool mark in terms of we can see that the angle is not consistent with the key the placement as well as the depth and if we look back at this slide we see it's not on the other one so let's say a key was doing that that's one of the wards in the key that prevents the incorrect profile key from going in we would probably see the extra material and they forced it in we'd probably see that on others as well not just a random ward in the middle of the plug again up in the pin chambers we might find more with very high pins this is more common only because you have to lift much higher again the key does this normally but with the pick we can go even higher than the key allows us and get even further the tension tool that we use at the bottom or the top of the keyway is also going to leave a mark here this one I did not even have to disassemble it we can see there is this nice fresh line and that is the tool mark so how many of you when you put your tension tool in you kind of have to seat it right it's not perfectly seated when you first do it you got to jiggle it to get it in place everybody who's picked a lock probably right so when you're doing that what you're doing is you're essentially making these tiny little scratches and when you finally choose the placement of the tool you're making this very long scratch well I it's not a scratch because obviously you're shearing into the material but it looks like a scratch here and so another thing is that well more advanced lock pickers will use lighter tension because that's all that's required so even in this case where very light tension was used we hit it with light in the right position we could see this nice big tension tool mark we also see those same scratches where they were seating the tension tool the cam the piece in the back of the lock excuse me is also going to have scratches this is more of an amateur thing again because if you're touching the cam of the lock and there's no bypass method which we'll get into a little later then you're essentially not touching any of the pin tumblers and you're just scraping something so a lot of times at the conferences we'll have locks without the cams because they don't service purpose because everything's disassembled and there's no bolt work again we can really often tell the skill level attacker by looking at this component as well a lot of times in the village is what we'll see with the back of the pick or the tip of the pick sticking out the back of the lock and they're trying to manipulate things but they're not really touching anything with the pick tip itself so when the cam is there they're going to scratch it up quite a bit doing that and that's going to leave us very good tool marks in a lot of cases with situations like this we hope that the material from the cam or the pins or whatever got onto their tools and we're hoping that their tool material got into the lock and later the type of forensic analyst will probably go through there and determine what that material was and with a bit of luck we could even link it back to a suspect's tools or a specific lock and so on and so forth now there's a lot of, in recent years we haven't really been finding these really giant classes of attack but we've been finding specific tools made for specific locks and each of those in the majority of cases will leave distinct forensic evidence so I believe it was years ago at DEF CON John King demoed his medicoder which is a tool to properly rotate these pins in a medico you need to both raise and rotate the pins properly so that adds an extra element of difficulty for picking as well as various other things so his tool worked very well to pick these locks but again we see these scratches in this channel which is somewhere the key can never touch and it's somewhere if you know what a medico is the sidebar will also never touch the very bottom of this and we're seeing the tools from that seeing the tool marks from that tool so how many of you know what pick guns are? okay cool, how many of you know what bumping is? alright, if you know what bumping is you know what pick guns are pick guns are basically bumping with a specially made little gun thing and I had one in the village that was broken but that's what it looks like it's basically a little gun with a pick at the end of it and it slaps all those tumblers in the same way that when you bump a lock you're hitting all those tumblers with a key same principle we're going to expect to find various different types of marks obviously on the cam, the pins themselves because it's essentially just a pick with a snapping motion at the end we're going to find most of the same marks however they do look different than traditional lock picking with the pick gun, unlike bump keys you do need a separate tension tool so again we can find the same tension tool marks in the front, either at the top or the bottom of the keyway so pick guns essentially they just slap the bottoms of the pin tumblers to effectively effectively bump the lock and so when this happens they're leaving these nice little dents on the bottoms of the pins and when you do this repeatedly the pins are again allowed to rotate and they'll start to resemble this bicycle spoke pattern so with this not only can we count how many times they used the pick gun in a lock but hopefully some material transferred to their key or excuse me to their pick gun hopefully some of the pick gun material transferred to the lock and again we can try and identify or connect a suspect to this situation on the cam of the lock we're also going to find these scratches and these are kind of neat because again we can count how many they are but the cam is also going to allow you to take off quite a bit of material if you're hitting with the tip of that pick gun it's going to scrape off quite a bit of the key tool marks again we're going to hope for something to transfer between the tools for identification later so everybody got it who's going to get it? okay so key bumping is kind of this thing started in 2004 by tool of Netherlands they're hopefully here somewhere criticizing me and making notes for me to make this better later and in the US Mark Tobias a lot of other members publicize this between 2004 and 2006 it's kind of fallen behind lately because once you learn it it's kind of boring it's not something that requires a lot of skill and practice like picking does but when this happened a lot of people myself included by the way kind of misrepresented the ability to detect bumping and so everyone's like well what happens now with insurance if your lock was bumped because it doesn't look like anything happened it looks like you left a door open and so on and so forth and in some cases that may be a problem a lot of insurance contracts as I'm sure many of you know are very very tight and they only cover a specific subset of different techniques and so on and so forth so maybe bumping wasn't included in your insurance policy again we're going to find a lot of different forensic evidence of this more than most all other techniques in fact although we're going to find them in all these different areas and they're really distinct when compared to all the different types of entry so the primary thing we're going to find is when you're bumping a lock you're basically forcibly impacting those pins with the key and the key has a lot of surface area so it's going to make these nice big dents and so wherever you bump the lock you're going to be basically hitting this and we're going to find nice big dents so that doesn't look like pick guns and it won't look like the other things we're going to go through handmade keys are kind of an interesting thing so most people don't buy their bump keys because they're morbidly overpriced that's right I said it but instead file their own because it's an easy thing to do it's cheap all you need is a key that fits the lock so what's kind of interesting about this situation is that when you file your key you're leaving a specific unique pattern on that key when you file it any tool you make can have a specific pattern when you push it into something or make an impression with it now with the bump key we might be able to correlate the uniqueness of the key with the impact on the lock now it's an extremely hard thing to do it's not something that's going to be done all the time because in most cases we just want to know that the lock was bumped but of course in criminal cases we'll want to try and identify a suspect or be able to link a suspect back to a location or with a tool that they have I like to use different lights and it's a good thing to get into the habit with forensics just to try and illuminate these different things so here is a different type of light source and you can see that the the dents and the scratches are all pretty easy to identify but again same basic pattern what's kind of cool and something that unfortunately you don't have a lot of time to talk about is the shape of the pins may cause unique things when you're bumping so hold on yeah I can't talk right now sorry I bet it's one of the people in the front row in fact keep bumping in this specific lock both the tops and the bottoms of the bottom pins are rounded and so what that means is you could insert them in either orientation to make re-pinning the lock easier when you bump what they're doing is basically impacting very lightly the bottom of the top pin and that's causing this strange deformity when you bump how many of you have bumped and it didn't work the first time everybody who's bumped I'm sure so when you do this what happens to all that kinetic energy you're trying to transfer it doesn't just magically vanish what usually ends up happening is that they don't jump correctly instead of jumping you're basically slamming the top pins against the chamber walls remember because they're blocking you from turning at that position they're going to slam into those walls and cause various dents if we look at the last slide we'll see that there's a gap between those two points and that's called the serrated pin if we look here there's bumps so much that the serration closed up and so it's kind of an interesting thing that this bumping attempt allowed this security mechanism to be slightly damaged now we're still going to have the same level of difficulty picking the lock but it may cause a slight difference it may make it easier again we talked about the top pins are basically slamming into those chamber walls and over time what that's going to do is distort the chambers in almost any direction so you can see here there's various distortions along the lip of the chamber in various directions right the face of the lock again we talked about what looks like right here the face of the lock is going to have a lot of wear from bumping there are techniques to mitigate this but most of the time when we bump we don't do this and we would still have forensic evidence inside the lock anyways so here's like the lock that I've taken to every conference I've ever been at where I've demonstrated bumping and you can see it's really beat to hell here's a more moderate example of something that's only been bumped a few times but again it still doesn't look like normal wear it's really we definitely tell it something impacted that point the plug itself if you look at your keys and your hands you'll see that as you go towards the handle the bow of the key the material starts to get thicker and that's so you can provide strength so you don't snap your key when you tune it when we do a technique called the minimal movement method we're actually allowing that thicker part of the key to enter the keyway and the keyway is not shaped for that by default it's only shaped to where the shoulder stops it and when we do this we're actually displacing material from the front of the keyway because we're allowing that thicker portion of the key to go in impressioning is kind of a cool I think I got all the vowels in that one impressioning is kind of a cool technique that we demonstrated in the lock picking village I hope some of you got to see that where we basically use a blank key to manipulate the lock and make a working key for the lock and obviously open the lock with the working key that's going to leave evidence because of the technique to do impressioning so what we do when we impression is we insert the blank key and we apply very strong tension on the key itself, torque if you will and we're going to rock the key back and forth remember we're binding all these pins at the shear line so they can't move the blank key is going to pick up marks from us doing this and from that we take it out, we file those positions the key will drop slightly the pins will drop slightly and we're going to have all of the cuts on the key properly position the lock and it's a very easy thing to learn it's a hard thing to master but it is extremely effective and it's great for locksmiths because they can open your lock as well as have a key that they could use to make you a new brand new working key so when we do this, when we apply this strong tension we're basically shearing the pins forcibly into the plug and cylinder and that's going to cause all these the shear points along the key or excuse me the pin and what's kind of cool is that we could actually for one we could look and see how many times they sheared it and as it drops down we could see well maybe they filed this many times we could also see the distance between those shears and if they're really big distances like in this photo here we could say well maybe they knew exactly what lock it was so they looked up to keying specifications so that they could make impressioning quicker because if you don't know how far each pin depth is supposed to go totally so you don't go too low but if you know you could just go directly alright this made a mark we'll go to cut one made a mark again we'll go to cut two it's a much quicker way to impression and here we can see that they're very spaced out so the person that did this probably knew exactly what the keying specifications were impressioning again we're applying extreme tension to both sides of the plug that's going to distort the plug chambers laterally bumping can distort and almost any direction any way shape or form but impressioning is only going to go to each side of the pin chambers we did some UV demonstrations in the lock picking village basically you can coat the blank with ultraviolet ink and the marks will be extremely easy to see there's no guesswork involved it's actually a really easy thing to do and it's a lot of fun if you want to do this as a hobby but all that UV ink is going to obviously rub off on the lock and so we could see here in the key way as well as on the shoulder there's UV ink now the pins themselves are also of course going to have UV ink on them and if we look we can actually see the positions where they rode the key so as you're pulling it out those are the tracks of the UV ink rubbing off inside the lock decoding is kind of a hard technique to define only because lock picking opens the lock impressioning makes us a key decoding doesn't necessarily do either of those decoding is is that we gather information so that we have the information necessary to make a key doesn't necessarily make us a key right away impressioning could be seen as a very obscure form of decoding where we're manipulating and we're decoding the positions of the lock but decoding as a general technique is really hard to define and so decoding is extremely powerful because a lot of methods are surreptitious which means you can't find any damning forensic evidence so how many of you have a key on your belt or on your lap right now no one else raised their hand ok that gentleman so the person sitting next to him could very easily look at his key to look at the pattern of the cuts and once you get really good at it it's not very hard to determine the code of that key so you can make your own not only that I'm sorry sir you might want to put it away real quick not only that but some keys have the code for each cut directly written on it and with that of course we could go and make a working key that would be an example of visual or optical decoding there's also the over the shoulder if we're using a combination lock somebody could see you put in the combination and they would know the combination there's this idea of a decoder pick which essentially leaves the same evidence as a normal picking but while you're picking it you can see when you set the pin and based on that you could decode the depth of the pin and so on there's this idea of combination manipulation with safes which we talked about in the village again where you know like the spy movies where they jiggle the dial and listen to it with a stethoscope that's not really how it works but it is a very powerful technique and since we're basically just using the combination lock normally we're not really doing anything that would leave forensic evidence and when I speak of forensic evidence the forensic locksmith isn't responsible for fingerprints or hair and fiber or so on and so forth they're only responsible for forensic evidence as it relates to the lock or keying mechanisms themselves so you could very well manipulate the safe dial and still leave your fingerprints still leave traces of your hair or maybe your skin cells so on and so forth but the forensic locksmith is only concerned with locks and keys now when they disassemble it they might find additional evidence such as hairs or blood a lot of different things inside the lock that may help the investigators but it's not their primary focus for those things there's also this idea of thermal decoding where if we have a keypad combination lock we can use thermal imaging to see the last buttons pressed based on the heat residue there's radiological attacks which are basically taking x-rays of the lock to see where the components are where they should be there's thermal locks and very easily determine all the components that's something that of course you have to know how to do if I gave you guys a screwdriver and said well take apart that lock and put it back together completely maybe a lot of you could do it but a lot of other people would have trouble especially if it's a more complicated mechanism there's a lot of little moving parts so on so visual decoding also goes into looking at the components inside the lock itself not just the key but the colored pins and these are used in a lot of different locksmithing kits or pin it yourself kits at Home Depot where you want to re-key your locks so all you got to do is replace those pins and you match them up the colors with numbers on your key or with whatever locksmith gives you of course we could use a board scope or an autoscope or some kind of viewing device to look inside the lock and if we could figure out all the colors and which pin set these came from some locks this is called a wafer lock which is something we didn't talk about but some locks you could actually look at the components themselves and they will sit at different positions and from that you could decode the correct position on the key there's also again disassembly and something that I've actually been interested for the last couple months because I've been doing a lot of conference stuff is hotel safes now that may or may not be a hotel safe disassembled or at least the lock on it so it doesn't even have to be a safe it could just be the lock on the back door or a side door or an inner door what if that safe lock is master keyed for all safes in the hotel what if it's the room key is master keyed so that the janitor or the maid whoever can get in that's obviously a huge problem and with disassembly we could take apart the lock and decode all the positions and then obviously have a key for one lock bypass is kind of a cool technique so in lock picking we're manipulating the components directly bypass goes straight to trying to retract the bolt without affecting the integrity of the locking components does that make sense this is how I define bypass a lot of people consider bypass to be any technique that opens a lock but I find it easier to segregate between the two so with bypass the most common kind in the back that actuates the bolt in a lot of cases that's unrestricted you can move that freely in really bad locks or even some well designed locks that just happened to have overlooked this so in this case you can see the scratches from a tool that was used the American 700 is a story we like to tell a lot in a lot of the lock picking villages we give about this lock and it had this problem where you could just put in a thing in the back of the lock and turn and the lock would magically open and it's kind of an interesting thing so what ended up happening is that this attack got to American lock and so they said well we'll design this little it's basically a piece of metal that fits in the back of the lock so that a tool can't go further and touch that component and it has its own part number and everything it's kind of a cool story and so here's an example of tool traces of an attempt on that thank you and so what happened after this which I haven't included yet for time so somebody made the pick to do this they made the little metal disk to prevent this somebody made basically a giant knife that you slam into the lock to break this component so that there's a nice hole so that you could again use that original tool eventually this ended up they redesigned the lock completely and discontinued the old one I think I'm not sure I know there's a new design that they went with but it's kind of a cool story of cat and mouse and then eventually they ended up redesigning it to be much better due to this so in the 11 o'clock talk there was a lot of discussion about manufacturer response and how they improperly in our opinion I don't want to talk for everybody but in my opinion improperly deal with these security vulnerabilities these security threats so Mark Tobias originally discovered a technique to bypass this really expensive electronic lock a couple years ago if I'm not mistaken Bobic of Tool US he knew that there was a bypass available and this happened over the weekend at Black Hat so this is apparently O-Day material but I want to credit those two for figuring it out and letting me take pictures and do this so what happened is that we're at the Black Hat lock picking workshop and we have this is a very expensive lock a couple hundred dollars US and so it's a combination lock obviously it has an override mechanical cylinder that we could pick but that's boring Bobic noticed that there's this hole at the bottom and what that is is the drain hole because this is meant to be used on exterior doors so we want to make sure that water and moisture can drain out so that the components work correctly so when Bobic took this apart he noticed hey that's interesting that drain hole goes directly to the bolt actuator and that's that piece right here and so Bobic figured out how to do this and we were demonstrating it in that class at Black Hat of him and DVNL and DVNL he's going to kick my ass for that demonstrated this and so everybody in the class was like hey you're that forensics guy why don't you figure that out and so I took my camera and I looked at it and the first thing I noticed was that there's all this material missing and the way this bypass works is essentially a wire is placed between there and it picks up the actuator and allows the bolt to retract without entering a combination without picking the lock like Mark Tobias said there's still mechanical locks and in this case there'd obviously be no audit trail of when that happened because we're never interfacing with the electronic components of this lock so in this case the placement of the wire when we rotate the bolt is scraping off all this material inside and now obviously I'm not CSI so I couldn't do this during the week but that could be material from the tool he used but for my money I'm guessing it's probably material from that that actuator position itself more damning is where the placement of the tool eventually finds itself that piece on the end pushes in and allows the actuator rotate is tool marks and obviously those are very distinct the angle and pattern of them indicate normal use so that's our O-Day and that's the forensic evidence I hope you enjoy that because it was the last minute edition we have a lot of material to cover which we'll cover in 103 which is the Q&A room I only have about 5 minutes left so I'm going to go through there's 2 more sections but we'll go through them in Q&A if you guys are interested I'm going to jump directly I told you there's a lot so a lot of people since I started the site about 6 months ago a lot of people have been asking me well how can I get certified or learn more about this the International Association of Investigative Locksmiths offers licensing and certification they also offer training but all the people I've been referring to them come back to me and say they're not offering either so as Mark device said if you're a letter agency and you like training I'd be happy to help you out but if you contact them eventually I assume they'll start figuring out whatever they're doing and accepting new members or training and so on I always hate it when people put a lot of links on the last slide and everybody scrambles to write it down so if you go to my site www.lockpickingforensics.com you can get all this information and a lot more you can also go to the links page for a lot of things you might be interested in I also run the site called LockWiki which is a collaborative lock resource that has a lot of material that also has a community portal with lots of other links as well as links to various lock sport groups so on that is all I have I'd be happy to take questions in room 103 it says track 4 Q&A thank you