Forensic Locksmithing

By Chris Hurley for DuckTank.net

What is forensic locksmithing?

Forensic locksmithing is the practice of examining a lock to determine if a surreptitious entry has occurred. In order to perform forensics on a lock, a person must understand how a lock works. The first section of this document explains how locks are put together and work and how to pick them. The second section outlines the practice of forensic locksmithing.

How does a lock work?

I am going to discuss the most common type of lock for doors, padlocks, filing cabinets and office furniture: the pin and tumbler lock (See Figure 1). The pin and tumbler lock generally has five or six pins. The pins can be clearly observed in the locked part of Figure 1. The tumbler is the cylindrical "tube" that runs from the front to the backof the lock and the pins hang down intoit.



As seen in the UNLOCKED part of Figure 1, the key is inserted into the tumbler and pushes the pins above it. This allows the tumbler to move and in turn the lock will open. For most locks these pins are rounded. There are high security locks available. High security locks have pins with small indentations in them. High security locks are discussed on page two of this document under the heading Protecting Yourself.

How to pick a lock

Picking a lock is manually pushing each pin above the tumbler manually. This will allow the tumbler to turn freely and the lock to open. There are two tools required to pick a lock. The first is the pick (See Figure 2). There are several styles of picks but the general idea is that it is a thin metal bar with a jagged tip. This tip can be a variety of shapes. Generally the person picking the lock finds the style that works best for him.



The second tool is the tension wrench (See Figure 3). There are many different styles and sizes of tension wrenches. The tension wrench is possibly the most important tool for someone picking a lock


Figure 3: The Tension Wrench

To pick the lock, the pick must be inserted all the way to the back of the tumbler. After this, insert the short end of the tension wrench perpendicular to the lock opening. The next step is perhaps the only "tricky" one. The wrench is turned slightly applying pressure to the locking mechanism. If the proper tension is not applied, the job, while not impossible, is much more difficult. The tension wrench acts as the "key" when picking a lock.

Once tension is applied, the pick should be moved back and forth along the tumblers. You will be able to feel the tumblers with the pick if you move the pick slowly the first few times back and forth. This gives you an idea of where each tumbler is and how many there are. To open the lock, each tumbler must be manually lifted above the tumbler. The tension provided forces the pin to get stuck in a position above the tumbler. When each pin has been placed above the tumbler, it will begin to turn. Increase pressure on the tension wrench and the lock will open.

Protecting Yourself

Many companies make high security locks. MEDECO and AMERICAN are the two most popular high security locks. These locks have pins that have a groove in them (See Figure 4).


Figure 4: Grooved Pin

The grooved pin provides higher security by becoming stuck in the tumbler before the pin is completely lifted out. These locks will frustrate a novice intruder and probably prevent entry. They act as a deterrent to an experienced intruder. The experienced intruder will generally attempt to find another means of entry or move to a different target. They are not however impossible to beat. With patience, experience and the right touch these can be manually picked.

Additionally, there are electronic picks and pick guns (See Figure 5) that make bypassing these locks elementary.


Figure 5: Pick Gun

The pick gun pushes all of the pins above the tumbler at one time so none get stuck and the lock is bypassed. An electronic pick works the same way.

Performing Forensics

Performing forensics on a lock is actually a very simple process. Don Shiles of Laurel, MD is the leading authority on lock forensics. Mr. Shiles is a Master Locksmith and runs the US Army Counter Surreptitious Entry Course at Ft. George G. Meade, MD. Mr. Shiles contends that there are essentially two ways to determine if an attempt has been made to bypass a lock. The first is observation of external markings. The second, a bit more complicated is the observation of internal markings.

External Markings

Begin performing forensics by examining the exterior plate of the lock. Intruders are generally in a hurry and tend to scratch this plate up. Small scratches from the picks or more likely the tension wrench on the lock plate (just outside of the key opening) are telltale signs of an attempt to bypass a lock. The problem with this method of forensics is obvious: a key can make these types of scratches if the authorized user misses the keyhole and hits the lock plate with it. If the lock is brand new, or a record has been maintained of the markings, this is a very fast and effective forensic tool.

Internal Markings

A forensic examination of the internal locking mechanism is a much more effective means of determining if an unauthorized entry has been attempted. An internal examination is much more difficult because the lock has to be physically removed and taken apart for examination. This is generally only done after a positive external examination has occurred.

To perform forensics on the internal locking mechanism, remove and disassemble the lock. A visual inspection of the pins should be undertaken first. Look for light scratches on the pins themselves. The correct key will not scratch the pins as it was cut specifically to move those pins. A negative finding does not mean that there has been no attempt to bypass the lock. Experienced intruders have a light touch and often leave no marks that are visible to the naked eye. If no scratches are observed, each pin should be removed and placed under a microscope with at least a 100 x magnification. If any attempt has been made to bypass the lock, the scratches will be visible at this magnification. If the intruder used a pick gun or electronic pick, a microscope will not show scratches. Instead, small indentations will be visible.

Conclusion

No lock is tamper-proof. If sensitive or valuable items are going to be stored, it is best to use a high security lock. High security locks work in much the same way as "The Club" on automobiles. Any thief can bypass The Club off, but most will move on to a car that does not have one in it.

If an attempted bypass is suspected, examination of both the external and internal mechanism of the lock will provide conclusive evidence that an attempt has been made. It is important to remember that forensics will show if an attempt was made. Forensics will not provide conclusive evidence that the attempt was successful. It will, however, alert you to the fact that additional security measures must be taken immediately.