Computer Forensics

Julie Amero Granted New Trial

Finally, some justice in the Julie Amero case, Judge Hillary B. Strackbein has granted Julie Amero a new trial based on the fact that the Norwhich Police detective, Mark Lounsbury, provided erroneous testimony, i.e., did not know what he was talking about, and the jury may have relied at least in part on his testimony. The Judge cited additional forensic analysis done by the state after the guilty verdict, and said it contradicted the testimony of the state’s computer witness. The article posted on the website made it sound like she would not be tried again.

But today, Smith said state would take no position on Dow’s motion for a new trial, making it unlikely she will be tried again. Smith also acknowledged that erroneous information about the computer was presented during trial.

Amero, who was pregnant at the time of the incident on Oct. 19, 2004, faced as many as 40 years in jail following the January verdict. Her sentencing was postponed four times this spring as the state considered new evidence in the case.

Amero’s case became a hot issue for bloggers throughout the country, many of whom sharply criticized the guilty verdict. Strackbein criticized the bloggers today, saying they tried to “improperly influence” the court. Source: Amero Granted New Trial

I wonder how the Judge means that bloggers tried to improperly influence the court? The tech community was very active in this case because we all new it was crap, but I hadn’t heard anything about bloggers being pushy or anything, so I really don’t know what she is referring to.

What is funny, is the article in the Norwhich Bulletin, the local rag that has pushed the fact that she was guilty from the beginning, posted an article about this story, here, and the first line said she “claims pornographic images on her classroom computer were the result of pop-up ads”. Claims? Sounds pretty obvious to me Greg, even the State admitted they were wrong, can’t you?

Congratulations Julie, hopefully this is the end, if you want to contribute to her fund to help pay for her defense, visit the blog they setup here, because you know she will have to foot the entire bill for being wrongly accused.

Note: I have a big rundown of what happened previously in the case posted in this article, Teacher Porn Case and Computer Forensics.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 6, 2007 at 6:23 pm

Categories: Computer Forensics   Tags:

Todays Tech 6/1/2007

Lots of interesting stuff to read.

Encryption vendor claims AACS infringes its patents, sues Sony Certicom has done extensive work in elliptic curve cryptography (ECC), and the patents in question build on this work. The patents have already been licensed by groups like the US National Security Agency, which paid $25 million back in 2003 for the right to use 26 Certicom patents, including the two in the Sony case. Now, Certicom wants Sony to pay up, claiming that encryption present in several key Sony technologies violates Certicom patents on “Strengthened public key protocol” and “Digital signatures on a Smartcard.”

Zune Firmware Update 1.4 Improves [tag]Zune[/tag] Shuffle experience, that’s about it.

How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab The investigator (who could only speak anonymously) wonders aloud what other networks are right now being controlled by criminal enterprises whose presence is entirely concealed. Computer crime has shifted from a game of disruption to one of access. The hacker?s focus has shifted too, from developing destructive payloads to circumventing detection. Now, for every tool forensic investigators have come to rely on to discover and prosecute electronic crimes, criminals have a corresponding tool to baffle the investigation. This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.

Meet the people of the Web A new series from Yahoo!, exploring the most interesting stories and characters on the web.

The Scariest Google Street View Finds Have you been caught doing something with the Google Street View?

Surfing Sex Offender Caught with Mum’s Spyware Pedophile is caught using a keylogger, like Teen Minder, installed by teens mom. This is what I have been saying for awhile, watch your kids, you don’t have to watch everything, just check in occasionally.

New firmware prevents modders from being banned A new firmware version has just been released for all 360s with the TS-H943 DVD drive preventing against any Xbox Live detection attempts and allowing the 360 to play all “backup” game copies.

New Details On Gears Of War Update…. New Achievements Looks like Epic is going to be taking advantage of the extra 250 gamerscore via DLC, and we will be getting some more Gears of War achievements.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 1, 2007 at 6:08 pm

Categories: Computer Forensics, Sony, Xbox   Tags: , , , , , ,

Todays Tech 5/31/2007

Hitting some of the technology highlights.

Data Recovery Using Linux Recovering data from a Windows system using Linux tools.

Well we really screwed this one up? In trying to remove some Live Journals that were violating their terms, specifically pedophile journals and communities, they deleted some that should not have been deleted and are trying to explain what happened and what they are doing to get them back. Related article from here.

Can you say du huh. Studies: music industry overstating threat of P2P piracy Unauthorized sharing of digital music remains a huge issue for the global music business, but is most of that sharing taking place on peer-to-peer networks? For years, peer-to-peer was the bogeyman, the red Communist music monster than was going to devour the industry’s revenues. But new research suggests that sneakernets may be as big a problem as darknets.

EMI Music, Google and YouTube strike milestone partnership Soon, you will be watching videos and recordings from EMI Music artists, through a deal between EMI and Google.

Mahalo Is Hawaiian for Useless Unbiased review of Mahalo, the hand made search engine from Jason Calacanis. Michael Arrington writes a puff piece here.

BBC to broadcast in ‘Second Life’ In the Second Life economy, more than $600,000 changes hands every day. Now the virtual world is about to play host to a BBC show about that economy and how people have made real money from it.

A picture’s worth a thousand clicks Google has bought Panoramio, a community photos website that enables digital photographers to geo-locate, store and organize their photographs — and to view those photographs in Google Earth. Big surprise huh?

Google brings developers offline with ?Gears?; new offline Reader ?Google Gears,? an open source project that will bring offline capabilities to Web Applications ? aimed at developers. From the Gears API Blog Gears is a browser extension that we hope — with time and plenty of input and collaboration from outside of Google — can make not just our applications but everyone’s applications work offline. From Read/Write Web And guess who is most at risk with this announcement? Yes, Microsoft. Google after all has many of the top ‘best of breed’ web apps now, and Mozilla wants more market share against Microsoft’s Internet Explorer browser. Adobe and Microsoft are also engaged in an ongoing battle for Rich Internet App supremacy, which probably explains why Adobe is involved in Gears. And of course, this will have major implications for the Web Office – where Google Apps is directly competing against Microsoft Office (whether Google admits it or not!).

Be the first to comment - What do you think?  Posted by Jimmy Daniels - May 31, 2007 at 4:59 pm

Categories: Computer Forensics, Google, Piracy, Second Life, Tech News, YouTube   Tags:

Julie Amero Sentencing Delayed Yet Again

Not sure if this is some ploy to drag the Julie Amero case out so the community that has built up around her will forget about it or what, but her sentencing has been delayed again this time until June 6, 2007. It is funny watching people change their tunes, the Norwhich Bulletin has always suggested or implied, at least the way that I read it, that she was guilty. Now, they seem to be baking off a little, as they should, all they have done is give local papers a bad name and helped to erode confidence in what you can and cannot believe online and in the papers. Stay tuned.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - May 24, 2007 at 4:19 pm

Categories: Computer Forensics   Tags:

Computer Forensics Information

Here are some great articles on computer forensics if you are interested in learning that field, or are just interested in the kinds of things that we do. From finding hidden data, to cracking bios passwords, some interesting reading is available. All of these articles that I have read contain some really good info and will definitely help you create a baseline in how and what you do in your computer forensics investigations.

Computer forensics: Finding hidden data If you don’t know anything about how computers store data, this might be an eye opener for you, and a clue on how some file recovery programs are actually able to recover data, mostly, because it’s never really deleted, just eventually overwritten. From finding stuff in slack space, swap space and hibernation files, there are MANY places to find incriminating evidence on a suspect’s computer.

Computer forensics: Cracking a protected BIOS and creating disks for analysis How to get into a system with a bios password, and the steps you need to take to ensure you get a forensic copy of a suspect’s hard drive, as well as tools to make sure you don’t do anything to it, i.e. write data to it, to compromise the image.

Protect endpoint devices from swap and hibernation file data leaks Suggests turning off hibernation and swap files to prevent people from finding sensitive data easily.

Computer forensics: Preparing for electronic evidence acquisition When to do a live or dead forensics analysis, when you do a dead analysis, always unplug the power from the computer, this article says unplug from the wall, one of the classes I took said to unplug from the back of the computer, but I don’t remember why off the top of my head.

Other articles, such as collecting physical evidence, access control and securing permission are covered, and there are many downloads available, mostly free chapters from books you have to buy, etc. Check out the forensics tag from Techrepublic here.

I am starting to play with FTK now and will be going to a training for it in a couple months, hopefully I will learn some new stuff, which I doubt, but learning the proper use of the software will be great all by itself.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - at 3:54 pm

Categories: Computer Forensics   Tags: , , , ,

The MacLockPick, Live Forensics for Your Mac

This is one cool little USB drive, and I am currently looking for a Windows version, drop a comment if you know of one. The MacLockPick is a USB device that will allow you to perform live computer forensics on a suspects Mac OS X system, once the software is run, the drive will extract data from the Apple Keychain and system settings to give the examiner fast access to the suspect’s critical information with as little interaction or trace as possible.

MacLockPick, live computer forensics for Mac OS X

MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep. It also makes use of the openly readable settings files used to keep track of your suspect’s contacts, activities and history. These data sources even include items that your suspect may have previously deleted or has migrated from previous Mac OS X computers. Source: MacLockPick, live forensics for OS X via MacUser

Here is some of the data you will have after the software runs:
System passwords.
General passwords.
Internet passwords.
Appleshare passwords.
Folder dates.
Disk images.
Files that have been viewed in the preview program.
Recent QuickTime file names.
Recent Applications, Documents, and Servers.
IM default login and buddy list.
Email account details, address book and opened attachments.
Complete web history, including search strings in the Google toolbar, cached bookmarks, current bookmarks, cookies, and browsing history, including the number of times visited and the date and time of the most recent visit!
Serial numbers of attached iPods.
Bluetooth devices.
Wifi connections.
Network interfaces.

Unfortunately, this device if for law enforcement only, you must provide proof that you are a licensed law enforcement professional and that the use of this technology is legal on federal, state and local levels.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 27, 2007 at 2:43 pm

Categories: Apple, Computer Forensics   Tags: , , ,

Julie Amero Sentencing Delayed Again

I forgot to post this the other day, but, the Julie Amero case has been delayed again, this time without a reason given, but, hopefully, it is to help her case. It has been delayed until April 26, 2007 in the Norwich Superior Court. The Norwhich Bulletin, the local “newspaper”, is still spinning it like she was some drooling pervert and we are her fervent supporters.

Amero has been portrayed by her growing number of fervent supporters as the helpless victim of pop-up pornography ads.

Amero never denied the porn appeared on the computer. She said she had done everything she could to prevent the children from seeing the computer screen that day. The examination of her computer showed she had accessed the Internet for nearly the entire school day, with porn sites accessed for several hours during that time. Source: Amero sentencing put off until April

Sorry Greg, but it is awful easy for people who know computers to pick out some bullshit information and call someone on it, like when Lounsbury, the gentleman who did the wonderful forensics job on the computer, said “You have to physically click on it to get to those sites”. Hello, red flag, it just records every website visited, it doesn’t matter how it was initiated. Anyway, good luck Julie, hopefully Alex Eckelberry and some of the other computer experts can help you get away from the Keystone cops.

In a related story, apparently, students at the Hebron elementary school were sent home a link that was supposed to go to a farm they were going to visit on a field trip, but, as things sometimes go on the Internet, it didn’t turn out that way. Instead, up popped a porn site that had bought the domain name after it was accidentally allowed to expire.

Vasquez said that instead of seeing images of the farm, her daughter found graphic sexual images on the site.

Vasquez said she informed the school, which then sent out letters to the students’ parents, trying to explain what had happened.

Superintendent Ellie Cruz said that the school checked the site a few weeks ago and it was fine, but the farm did not renew its Web site address, and a pornographic company bought it. Source: Students Sent Home With X-Rated Web Link

Wonder who is going to jail for this flub up?

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 5, 2007 at 1:44 pm

Categories: Computer Forensics   Tags: , ,

Julie Amero Gets More Time

More time to work on her case that is. The sentencing, which was originally scheduled for last Friday, has been postponed until March 29th, 2007. Her defense attorney requested the postponement so he could have more time to help familiarize another attorney and a consultant with the case.

In his letter to the court, Cocheo said attorney William Dow has become involved in the case, along with sentencing consultant Clinton Roberts. Cocheo could not be reached for comment Monday. Source: Amero sentencing postponed

If you haven’t been following the case, Julie Amero was accused of visiting porn websites in front of her class as a substitute teacher at Kelly Middle School and is facing 40 YEARS in prison for it, yes, 40 years. But the case has taken a turn and is now focused on the the fact that she didn’t turn the computer off, even though she was told not to, or did not do more to prevent them from seeing it. So, she is actually facing 40 years in prison because the school system did not have filters in place to block porn websites, was using outdated, less secure equipment and provided no training in what to do in such circumstances, and she was not allowed to properly defend herself.

Assistant State’s Attorney David Smith, who prosecuted the case, has said Amero did not do enough –such as shutting of the computer — to protect the children from exposure to the pornography.

If that is what she is guilty of, then she certainly does not need to be facing 40 years in prison. The case started out accusing her of visiting the porn sites, they said, “It is the state’s contention that she purposefully went to these websites”, how can this change? With all of the great computer people, like Alex Eckelberry, who are helping with the case now, hopefully they can spin this back around and point it right back at the school system and the local legal system, who should be held responsible for this.

The PaperGhost has quite a few posts on the Julie Amero case, and has been very vocal on the Norwhich Bulletin website, where they have repeatedly slanted their stories against her, and, after being pressured, have deleted blog posts and comments on their site. Check out his website for more, like this post Julie Amero Court Transcripts Online: AKA, Ragearama 2007.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 7, 2007 at 4:31 am

Categories: Computer Forensics   Tags: ,

USAToday Gives Norwhich a Failing Grade

Nice write-up in the USAToday about the Julie Amero case, if that’s what you want to call it, it is more like one of those old fashioned railroad jobs, where they decided she was guilty and that’s what happened.

Imagine you know next to nothing about computers. You’re a substitute teacher for a seventh grade class. There’s a computer in the classroom and, knowing you’re going to be sitting there for a while, you ask a fulltime teacher if you can use it. He logs you in with his password and tells you not to shut it off because you couldn’t get back on.
Not that you have a clue about this stuff, but that computer is running Windows 98 and the outdated Internet Explorer 6.02. Its filtering and anti-virus software have expired, and it has no anti-spyware software.

You step out of the classroom for a moment. When you get back the kids are clustered around the computer, checking out hairstyle websites. But one is actually a link to porn sites, and it loads a Trojan onto the unprotected computer.

Suddenly, pop-ups start appearing, X-rated popups. Source: Police, school get failing grade in sad case of Julie Amero

The writer did misspell her name in the title, he must be like me, I never remember to spell check the title either. He really sums it up when he says, “Thus according to that jury, “not having the sense to turn off a computer” is a multi-count felony punishable by 40 years in prison. Wow.” I wish Alex Eckelberry and everyone working on the computer forensics of this case good luck and hope they can find all of the proper evidence to help show she’s inoocent. If there is anything I can do to help, please let me know.

Her husband has started a blog where you can donate to help pay for her case, Julie Amero. From the blog,

George Orwell was a little off, but not by much. Technology has engulfed the average American at an alarming rate. To think that it is possible for the average layperson to understand all the ins and outs of how a computer works is just not reasonable. What’s worse, our employer’s don’t know any more than we do, and they rely on us to identify problems when they happen. If you are lucky, your employer will know what to do when a crisis happens with your system. If not you?ll end up like Julie arrested, ridiculed, demeaned and left with useless teacher’s degree in special education.

The illicit pornography industry is a business with estimated profits in excess of $2 billion annually. That?s a lot of reasons to attract rogue scriptwriters to circumvent any patch that Microsoft can come up with. Make no mistake, these programmers do not care about you or anyone else for that matter. Regardless of where these rogue programmers are located, they operate under the radar of social conscience and in my opinion are or should be considered terrorists or criminals at the very least.

Julie is scheduled to be sentenced on Friday March 2nd, next week.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 24, 2007 at 7:02 am

Categories: Computer Forensics   Tags: , , ,

Free Steganography Software Tools

With my interest in Compute forensics, I can’t help but be interested in Steganography Software Tools, which allow you to hide things in files, such as hiding a zip file at the end of a gif file. The article even gives you some valid reasons to use such a tool, although, most likely, they won’t be one you actually use.

Remember those invisible ink kits from when you were a kid? You’d write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn’t know any better.

You don’t have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit

  • You suspect someone’s illegally distributing your copyrighted PDF’s or images, so you add hidden copyright information in them using stego tools to double-check.
  • You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
  • You want to embed secret files available only to a select few in a public forum.
  • You want to impress your friends and co-workers with your sneaky ways

Source: Hide Data in Files with Easy Steganography Tools

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 27, 2007 at 8:22 am

Categories: Computer Forensics, Software   Tags:

Next Page »