EnCase Portable enables anyone with basic computer skills to collect electronic evidence in the field
Sean Doherty
Law.com
December 03, 2009
Technology is supposed to make things simpler. But when computers become the targets of investigation or litigation, the increasing simplicity of computing is deceptive and requires a forensic expert to gather electronic evidence. Guidance Software aims to change that with EnCase Portable.
EnCase Portable is designed to allow anyone with basic computer skills to collect electronic evidence from x86 and x64 computers and maintain a proper chain of custody. Portable is packaged in a bootable, 4-gigabyte USB device with approximately 2 gigabytes of free storage space to collect evidence in Guidance Software’s Logical Evidence File, a bit-stream image with a checksum using MD5 cryptographic hash function. If an operator needs more space for evidence, the Portable product also includes a 16-gigabyte USB storage device. If even more space is needed, EnCase Portable supports any USB storage device with version 1.2.1.
The Portable product comes with default collection jobs to engage a number of set tasks to collect documents, e-mail, internet history, and files containing Social Security and credit card numbers. These jobs are accomplished by booting the target computer with the USB drive or, if you have an older computer or one that cannot boot from a USB device, a bootable CD-ROM. Portable also works on systems running a Windows OS to collect random access memory.
EnCase Portable also comes with an installation DVD for EnCase Source Processor release 6.14.1 and above. The Source Processor can create more customized jobs if the default jobs are not suitable for a specific collection. These jobs are storedon dedicated USB devices. Once the devices are returned, the Source Processor is used to analyze and report on the collected LEF containers. Since I did not have the Source Processor installed, this review is limited to the default set of collection jobs used in the field.
All of the Portable jobs delivered on the USB ran successfully on my home office computers. In fact, the Portable "Corporate PII Audit" job was so successful in finding files that I seeded with credit card numbers and Social Security numbers, along with temporary files, that I have sworn to do online banking and credit card management from a computer that never physically leaves the home office. Other Portable jobs collected documents and internet history (for Internet Explorer versions 7 and 8 and Mozilla Firefox versions 2 and 3) as well as e-mail and picture files. The Portable product was also able to copy an image of a 60-gigabyte drive in a Dell Inspiron I6400 laptop computer as well as take a snapshot of its 1 gigabyte of physical memory.
I delivered the initial results of my investigation to a Guidance Software engineer for review and analysis. Later, I used GetData Software Mount Image Pro v3 to review test results in my home office.
DATA ACQUISITION TO GO
I booted a Lenovo ThinkPad X24 (Intel Pentium III processor, 1133 MHz, 640 MB RAM) with the Portable CD-Rom and booted a Lenovo ThinkPad T43 (Intel Pentium M processor, 1.86 GHz, 1024 MB RAM) and Dell Inspiron I6400 (Intel T2300, 1.66 GHz, 1024 MB RAM) with the USB device. For each computer, Microsoft Windows PE loaded and detected hardware, built a list of all drives, allowed only Encase Portable drives to run, and created a page file. The boot process also checked for a HASP licensing dongle.
I’m not a big fan of licensing dongles, ever since they required me to plug them into the only parallel port of a PS/2. At least today's computers have more than one available USB port. But even if they didn't, Guidance Software packs a 4-port USB hub with the Portable product.
The licensing dongle contains Aladdin Hasp License Manager (Hasplms.exe) that requires approximately 14 MB of memory to run. But don’t worry about the memory use of the license manager, or any Portable application for that matter. The system under examination will not be doing anything other than getting examined. And you will not need an internet connection to do the collection. The Hasp drivers are included on the USB device.
After the OS loads, EnCase Portable runs with Oracle Outside In to view documents in their native format. The application then presented me with the default jobs that were preloaded on the USB device. See Figure 1.
Figure 1: Click image to enlarge.
I started to collect document files first. Portable searched for files on the laptops that matched the format for MS Office, Open Office, Star Office, PDF and other document formats such as RTF and TXT. When these documents were found, they were collected into an LEF and placed in the \Encase Portable Evidence\Source Processor\FileEvidence folder on the USB drive. On the X24, this job took approximately 38 minutes to complete.
The time it takes to complete any job will depend on the computer hardware (processor speed and physical memory, or RAM) under examination and the number of documents or other items on disk that match the search criteria coded on the default jobs. The amount of physical RAM on the computer under investigation will dictate the size of the page file that EnCase uses to operate, and thus determine how fast the product can write output to a USB device. And remember that, without contention, USB 2.0 transfers data at 480 megabytes per second; 12 megabytes per second for USB 1.1. So don’t keep the car running while waiting for your assistant to collect evidence with Portable.
After I collected documents, I opted to gather internet history information that included cookies, bookmarks, downloads and cached data. Portable collected the internet history for both IE and Firefox. The "Create Internet Artifacts Report" job searched for internet Universal Resource Locator strings contained in data files on all test computers and provided a report of all the internet sites that I traversed before last clearing my history. This report was very, very enlightening, to say the least.
I thought about skipping the collection of e-mail files since I used Outlook In Exchange Server mode and did not keep any local e-mail files. But on a whim, I went ahead. EnCase found a number of e-mail messages from a previous instance of a POP3 mailer. For e-mail collection, Portable supports MS Exchange, MS Outlook, Lotus Notes/Domino and several other mail formats. When these files are found they are acquired and stored in a LEF on the USB. In the same manner, Portable collected picture files by searching for JPG, GIF, IMG, BMP and other picture formats.
When I went to create a copy of RAM, I looked at my server-class machines; however, they both contained 64-bit processors. Encase Portable does not yet have the 64-bit drivers to collect RAM on x64 systems. So I turned my attention to the Dell Inspiron and inserted the Portable USB device and the HASP Licensing Manager into its running copy of Windows XP. After I ran EnCase Portable, the application loaded the Hasp drivers and presented me with a list of jobs to run. I chose to "Create Copy of Drive or Memory"; then EnCase presented me with a list of available drives, one of which was my RAM drive. See Figure 2, below.
Figure 2: Click image to enlarge.
In one click, Portable saved a copy of RAM to an external USB drive that I prepared in advance using Guidance Software’s script "Prepare Portable.vbs." The Visual Basic script creates a directory structure on the target drive similar to the directory structure on the thumb drive: \EnCase Portable Evidence\Source Processor\*. Note that you can simply create the directory structure by yourself as well, but make sure the drive or directory is not write-protected.
Next, I tried collecting the contents of a hard disk. That’s no small matter over a USB connection for any size drive. So I shied away from the 250-gigabyte drives on my servers and turned my attention to the Dell Inspiron I6400 with a 60-gigabyte hard disk (Seagate ST96812A) partitioned into two drives.
I booted the Inspiron with the USB device and Portable gave me options to copy an image of the whole disk or one or both of the partitions. I chose one of the partitions. Toward the end of the collection, Portable alerted me to the fact that my destination disk was too small and prompted me to "Pick another path?" Then I plugged in a 16-gigabyte thumb drive and, without creating the normal directories, Portable started copying the final files of evidence to the root directory of the added drive.
Encase Portable supports decrypting data that was encrypted using PGP Whole Disk Encryption, WinMagic SecureDoc Full-Disk Encryption, McAfee SafeBoot, Ultimaco SafeGuard and PC Guardian Encryption Plus. When Portable encounters an encrypted drive, a dialog box opens to provide decryption options. If the encryption scheme is not supported, you can still take an image of the drive as encrypted for further investigation. Portable also supports the collection of Windows event logs, UNIX wtmp and utmp files that record login information, and Linux system logs.
CONCLUSION
EnCase Portable lets anyone with minimal technical knowledge collect electronic evidence, with a chain of custody, from computers in the field. This will free up time for computer forensic experts and allow them to focus their attention on analysis and reporting, rather than initial collection.
Product: EnCase Portable
Manufacturer: Guidance Software
Licensing: If law enforcement, then $898.50 per license key; otherwise, $999 per license key.
Equipment used in this review:
Hewlett-Packard ML 350 G6
Lenovo Thinkpad T43, X24
Dell Inspiron I6400
Microsoft Windows 2003 R2, XP
GetData Software Mount Image Pro v3
Friday, December 25, 2009
How Computer Forensics Can Help Prove Your Divorce Case
The obvious signs that your spouse could be up to something from spending a lot of time "at work" or perhaps more time than normal 'route with friends. The more subtle indicators that you are being lied to, conveniently, in your view, especially when you're not familiar with computers, hidden e-mail or the Internet.
In situations like these, a computer forensics investigator can help you determine exactly what is going on. Computer forensics investigators canDetermination of the truth through the examination of the computer's hard drive and see how Web sites, e-mails, chat logs and other pieces of useful information available to help you. Once the information is collected, and you have time to get the data needed, will you the evidence you have to either believe that your relationship is still solid and there be no lies and deceit. Or that there are now, and you need to consider your options and possibly for a fileDivorce.
The types of information that can be collected by a computer forensics investigator, include:
To identify e-mail plain text and image documents, calendar database files spreadsheet faxes digital audio files animation websites computer forensic investigators use specialized software and re-formatted, corrupted, deleted or hidden files from computers or other electronic media, while important data trails, time and date stamp and the precise chain ofCustody & controls. You also get access to protected or encrypted data using special software. You will be able to untangle the web of data and to analyze e-mails, the Internet searches, file transfers, online account transactions and everything that uses a computer to do over the Internet.
If you are in a situation where you feel that your partner or spouse is lying and cheating, then it is up to you to take action. A computer forensics investigation can help you takethese steps to collect the evidence you may need to protect yourself and your family.
In situations like these, a computer forensics investigator can help you determine exactly what is going on. Computer forensics investigators canDetermination of the truth through the examination of the computer's hard drive and see how Web sites, e-mails, chat logs and other pieces of useful information available to help you. Once the information is collected, and you have time to get the data needed, will you the evidence you have to either believe that your relationship is still solid and there be no lies and deceit. Or that there are now, and you need to consider your options and possibly for a fileDivorce.
The types of information that can be collected by a computer forensics investigator, include:
To identify e-mail plain text and image documents, calendar database files spreadsheet faxes digital audio files animation websites computer forensic investigators use specialized software and re-formatted, corrupted, deleted or hidden files from computers or other electronic media, while important data trails, time and date stamp and the precise chain ofCustody & controls. You also get access to protected or encrypted data using special software. You will be able to untangle the web of data and to analyze e-mails, the Internet searches, file transfers, online account transactions and everything that uses a computer to do over the Internet.
If you are in a situation where you feel that your partner or spouse is lying and cheating, then it is up to you to take action. A computer forensics investigation can help you takethese steps to collect the evidence you may need to protect yourself and your family.
Thursday, December 10, 2009
Cheaters Can't Hide From A Computer Forensic Examination
Copyright (c) 2009 Ed Opperman
Extramarital activity is an unfortunate reality these days; nobody is immune to the devastation caused by a cheating partner. While there are a large number of marriages and partnerships with wholly committed individuals, for every truly committed relationship there are several where at least one partner is, in some way, sneaking around on the other. Today’s technologies have created a bubble of sorts, allowing cheaters to carry on with their extramarital activities with what they think is complete privacy. However, what most cheaters do not know is that, even though they may think that their ways are well hidden, there are ways to uncover what it is that they’ve been up to.
A computer forensic examination can help you recover previously deleted data from a computer’s hard drive. This ‘deleted data’ can include everything that has ever been stored on the computer—images, videos, visited websites, emails, installed applications, and more. In some cases, a computer forensic expert may be able to piece together several years’ worth of data that was supposedly deleted a long time ago. The main tools that cheaters use to hide their illicit activities allows them to clear their web browsing history, cookies, remove items from their recycle bin, and remove form data. Now, if you’re not a computer expert, deleted files and histories might as well as be gone forever, you’re not likely going to be able to recover them yourself. However, just because a file was deleted from a computer does not mean that it is gone forever.
When a file, a history item, an email, or anything else, is added to a computer hard drive, that data is there permanently until it is overwritten by new data. It may take weeks, months, or years for data to become ‘unrecoverable’, and this is how cheaters can be caught by computer forensic examination services. If your spouse or partner is using their computer to cheat on you, the technology is here that will help you to recover files that have been deleted from their computers.
Cheaters can continue to clean their web browsing history, deleting their emails, removing incriminating photos and videos. Fortunately, many cheaters and would-be cheaters think that this is enough for them to cover their tracks and to hide their illicit ways from you. While thinking that your spouse is cheating on you is hardly a positive situation, at least you have a way to catch them where they least expect it. Cheaters can cheat, but they can’t hide from a computer forensic examination.
Ed Opperman invites you to visit his cyber investigation website for all of your search needs. He offers employment locate, internet infidelity investigations, email tracing, telephone investigations, and much more. To learn more about how to recover deleted pics and other useful information please click here now:===> http://www.emailrevealer.com
Extramarital activity is an unfortunate reality these days; nobody is immune to the devastation caused by a cheating partner. While there are a large number of marriages and partnerships with wholly committed individuals, for every truly committed relationship there are several where at least one partner is, in some way, sneaking around on the other. Today’s technologies have created a bubble of sorts, allowing cheaters to carry on with their extramarital activities with what they think is complete privacy. However, what most cheaters do not know is that, even though they may think that their ways are well hidden, there are ways to uncover what it is that they’ve been up to.
A computer forensic examination can help you recover previously deleted data from a computer’s hard drive. This ‘deleted data’ can include everything that has ever been stored on the computer—images, videos, visited websites, emails, installed applications, and more. In some cases, a computer forensic expert may be able to piece together several years’ worth of data that was supposedly deleted a long time ago. The main tools that cheaters use to hide their illicit activities allows them to clear their web browsing history, cookies, remove items from their recycle bin, and remove form data. Now, if you’re not a computer expert, deleted files and histories might as well as be gone forever, you’re not likely going to be able to recover them yourself. However, just because a file was deleted from a computer does not mean that it is gone forever.
When a file, a history item, an email, or anything else, is added to a computer hard drive, that data is there permanently until it is overwritten by new data. It may take weeks, months, or years for data to become ‘unrecoverable’, and this is how cheaters can be caught by computer forensic examination services. If your spouse or partner is using their computer to cheat on you, the technology is here that will help you to recover files that have been deleted from their computers.
Cheaters can continue to clean their web browsing history, deleting their emails, removing incriminating photos and videos. Fortunately, many cheaters and would-be cheaters think that this is enough for them to cover their tracks and to hide their illicit ways from you. While thinking that your spouse is cheating on you is hardly a positive situation, at least you have a way to catch them where they least expect it. Cheaters can cheat, but they can’t hide from a computer forensic examination.
Ed Opperman invites you to visit his cyber investigation website for all of your search needs. He offers employment locate, internet infidelity investigations, email tracing, telephone investigations, and much more. To learn more about how to recover deleted pics and other useful information please click here now:===> http://www.emailrevealer.com
Tuesday, November 17, 2009
Hackers Target PCs to Store Child Porn
By WISDOM MARTIN/myfoxdc
WASHINGTON, D.C. - It's the latest threat to your PC. Normally credit cards and your identity are at risk, but now your reputation could be on the line.
"The reason people put viruses on computers is either to steal stuff from you or make your computer do things," said Marc Zwillinger, an attorney with Sonnenschein, Nath, and Rosenthal, a firm that defends companies who have been hacked.
Under this new threat, hackers have gotten into PCs storing child porn images. Since it's your IP address, you could end up in trouble-- not the hacker.
"The key is the bad guy has to get you to click on something in order to download malware, or malicious software, to your computer," said Zwillinger.
Zwillinger spent three years as a prosecutor with the U.S. Department of Justice, prosecuting internet and computer crimes.
"The way they do it is to get you to click on a link. That forces you to get a Trojan, or virus. Then the virus runs when you're not paying attention. and downloads things to your computer you don't want there," Zwilinger says.
And just like that, you're exposed.
"If you click on e-mails you don't recognize and links and you don't know where they go, and it seems like nothing happens. It could be you have clicked on a link that runs a program on your computer,"
Zwillinger says you won't know until it's too late. The only way to prove your innocence is through a computer forensics examination.
"For example, a forensic exam can tell whether a computer was visiting 40 web sites a second-- something a human can't do. What time in the day they are visiting the sites. It it's the same sites over and over again," he said.
The only way to protect your computer from this type of threat is to use anti- virus programs.
WASHINGTON, D.C. - It's the latest threat to your PC. Normally credit cards and your identity are at risk, but now your reputation could be on the line.
"The reason people put viruses on computers is either to steal stuff from you or make your computer do things," said Marc Zwillinger, an attorney with Sonnenschein, Nath, and Rosenthal, a firm that defends companies who have been hacked.
Under this new threat, hackers have gotten into PCs storing child porn images. Since it's your IP address, you could end up in trouble-- not the hacker.
"The key is the bad guy has to get you to click on something in order to download malware, or malicious software, to your computer," said Zwillinger.
Zwillinger spent three years as a prosecutor with the U.S. Department of Justice, prosecuting internet and computer crimes.
"The way they do it is to get you to click on a link. That forces you to get a Trojan, or virus. Then the virus runs when you're not paying attention. and downloads things to your computer you don't want there," Zwilinger says.
And just like that, you're exposed.
"If you click on e-mails you don't recognize and links and you don't know where they go, and it seems like nothing happens. It could be you have clicked on a link that runs a program on your computer,"
Zwillinger says you won't know until it's too late. The only way to prove your innocence is through a computer forensics examination.
"For example, a forensic exam can tell whether a computer was visiting 40 web sites a second-- something a human can't do. What time in the day they are visiting the sites. It it's the same sites over and over again," he said.
The only way to protect your computer from this type of threat is to use anti- virus programs.
No jail for man caught with 'disturbing' images of toddlers
A man who was caught with more than 15,000 images of child pornography was given a four-year suspended jail sentence today.
A sample of extreme images of child pornography left a Judge Patrick J. Moran with a feeling “approaching horror”.
David Ivers (aged 54) of Rathcoursey, Midleton, Co Cork, who was chief technician in the architects department of Cork City Council, had been living with his elderly mother and he ended up spending a lot of time on the internet.
Detective Sergeant Joe O’Connor who investigated the case said Ivers resorted to downloading this material on the internet out of boredom.
He was linked to this crime through the phone number by which his computer was linked to the internet.
The number surfaced during an investigation of child pornography in Germany and the number was passed on to An Garda Siochána for further investigation.
When Det. Sgt. O’Connor called to the house, the defendant said: “I was expecting you at some stage.”
He co-operated fully with the investigation and pleaded guilty to the crime at Cork Circuit Criminal Court.
The description given in court of the child pornography was “disturbing”. Detective Garda Martin Hogan, who has being involved in the forensic examination of computers in 200 cases of this nature, said the content of the images and video files were some of the worst he had ever seen.
“Some of the children were less than one-year of age. Other images showed children aged between one and six being subjected to horrendous physical abuse and subjected to oral sex,” Det. Garda Hogan said.
Defence barrister, Donal O’Sullivan, said Ivers had gone to the Grenada Institute in Dublin once a week for 18 months for counselling and treatment which had given him an insight into his behaviour.
A sample of extreme images of child pornography left a Judge Patrick J. Moran with a feeling “approaching horror”.
David Ivers (aged 54) of Rathcoursey, Midleton, Co Cork, who was chief technician in the architects department of Cork City Council, had been living with his elderly mother and he ended up spending a lot of time on the internet.
Detective Sergeant Joe O’Connor who investigated the case said Ivers resorted to downloading this material on the internet out of boredom.
He was linked to this crime through the phone number by which his computer was linked to the internet.
The number surfaced during an investigation of child pornography in Germany and the number was passed on to An Garda Siochána for further investigation.
When Det. Sgt. O’Connor called to the house, the defendant said: “I was expecting you at some stage.”
He co-operated fully with the investigation and pleaded guilty to the crime at Cork Circuit Criminal Court.
The description given in court of the child pornography was “disturbing”. Detective Garda Martin Hogan, who has being involved in the forensic examination of computers in 200 cases of this nature, said the content of the images and video files were some of the worst he had ever seen.
“Some of the children were less than one-year of age. Other images showed children aged between one and six being subjected to horrendous physical abuse and subjected to oral sex,” Det. Garda Hogan said.
Defence barrister, Donal O’Sullivan, said Ivers had gone to the Grenada Institute in Dublin once a week for 18 months for counselling and treatment which had given him an insight into his behaviour.
Child pornography fight gets new weapons
By Robert Travis Scott, The Times-Picayune
November 15, 2009, 6:15AM
Trapped in a nightmare of unrelenting sexual molestation and torment by her stepfather, a 12-year old central Louisiana girl tried to console herself by writing about her distress in a spiral-notebook diary.
"If you are reading this help me I really need your help," she wrote last year in a desperate three-page entry. "I am really scared with fear in my body. ... I try to pray about it but it never goes away."
The girl's ordeal finally ended when State Police, using new computer software, discovered the stepfather's criminal practice of trading sexually explicit images of children through the Internet. After officers arrested the stepfather in connection with the material found on his computer, they found the girl and her notebook, leading to additional charges and a conviction for child molestation.
The case is one of an increasing number of arrests in Louisiana and nationwide resulting from breakthroughs in software that can monitor the digital-age trafficking of images depicting child sexual exploitation and rape.
Although the story demonstrates the software's great potential and the very real possibility of rescuing abuse victims, the frustrating truth is that the technology finds many more criminal targets than law enforcement officials can afford to arrest and prosecute.
"We have the key, but we are barely using it," said Heather Steele, president of the Innocent Justice Foundation, a nonprofit group fighting child pornography.
Centered in cyber-forensics labs at the offices of the Louisiana attorney general and State Police, special investigative units can detect computers throughout Louisiana that are exchanging sexually explicit images of children online. During a recent typical month, the systems identified more than 5,600 such Internet computer addresses in the state.
Investigators say they lack the staff and resources to conduct the forensic analysis and prosecution of more than a fraction of those perpetrators. They are doubly frustrated because a substantial number of those who collect sexually explicit images of children also pose a threat as child molesters.
"I think we're all discovering that, when we're working on these child porn investigations, we not only are finding the illegal images, but we're finding perpetrators who are actually molesting children," said Toby Aguillard, a detective with the Tangipahoa Sheriff's office who formerly headed Louisiana's task force on crimes against children. "It's a tool that we never had before."
Cases exploding
The 176 arrests for Internet crimes against children reported by state and local agencies in the most recent fiscal year represented a 180 percent increase from the previous year. Nationwide arrests last year in cases related to sexually explicit images of children rose 27 percent and were nearly double the number in 2005, according to the U.S. Department of Justice.
Although many of the images originate in foreign countries, such as Russia and Thailand, the main producers are in North America, where people have easy access to the key components of sexually explicit filming and distribution: cameras, video equipment, computers, software and broadband Internet services.
More than 90 percent of sexually explicit material of children is produced in settings in which a single person -- usually a man with a video camera in his home -- is recording the images of nudity and sexual abuse of the child, Steele said.
While the public's attention is drawn to high-profile stories such as the captivity ordeal of Jaycee Lee Dugard in California, the more prevalent reality is that a widespread outbreak of child exploitation crimes is taking place daily in homes rich and poor across the country.
"The problem has absolutely exploded with the advent of the Internet," said Ernie Allen, president of the National Center for Missing and Exploited Children. "These offenders do not match society's stereotypes. They're doctors and lawyers and teachers ... every walk of life."
The problem is widespread in Louisiana, too.
"It's not just in big city New Orleans," said Chad Gremillion, the top child exploitation detective for the State Police. "It's in small towns. It's in every single town in Louisiana, every single parish in Louisiana, every community."
Possession of child pornography is a state and federal felony offense with a five-year minimum prison sentence, and these targeted computer users are breaking additional laws by linking up in shadowy cyber networks to buy, sell and share the material online.
State Police officers point out that every picture exploits a child, every video shows a crime scene. The damage to the victim is repeated as the videos circulate on the Internet, where they may never be fully extinguished. And the images are far more insidious than the general public assumes, they say.
According to a congressionally financed Internet sex crimes study in 2003 by the National Center for Missing & Exploited Children, 99 percent of collections of sexually graphic material involving children seized by police contain pictures that go beyond nudity; 80 percent have images of child rape and 21 percent include images of child torture. More than half the images are produced in the United States, also the largest consumer market for the sordid products.
Since that study, the situation has grown worse, law enforcement agents say. With alarming frequency, the victims in the pictures are babies, toddlers and grade-school kids.
Many of these children are being abused violently in images depicting bondage, sadism, torture, rape, bestiality and sexual humiliation, Allen testified in a recent judicial sentencing commission hearing. Offenders tell investigators that the growing demand for very young children is because they cannot yet talk.
Sources on the Internet even offer step-by-step training guides of how to rape a child while leaving minimal evidence.
"That's how twisted these people are, that they are making tutorials of how to molest your child," Gremillion said.
Connection with child abuse seen
There's definitely a connection between sexually explicit images of children and child sexual abuse, said David Wolff, an assistant district attorney in Jefferson Parish who formerly was chief of the parish's family violence prosecution unit.
Every arrest of a child pornography trader holds the possibility of uncovering a crime of molestation and saving a child victim, like the central Louisiana girl who cried alone with her diary.
State and federal authorities say about a third or more of child pornography arrests lead to evidence of child sexual abuse, although the actual number of abusers could be higher because many children and adult relatives keep their dreadful secrets to themselves.
Current laws and new technologies provide a well-lighted pathway to reach those silent sufferers by cracking down on sexually explicit images of children, but law enforcement agencies' limited resources are overwhelmed by the avalanche of this specialized criminal activity.
"We're way outnumbered," said Mike Johnson, deputy director of the High Technology Crime Unit for the Louisiana Department of Justice. "I have over 5,600 cases I could open, but I just don't have the manpower."
The process of finding the owner of the computer, compiling enough information to get a search warrant, making the arrest, analyzing the computer data and preparing the case for prosecution can be intense.
"As it stands now, we have four investigators and 10 forensic examiners," said the Crime Unit's lab supervisor, Corey Bourgeois. "Four investigators can't do 5,600 subpoenas."
Initial interviews of the suspects during the raids might last a few minutes to a few hours, during which extraordinary confessions have been made, state agents say.
In one such interview, Gremillion said a 30-year-old man confessed to a pattern of acquiring videos of escalating cruelty, and that he had been driving around his town thinking about kidnapping, raping and killing a child.
Gremillion and other state agents said they had interviewed suspects who had thanked officers for arresting them because they were losing self-control and feared they might molest a child.
An arrest on pornography charges might trigger a relative, partner or neighbor of the suspect to report a molestation.
"Sometimes it just knocks down a wall so these people can come forward," Johnson said.
In the case of the girl with the diary, agents found her notebook. One of her entries was titled "Every Night" and included a description of how her stepfather would routinely fondle or rape her, or masturbate while staring at her in bed.
She described her options: tell her mom; run away; tell police; try to fight him. Each alternative carried risks or consequences that overwhelmed her, and so she kept her terrible secret to herself.
"I don't want to stay I want to go I want to go far, far, far, far, far, far, far, far, far, far away from him," she wrote.
Children feel trapped
That feeling of being trapped is common among abused children, those who assist victims say. Shame, fear, isolation and mistrust are the main reasons few children speak up about their abuse, a factor that can complicate an investigation.
Once the evidence is gathered from the home, the computer is brought to a forensics lab, where analysts must pick through the images looking for evidence of child pornography, determine times of file transfers and verify whether the pictures are of underage children. They also determine whether the collector has any homemade material involcing children.
The work takes a psychological toll on the investigators. They receive individual and group counseling through their agencies to deal with the mental and emotional impact of viewing the videos, which often include sounds of children crying out in pain and protest.
"I hear screaming in my dreams," one state investigator said.
November 15, 2009, 6:15AM
Trapped in a nightmare of unrelenting sexual molestation and torment by her stepfather, a 12-year old central Louisiana girl tried to console herself by writing about her distress in a spiral-notebook diary.
"If you are reading this help me I really need your help," she wrote last year in a desperate three-page entry. "I am really scared with fear in my body. ... I try to pray about it but it never goes away."
The girl's ordeal finally ended when State Police, using new computer software, discovered the stepfather's criminal practice of trading sexually explicit images of children through the Internet. After officers arrested the stepfather in connection with the material found on his computer, they found the girl and her notebook, leading to additional charges and a conviction for child molestation.
The case is one of an increasing number of arrests in Louisiana and nationwide resulting from breakthroughs in software that can monitor the digital-age trafficking of images depicting child sexual exploitation and rape.
Although the story demonstrates the software's great potential and the very real possibility of rescuing abuse victims, the frustrating truth is that the technology finds many more criminal targets than law enforcement officials can afford to arrest and prosecute.
"We have the key, but we are barely using it," said Heather Steele, president of the Innocent Justice Foundation, a nonprofit group fighting child pornography.
Centered in cyber-forensics labs at the offices of the Louisiana attorney general and State Police, special investigative units can detect computers throughout Louisiana that are exchanging sexually explicit images of children online. During a recent typical month, the systems identified more than 5,600 such Internet computer addresses in the state.
Investigators say they lack the staff and resources to conduct the forensic analysis and prosecution of more than a fraction of those perpetrators. They are doubly frustrated because a substantial number of those who collect sexually explicit images of children also pose a threat as child molesters.
"I think we're all discovering that, when we're working on these child porn investigations, we not only are finding the illegal images, but we're finding perpetrators who are actually molesting children," said Toby Aguillard, a detective with the Tangipahoa Sheriff's office who formerly headed Louisiana's task force on crimes against children. "It's a tool that we never had before."
Cases exploding
The 176 arrests for Internet crimes against children reported by state and local agencies in the most recent fiscal year represented a 180 percent increase from the previous year. Nationwide arrests last year in cases related to sexually explicit images of children rose 27 percent and were nearly double the number in 2005, according to the U.S. Department of Justice.
Although many of the images originate in foreign countries, such as Russia and Thailand, the main producers are in North America, where people have easy access to the key components of sexually explicit filming and distribution: cameras, video equipment, computers, software and broadband Internet services.
More than 90 percent of sexually explicit material of children is produced in settings in which a single person -- usually a man with a video camera in his home -- is recording the images of nudity and sexual abuse of the child, Steele said.
While the public's attention is drawn to high-profile stories such as the captivity ordeal of Jaycee Lee Dugard in California, the more prevalent reality is that a widespread outbreak of child exploitation crimes is taking place daily in homes rich and poor across the country.
"The problem has absolutely exploded with the advent of the Internet," said Ernie Allen, president of the National Center for Missing and Exploited Children. "These offenders do not match society's stereotypes. They're doctors and lawyers and teachers ... every walk of life."
The problem is widespread in Louisiana, too.
"It's not just in big city New Orleans," said Chad Gremillion, the top child exploitation detective for the State Police. "It's in small towns. It's in every single town in Louisiana, every single parish in Louisiana, every community."
Possession of child pornography is a state and federal felony offense with a five-year minimum prison sentence, and these targeted computer users are breaking additional laws by linking up in shadowy cyber networks to buy, sell and share the material online.
State Police officers point out that every picture exploits a child, every video shows a crime scene. The damage to the victim is repeated as the videos circulate on the Internet, where they may never be fully extinguished. And the images are far more insidious than the general public assumes, they say.
According to a congressionally financed Internet sex crimes study in 2003 by the National Center for Missing & Exploited Children, 99 percent of collections of sexually graphic material involving children seized by police contain pictures that go beyond nudity; 80 percent have images of child rape and 21 percent include images of child torture. More than half the images are produced in the United States, also the largest consumer market for the sordid products.
Since that study, the situation has grown worse, law enforcement agents say. With alarming frequency, the victims in the pictures are babies, toddlers and grade-school kids.
Many of these children are being abused violently in images depicting bondage, sadism, torture, rape, bestiality and sexual humiliation, Allen testified in a recent judicial sentencing commission hearing. Offenders tell investigators that the growing demand for very young children is because they cannot yet talk.
Sources on the Internet even offer step-by-step training guides of how to rape a child while leaving minimal evidence.
"That's how twisted these people are, that they are making tutorials of how to molest your child," Gremillion said.
Connection with child abuse seen
There's definitely a connection between sexually explicit images of children and child sexual abuse, said David Wolff, an assistant district attorney in Jefferson Parish who formerly was chief of the parish's family violence prosecution unit.
Every arrest of a child pornography trader holds the possibility of uncovering a crime of molestation and saving a child victim, like the central Louisiana girl who cried alone with her diary.
State and federal authorities say about a third or more of child pornography arrests lead to evidence of child sexual abuse, although the actual number of abusers could be higher because many children and adult relatives keep their dreadful secrets to themselves.
Current laws and new technologies provide a well-lighted pathway to reach those silent sufferers by cracking down on sexually explicit images of children, but law enforcement agencies' limited resources are overwhelmed by the avalanche of this specialized criminal activity.
"We're way outnumbered," said Mike Johnson, deputy director of the High Technology Crime Unit for the Louisiana Department of Justice. "I have over 5,600 cases I could open, but I just don't have the manpower."
The process of finding the owner of the computer, compiling enough information to get a search warrant, making the arrest, analyzing the computer data and preparing the case for prosecution can be intense.
"As it stands now, we have four investigators and 10 forensic examiners," said the Crime Unit's lab supervisor, Corey Bourgeois. "Four investigators can't do 5,600 subpoenas."
Initial interviews of the suspects during the raids might last a few minutes to a few hours, during which extraordinary confessions have been made, state agents say.
In one such interview, Gremillion said a 30-year-old man confessed to a pattern of acquiring videos of escalating cruelty, and that he had been driving around his town thinking about kidnapping, raping and killing a child.
Gremillion and other state agents said they had interviewed suspects who had thanked officers for arresting them because they were losing self-control and feared they might molest a child.
An arrest on pornography charges might trigger a relative, partner or neighbor of the suspect to report a molestation.
"Sometimes it just knocks down a wall so these people can come forward," Johnson said.
In the case of the girl with the diary, agents found her notebook. One of her entries was titled "Every Night" and included a description of how her stepfather would routinely fondle or rape her, or masturbate while staring at her in bed.
She described her options: tell her mom; run away; tell police; try to fight him. Each alternative carried risks or consequences that overwhelmed her, and so she kept her terrible secret to herself.
"I don't want to stay I want to go I want to go far, far, far, far, far, far, far, far, far, far away from him," she wrote.
Children feel trapped
That feeling of being trapped is common among abused children, those who assist victims say. Shame, fear, isolation and mistrust are the main reasons few children speak up about their abuse, a factor that can complicate an investigation.
Once the evidence is gathered from the home, the computer is brought to a forensics lab, where analysts must pick through the images looking for evidence of child pornography, determine times of file transfers and verify whether the pictures are of underage children. They also determine whether the collector has any homemade material involcing children.
The work takes a psychological toll on the investigators. They receive individual and group counseling through their agencies to deal with the mental and emotional impact of viewing the videos, which often include sounds of children crying out in pain and protest.
"I hear screaming in my dreams," one state investigator said.
Saturday, November 7, 2009
Computer Forensic Examination News
Welcome to our blog. We will report news articls on Computer Forensic Examinations.
Ed OIppermam
Opperman Investigations Inc
www.Emailrevealer.com
Ed OIppermam
Opperman Investigations Inc
www.Emailrevealer.com
Subscribe to:
Posts (Atom)
