Share
‘Deleted'...”

By Augie Frost Modified: August 5, 2008 at 1:39 am •  Published: August 5, 2008
Advertisement

/> "If agents solve the case in two or three days without the computer, then fine,” Kennedy said. "But if they run out of leads, then we can break into the computer and at least get the address book and take a look at e-mails and Web history and see if there is something there that will provide a lead.”

How to hunt for clues on the computer
Investigators start by taking detailed photos of a computer and its components.

One thing they never do is turn a computer on, because even that action can write over a potentially incriminating file. Files are never really deleted unless they are written over by another file, which occurs randomly in a hard drive, Kennedy said.

Investigators make an exact copy of the hard drive to preserve the original as evidence. That copy is subjected to special software on high-speed computers that can find and extract files, Kennedy said.

From there, it is the job of the investigators to turn what they find into viable courtroom evidence, Holland said.

Aiding in corporate investigations
Computer forensics is not limited to law enforcement. The Center for Computer Forensics, based in Southfield, Mich., handles a lot of corporate investigations, such as allegations that an employee is stealing from or sabotaging a company, said Ives Potrafka, lead investigator for the company.

Much like police, the company investigator will preserve the data first and ask the employer to explain the problem. Then the investigator starts running key words on the computer to find incriminating active files or deleted files that are hidden away in the hard drive, Potrafka said.

"An employer might be able to find some evidence, but it is important to have a professional preserve the data,” he said. "An employer might destroy the evidence if not done right.”

Often cases involve allegations from employees about another or violations of company policies, such as romantic relationships, Potrafka said. Some workers get in trouble simply for stealing music and storing it on the company's computer.

The bottom line, Potrafka said, is if it was ever there, it is still there and they will find it.

NewsOK.com has disabled the comments for this article.

High-profile cases
Muskogee
Danny Brian Giacomo was sentenced to six years in prison after pleading guilty to 16 charges of lewd molestation, rape and sodomy. Giacomo, the band director at Hilldale High School, was convicted of having sex with two students, ages 14 and 15. OSBI investigators confiscated a work computer, a personal computer and other devices, on which they found evidence linking him to the crimes.

Oklahoma City
Paul O'Leary, former spokesman for the Emergency Medical Services Authority, was convicted of possessing child pornography in 2005. Investigators found hundreds of explicit images on his work computer and were able to track purchases of the images in two e-mail addresses he used.

Grove
Longtime police Capt. Danny O'Daniel pleaded guilty to possessing child pornography in 2004 after investigators found images on his computer. He was sentenced to six years in prison after being on the run for a year but died of cancer before serving his term.

Trending Now


AROUND THE WEB

  1. 1
    Tiger Woods hires a new swing coach
  2. 2
    Man convicted of beating grandmother to death while high on PCP
  3. 3
    30,000 missing emails from IRS' Lerner recovered | WashingtonExaminer.com
  4. 4
    Report: Weather could change OSU-Baylor kickoff time
  5. 5
    New DHS immigration rules: Drunk drivers, sex abusers, drug dealers, gun offenders not top...
+ show more