Real CSI Cases from Burgess Forensics #16 The Little Dame That Wouldn’t

by | Jul 6, 2015 | Uncategorized

The stories are true; the names and places have been changed to protect the potentially guilty.

A dame, a rich guy, and an email account: what more do you need for a story?

I was in my office one fine spring day in Marin studying the benefits of Eastern philosophy, engaged in my special snoring meditation, when the buzzing of the telephone dragged me back to the present. It was Sam & Dave – not the Soul Men, but the lawyers in the Valley. They had a situation. A computer expert was heading over to their offices to make a copy of their client’s computer – the dame’s laptop – to try to prove that she sent endearing emails to a scorned male – the rich guy…Mr. Silicon Valley.

See, rich guy had not been so rich until some computer hardware of his design had been snapped up by a big player in the computer world for a hefty sum. Newly rich Mr. Silicon decided to try his hand at picture books – picture books of natural looking young ladies in their native birthday attire. The hook was that they would be all natural – no silicone for Mr. Silicon.

One day, Mr. S was driving through the Rockies when he espied a liberated young lady. Liberated in the sense that she was 17, but living on her own. S offered to liberate her from a deadend waitress job if she would come live in his Valley mansion. It would all be very Platonic – they’d each have their own end of the mansion – and she would work with the picture book office staff.

But as our young lady reached adulthood, Mr. S became enamored enough to make our lovely waif a bit uncomfortable. She thought he was acting like a creep. She wanted out – out of the office and out of the mansion. The word “harassment” strikes fear into the heart of many an employer, and Sam & Dave were looking for a settlement to enrich all involved.

Mr. S was not to give up so easily. He maintained that the lovely Miss had been sending him endearing loveletters from her America OnLine account. Sure enough, her account had sent those letters – but had she been the one to send them? AOL has a setting that allows a user to sign in automatically – that is, to sign in without having to type in a password. This setting is nearly always a mistake, unless no one else is ever near your computer. I always recommend to my clients that they take the extra 5 seconds out of their busy schedules to type an actual password. You might have guessed that her AOL was set to automatically login.

But the letters had been sent after she had already left the office. That meant that if she had sent them, she must have drafted them on her laptop from home. A deal was made. Mr. S hired a computer expert to do some digital discovery. He’d make an identical copy of the hard disk from her laptop, while sitting in Sam & Dave’s conference room. This is where I entered the picture. S & D wanted me to make sure that the hired thugs – er, experts – would not pull any funny stuff. I went to observe on the day of the copying.

Just a short half hour or so after their scheduled arrival, the other experts arrived. They were decked out in full company regalia. Their bright jackets, hats, and business cards announced their offices in New York, Tokyo, London, Hong Kong, and Los Angeles. These guys were apparently internationally jetting big shots. As it turned out, only one was the bigshot – the other guy was the gofer. Bigshot sat in a chair and bragged about his exploits while Gofer unloaded their equipment. A large, high-powered desktop computer, with external drives hooked up through an Adaptec SCSI host adapter appeared on the tabletop. A briefcase full of secret computer forensic software was opened to reveal its treasures. The golden floppy disk was removed from the briefcase. Bigshot examined the laptop, and announced, “We can’t do this copy – there’s no floppy drive.”

I was a little dumbfounded. Surely these guys had all of the computer forensic equipment known to mankind. “I have EnCase and ByteBack,” he said, “but I need to boot from a floppy drive to make a copy.” This was at least half accurate. Whenever a drive is operated in a Windows environment, Windows writes bits and pieces of data to the drive. Under such circumstances, the data is changed and is not a true identical, “bit-for-bit” copy. It’s not a forensic image. But when the system is booted from a DOS diskette, nothing gets written to the hard disks. This is what the fellow was looking to do.

I suggested he remove the hard disk from the laptop, and hook it up through a write-blocker to his desktop computer. “What’s a write-blocker?” he asked. “Gofer, do we have any write blockers?” Gofer’s look of befuddlement answered for him. I explained to Bigshot International that a write blocker is a device that can be hooked up between the hard disk and the cable it is attached to, or between an external enclosure holding the hard disk and the USB cable leading to the computer. The MyKey NoWrite FPU is one of my favorites. The Tableau works well. The Disk Jockey Forensic wasn’t around then. The DriveDock & others would have been fine. But he didn’t have any by anyone.

Still, removing the hard disk, attaching it to his system and booting the system from his floppy diskette should have been fine. I suggested as much. “How do you take out the hard disk?” he asked. Apparently laptops are different in London and Hong Kong and those other places he had offices.

I asked S & D’s secretary for a little Phillips screwdriver, and removed the hard disk for Our Man. “It doesn’t hook up to my IDE cable,” he said. You see, laptop IDE hard disks and desktop IDE hard disks are different sizes. Most in laptops are 2.5″ and most in desktops are 3.5″ and never the twain shall meet – at least, not on the same cable. The 40-pin connector on the laptop is, unsurprisingly, smaller in size. “How about an adapter?” I said. “Have you a 2.5″ to 3.5″ adapter?”

“Have we got one, Gofer?” Befuddlement answered wordlessly again. I suggested a quick run to the local computer store. I even volunteered to go, for the Mensa-level technical skill was getting to me a little at that point.

Twenty minutes later, we had an adapter from a local Mom & Pop computer shop. Some adapters for laptop drives hook up the opposite way from what is intuitive. Once I warned against hooking the laptop drive up backwards, Bigshot got everything set up right, the computer booted, and a good copy seemed like it was only minutes away. That is, until I heard, “My target disk drive isn’t big enough.” Well, I didn’t want him to have to go all the way to Tokyo or New York for another. I suggested hooking up additional drives from his special briefcase to the SCSI bus, then changing the image size. Many computer forensic programs allow one to acquire a large drive as several or many contiguous images of a smaller size. By changing his configuration, Mr. B could make many successive CD-sized images of about 650 MB each, instead of one giant one that wouldn’t fit in the available space in any one of his hard drives.

With the copy proceeding apace, I asked S&D what I should do next. We saw the estimated time of completion was about five hours away! I wondered if sitting waiting for electrons to move was the best use of my time and their money, and they seemed to think it was not. I explained what to look out for – any cables being unplugged, any keyboards being typed on, any utterances of “oops” or “oh no!” from the Dynamic Duo making the copies. The job should be mostly babysitting until the copy was completed. I headed back to the airport, and to my office at Burgess Forensics to finish my interrupted meditation.

How did it all turn out? There were no loving emails drafted on the laptop. The computer she had used at the office was being used to send bogus emails from her auto logon AOL account. Mr. S was ready to settle – after just one more meeting.

As part of the settlement, Mr. S & our lovely Miss had one last lunch together. They met at an outdoor cafe. It might have been romantic, but Miss sat well out of reach, her lawyer sat just out of earshot a couple of tables to the West. The attorney for S sat just out of earshot a couple of tables to the North. Everybody ate lunch. S paid the bill – three bills, actually – one for lunches, one for the lawyers, and one settlement for the lovely lady. She then walked away and never looked back.

While I never met the lady, I was alerted to look for her on a fashion show. There she was, on the TV, looking like the waif models are apparently supposed to resemble. I couldn’t tell if she looked any richer, but I hoped she would spend some of the settlement on a few more lunches – she could have filled out a little and looked a bit more – natural. But that’s outside my area of expertise. A nutritionist I’m not – I do computers.

This is just one of the many “CSI – Computer Forensics Files: Real Cases from Burgess Forensics.” Stay tuned for more stories of deceit uncovered by science.

Subscribe to our free and informative weekly forensics newsletter!

 

Related Posts

Email spoofing, scamming, and hacking

Email spoofing, scamming, and hacking, Copyright 2024 by Steve Burgess Email domain spoofing scams With fortunes, privacy, and identity fraud at stake, we have had a number of cases involving phishing and spoofing in the past few years and into the present where...

AT&T Data Breach and Hack: What Does it Mean to Me?

AT&T Data Breach and Hack: What Does it Mean to Me? copyright 2024, Steven Burgess It was ginormous. It included almost all wireless customers from 2022. Did you have an AT&T phone or other account in 2022? You’re one of 110 million (gasp). You be hacked, my...

Somebody deleted stuff off my phone (I swear it wasn’t me!). Can I get it back?

- Copyright Steve Burgess 2024 Your phone is suddenly losing text, videos, photos. What’s happening? Are they gone forever? Have I been hacked? How do I avoid this in the future? What’s happening? Of course, it’s hard to tell without some history of the phone’s use,...

CSI Cases from Burgess Forensics #69 A Case of Hiphop Beef

The Stories are true; the names and places have been changed to protect the potentially guilty. It was almost closing time on Friday and my thoughts were turning to Barbequeing some of that mouth-watering Santa Maria tri-tip while my nose was turned to the scent of...

Email as a signed contract vs. fraudulent emails

Email as a signed contract vs. fraudulent emails We all send and receive email, but did you know that what you say in an email can be interpreted as a legal contract? And that sometimes, emails are fraudulent? Both are true. The Statute of Frauds Although email didn’t...

El Salvador Adopts BitCoin

El Salvador Adopts BitCoin copyright Steve Burgess, 2021 El Salvador just passed a law to make BitCoin (BTC) legal tender and is the first country to do so. It did something similar back in 2001, when it made the US Dollar the official currency, replacing the...

Keeping Your Bitcoin Safe

BitCoin. Everybody wants some. But what’s the best way to keep it safe once you’ve got it? And how to get it? First things first – you get BitCoin (and Etherium, and DogeCoin) from a cryptocurrency exchange, like you would from a “regular” currency exchange to turn...

Cyberbullying and Covid-19: 2021 Update

California defines a cyberbully as anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another. The Cyberbullying Research Center defines it as “willful and repeated harm inflicted through the use of computers,...

Cybersecurity & Covid-19: Vulnerability and What to Do About It

Cybersecurity & Covid-19: Vulnerability and What to Do About It Steve Burgess, 2020 As if we didn’t have enough to worry about. With so many of us working from home (close to 90% of American corporations are encouraging or requiring employees to do so) and having...

Indian Summer Lovin’ – Tech Tips For a Warm Autumn

by Natalie Miller, 2019 With Indian Summer temperatures rising, here are some tips to help you make sure your devices are ready to conquer these warm days of Fall like you are. Check Those Pockets! Taking a dip in the pool, going for a paddle in a kayak, and jumping...

Pin It on Pinterest

Share This