* via http://theMezz.com/lists * subscribe at http://techPolice.com
Computer could hold key evidence By Shelly Whitehead, Post staff reporter This week Boone County Sheriff's Department Capt. Jack Prindle will try to get inside the mind of the Erlanger man accused of being a serial child molester. That's how the computer forensics expert sees the task he is about to begin: Opening and sifting through the contents of Larry E. Howell's personal computer. Police and drug agents seized Howell's nondescript, photo-album-sized personal computer from his rented Dixie Highway home two weeks ago in connection with his arrest on drug traf ficking and child pornography charges. They also confiscated nearly 200 photographic negatives and prints of boys in sexual positions, and have interviewed dozens of local boys, some who reported having sexual relations with Howell. So now, as Howell sits in the Kenton County Detention Center facing nine felony charges of sodomy, his computer sits in Prindle's Burlington office awaiting his analysis. As head of Boone County Sheriff Mike Helmig's Technology Abuse Unit and one of Kentucky's leading computer forensics ex perts, Prindle's job is to retrieve and examine the machine's voluminous, and possibly well-concealed contents. ''Some people think they just bring a computer in here and we print out all the stuff on it, and that's it. . . . But it's not that simple,'' said Prindle. ''For even a relatively small hard drive, like a two gigabyte hard drive we had, we'd need two tractor trailer loads of paper just to print it out. Then, what it printed out you would not even understand.'' Prindle, a seasoned veteran of police work, said his objective after opening Howell's personal computer is to wade through the data mire in search of material relevant to the case. That process begins when Prindle extracts the computer's palm-sized hard drive and uses special forensic equipment to make a replica. Prindle then returns the hard drive, a critical piece of evidence, to police evidence and plunges into the intricacies of Howell's cyber-life in duplicate. ''I work from that exact duplicate image of the machine, which enables me to restore deleted files and find things they've hidden,'' said Prindle. ''I call it getting inside their head.'' Prindle says when he ''gets inside'' Howell's cyber head, he will be looking for certain red flags like image files (particularly deleted image files), unsaved printed data and manipulated file extensions. Experience tells him that child sexual abusers and pornographers often possess above-average computer skills. He says they are typically tapped into a network of individuals capable of lending technical assistance at a moment's notice. Still, as one of about 2,000 computer crime investigators worldwide, Prindle has usually been able to stay ahead of computer criminals, though he says they are continually finding new ways to hide and disguise the evidence law enforcement needs to convict them. ''The real career criminals are constantly looking for ways to keep us from recovering stuff,'' said Prindle. ''And as sure as one gets taken down, you can be sure he transmits exactly how he was caught and why.'' Publication date: 12-12-01 http://www.kypost.com/2001/dec/12/comput121201.html --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ This email was sent to: archive@jab.org EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================