« View Previous Post | Return to Main Page | View Next Post »

The Strange Case of Ms. Julie Amero: More information in the interlude

Tuesday, January 23, 2007
Add a comment

brianboyko.jpgBy Brian Boyko

The article by Detective Lounsbury has been delayed while we double-check some information in the article, but it will be published tomorrow. In the meantime, we did some more research on some of the misconceptions of this case.

We called up Steve DelGiorno, CEO of ComputerCOP software, which makes some of the forensic software used in this case. We looked at the whitepaper they had on ComputerCOP Professional and the software seems designed to recover hidden and deleted files from a computer, but did not mention anything about tracking the source of the files.

Mr. DelGiorno stated in a phone conversation with us that while ComputerCOP can find all sorts of files and images, including deleted images or images in unallocated disk space, by keyword or by filetype, ComputerCOP does not determine the cause of those files being on the computer (whether caused by malware, intrusion, or direct and willful use), and that it is not the function of ComputerCOP to make that determination.

On Thursday we will have a news-analysis editorial concluding our coverage of the Amero case, as well as discussing the relevance of the Amero case for professionals in IT.

Brian Boyko is editor of Network Performance Daily



Add to Technorati Favorites

TrackBack

TrackBack URL for this entry:
http://www.netqos.com/MT/mt-tb.cgi/129

Comments

Brian,

This site claims "Maintains file integrity--Absolutely NO alteration of file-related dates (Created, Modified, Accessed). Documents when offender created or downloaded a file--obliterates the "It Wasn't Me" defense."

http://www.computercop.com/product_p3.html

How can they make this claim? And if the claim is fraudulent, how many paroles have been unfairly incarcerated as a result?

Frank Krasicki
http://region19.blogspot.com

Posted by: Frank Krasicki | January 25, 2007 09:13 PM

While I am not familiar with the software used in this investigation I do not doubt that the "evidence" was preserved. The issue (in my opinion) is not the evidence but the analysis of that evidence. Unfortunately many times an examiner will discover "the smoking gun" and leave it at that. Not take the extra steps to determine how or where that evidence came from.

Posted by: Steve Sanchez | January 27, 2007 12:21 AM

Post a comment

Verification (needed to reduce spam):

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)