Investigator, Susan West Valley, Japex discussed on Cold



First ten days of the search for Susan west valley. Detectives served three search warrants at Josh and Susan's home on Sarah circle. They also served a warrant on his minivan. Each time. They came away with digital devices by my count that included at least seven computers, seven hard drives five flash drives three s d cards to cell phones, a digital camera and camcorder. Here's how the RCAF L handled all that kind of stuff and investigator brought in a piece of evidence a computer cell phone flash drive, or whatever the hell then paired up that outside investigator with one of its F B I trained examiners we work with the case agent because it's their case they bring it to us assisting them. But we don't know the full background of the case with a computer hard drive or flash drive. They made a bit forbid copy called a mirror, then they used a hash. That's an algorithm that provides something akin to a unique fingerprint for divisor file to make sure the mirror. Exactly matched the original. And we just work off of that image. We never touch the original item, which is different than if you have blood evidence you to do DNA on blood. You have to take some of that sample in order to get the DNA results. We don't have to do that with digital. We can make verified copy so to speak at the time. Our CFL's were using a number of different software utilities to. Attract information from the mirrors in the Powell case that usually meant a program called forensic tool kit produced by the company access data F T K is also known examined every sector of the mirror even the blank space when you delete a file in windows. You don't really deleting? The file you're just telling the computer that that space that it took on the hard drives now Ville using it. So until that information is written over, those files could be retrieved and even when parts of the file were overwritten, these forensic software programs could sometimes reconstruct the rest by finding the remaining segments. Typically, when you save a file it's not saving it to just one sector on the hard drive is going to it could save it in like twenty pieces. So sometimes you could have several pieces overridden, but the majority of the other pieces remain. So you might still be able to retrieve the majority of the file in the end F T K generated a report with hyper links like the links would find on a web. Site that pointed to specific files that way, the investigators could sift out anything that was not relevant to their case. Intellectually break it out into types. You know, like could be Japex were documents emails, you then can go through and review if all's on there, as you might imagine this work required. A lot of time. You can search terms with our software. But in the end, that's just gonna find those terms. I mean, there may be stuff in the document that unless you actually look at the documentary not gonna know whether it was really relevant or not it takes that human element. The investigators had to locate the signal the midst the noise..

Coming up next