Digital forensics

Notable computer forensics cases [updated 2019]

Chiragh Dewan
July 6, 2019 by
Chiragh Dewan

Cases involving computer forensics that made the news

  1. Michelle Theer (2000): On December 17th, 2000, John Diamond shot and killed Air Force Captain Marty Theer. The case took a turn as there were no eyewitnesses and no physical evidence. However, the prosecutors were able to get their hands on 88,000 e-mails and other messages on Michelle’s computer including personal ads that Michelle had posted in 1999. They also found email responses by her for that ad which showed clear evidence of a sexual relationship between Michelle and Diamond. Furthermore, messages containing information about the conspiracy to murder Captain Marty were also recovered. On December 3rd, 2004, Michelle Theer was found guilty of murder and conspiracy and sentenced to life imprisonment.
  2. Scott Tyree (2002): On January 1st, 2002, Scott Tyree kidnapped a 13-year-old girl name Alicia Kozakewicz. On the same night, Tyree sent a photograph of Alicia tied in his basement via Yahoo Messenger to someone in Tampa, FL. The man from Tampa happened to check the Pittsburgh Post-Gazette website and saw that the same girl was missing from her home. He then contacted the FBI on January 3rd and gave the FBI the Yahoo screen name of the person had sent him the IM: ‘masterforteenslavegirls.' The FBI further contacted Yahoo and obtained the IP address from where the image was sent. They then contacted Verizon to obtain the name and address of the Verizon subscriber to whom the IP address was assigned. That person happened to be Scott Tyree.
  3. Dennis Rader (2005): The famous “BTK” Serial Killer was on the run for more than 30 years, and after years he re-emerged and took another victim in Kansas following which he sent a floppy disk to the police with a letter on it. Upon forensic investigation, the investigators found a deleted Microsoft Word file. The metadata recovered showed that the last person to edit the file was authored by “Dennis” along with a link to the Lutheran Church where Dennis Rader was a Deacon. Ironically, Rader had sent a floppy disk to the police because the police had previously told him that letters on floppy disks could not be traced.
  4. Corey Beantee Melton (2005): In 2005 Melton found that his home computer had been infected with viruses, so he decided to take his computer to the Best Buy’s Geek Squad to get it fixed. A number of different viruses were found on the computer. Upon further analysis by the Geek Squad, some viruses were found to be re-attaching themselves to movies. When the movies were looked at, it was found that Melton had child pornography stored on his computer. The store then contacted the police and Melton was found guilty and was sentenced to jail for 10 years.
  5. James Kent (2007): Another case of child pornography took place in 2007 when James Kent, a professor of public administration at Maris College in Poughkeepsie, NY complained to the IT department of the university about his computer being problematic. Turns out, that it all started in 1999 when he began watching such content. In 2005, the entire university had a technical upgrade in which the old computers were replaced by new ones. However, the data from the old hard disks was copied to the new hard disks. Now 2007, the IT departments run an anti-virus software on the computer and child pornography is discovered. The university turns the contents to the police who then get in a forensic investigator to analyze the computer. The investigator, Barry Friedman, used a software known as EnCase and found out that the files were downloaded from the cache of the old hard disk.Over 14,000 images were recovered along with a letter dated 1999 to PB stating that a cover-up should be made stating that Kent has been researching on the topic and all the material in his possession was for research purposes only. He was later charged with 141 counts and sent to prison in 2009 for 3 years.
  6. Brad Cooper (2008): In 2008 Brad Cooper was arrested for the murder of his wife, Nancy Cooper. During the trial, Detective Jim Young described to the court how Cooper attempted to access text messages on the phone, but in an unsuccessful attempt, he deleted the phone’s memory by entering the incorrect SIM lock codes and PUK codes multiple times. Cooper later plead guilty to the second-degree murder charge.
  7. James M. Cameron (2009): February of 2009 was dark for James Cameron when he was indicated on 16 charges of trafficking in child pornography. Allegations were made that between July 2006 and January 2008 Cameron had uploaded child pornography to a Yahoo photo album using various aliases. Yahoo too reported locating numerous images of child pornography in the photos section of a Yahoo account. The Maine State Police undertook an investigation and identified the owner of the account to be Barbara Cameron, James Cameron’s wife. Mr. Cameron was an assistant attorney general for the state of Maine. On December 21st, 2007, a search warrant was executed, and four computers were seized. Upon examination, child pornography was discovered along with conversations where the person identified himself as a 45-year-old married man with a daughter, a description that fits Mr. Cameron.

Computer forensic cases that set precedent

  1. Fisher U.S. (1976): In 1976, Fisher and his accountant were summoned to provide Fisher’s tax returns and other invoices based on which the returns were supposed to be filed. Fisher gave them to his lawyer who further had passed them on to the accountant on whom the summons was served. The Fifth Amendment was not breached since it only protects the person from presenting the evidence, but not from its production. This set a highly regarded precedent for further cases.
  2. S. v. Doe (1983): During a government contracting fraud case investigation. The suspects bank records, from Grand Caymans, were suppressed. However, they were presented willingly. Supreme court later ruled that since the government then would not need to confirm the authenticity of those documents because the act of producing the records would involve testimonial self-incrimination. The Court of Appeals confirmed, holding that the records were privileged, that the act of producing them also would have “communicative aspects of its own” and in that the turning over of the records to the grand jury would admit their existence, possession, and authenticity and that the defendant was entitled to assert his Fifth Amendment privilege against compelled self-incrimination rather than produce the records.
  3. Doe U.S. (1988): Doe was facing a grand jury for oil cargo manipulation. Doe produced some of the documents but did not sign an authorization letter for the bank in the Grand Caymans to disclose any other accounts under the Fifth Amendment. The court ordered him to do so since the restriction was put in place after the 1983 case (mentioned above) that the documents being self-incrementing could not be used to establish the accuracy of guilt and were under immunity.
  4. People Sanchez (1994): Sanchez was facing charges for killing his fiancée. The case relied on the Supreme Court to make a decision. Sanchez plans for the murder were found in a letter in the room by his sister after the arrest. Those letters were turned over to the court and considered as evidence. Since the state already had the evidence, the court ordered that Sanchez’s computer be unlocked.
Chiragh Dewan
Chiragh Dewan

A creative problem-solving full-stack web developer with expertise in Information Security Audit, Web Application Audit, Vulnerability Assessment, Penetration Testing/ Ethical Hacking as well as previous experience in Artificial Intelligence, Machine Learning, and Natural Language Processing. He has also been recognised by various companies such as Facebook, Google, Microsoft, PayPal, Netflix, Blackberry, etc for reporting various security vulnerabilities. He has also given various talks on Artificial Intelligence and Cyber Security including at an TEDx event.