How Dennis Was Identified Using Digital Forensic

In: Computers and Technology

Submitted By Geryng
Words 724
Pages 3
HOW DIGITAL FORENSICS WAS USED TO IDENTIFY RADER

(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Introduction
Dennis Lynn Rader’s case remains the longest case to be handled ever taking almost 30 years. His case was opened when he handed in a computer floppy to the police. Careful forensics carried out on the floppy revealed a document that had been edited by someone by the name Dennis in computers at the Christ Lutheran Church. This led to physical location of the suspect. To nail down the suspect as the BTN killer, DNA tests were carried out on Rader’s daughter, Kerri Rader and it was found to be matching. Comparing this to the DNA tests from the murder cases BTN killer emerged to be Rader. This was enough evidence to convict Rader for 10 murder cases.
Digital evidence uncovered from the floppy disk
Immediately Rader sent a floppy to the police containing Microsoft word document, the floppy was handed over to the computer forensic experts at the FBI for examinations. Inside the floppy was a file called “Test A.RTF.” The contents of the file read “This is a test. See 3x5 Card for details on communication with me in the newspaper.” The message referred to the card that was inside the same box that had the floppy. The officers further recovered a word document that had been deleted on the drive. Careful examination on the properties of the retrieved document showed that the document which had been modified on February 10th 2005 and had been revised on 14th February by the owner whose name was Dennis. The experts did a search on the church and found someone by the same name among the church attendants. Rader was found as the principal suspect and this led to a series of intensive investigation carried out on him.
Rader’s case took almost 30 years of investigation. This was because of the various games that Rader played on…...

Similar Documents

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Types of Forensics

...FORENSICS Forensics, by and large, is the application of science to the legal process. It is an emerging research domain in India. There are many different types of forensic sciences baring their vital presence possibly in every field of human endeavor. Of these, let us now discuss about the computational, cyber and the DNA forensics. COMPUTATIONAL FORENSICS: The development of computational methods or mathematical and software techniques to solve forensic issues is called computational forensics. These methods analyze the evidence beyond human cognitive ability. They scrutinize a large volume of data, which is at any case impossible for a human mind to figure out. In spite of this, we can’t say that these techniques alone would serve our purpose because computational forensics is a field which needs huge collaboration between recognition and reasoning abilities of humans combined with comprehension and analytic abilities of the tool or a machine, which is most of the times, a computer. Computational forensics aids us to model the uncertain. At the crime scenes, we usually get incomplete or broken evidences. These evidences are later on modeled by the computational forensic tool which gives us first clues from its largest biometric database (fingerprints, criminal histories, mug-shots, scar and tattoo, physical characteristics like height, weight, hair and eye color and aliases), which is a collection of significant information regarding the criminals, their criminal......

Words: 1917 - Pages: 8

How Was the Suspect Identified?

...DEAHow was the suspect identified? How was the crime solved? What evidence was there? What could, or should, have been done differently? While reading this case about the serial murders of John Norman Collins there were a couple of things going through my mind. While there was sufficient detail on how the murders were performed, I don’t believe there was sufficient information on the evidence that was available for Collins to be incriminated. The following is information on how he was identified, how the crime was solved with the evidence that was used, and what I thought could have been done differently. It is important to note the dates of the crimes as that could interfere with any potential tests that could have been done to incriminate Collins faster. The suspect John Norman Collins was identified for various reasons. He was seen by various witnesses in the motorcycle that was identified as the transport he used for his victims, as well as the car he used. The fact the most of the murders occurred within a close proximity of each other and most had to do with East Michigan University further pointed the evidence that he was the serial murderer. Most of the murders were the same with the victims either naked or almost naked, all women, most on their menstrual cycles. Collins had had a confrontation with a woman that he had been fondling and was on her period before hand. He was disgusted and stormed off angrily. By learning the locations of the murders as well as......

Words: 786 - Pages: 4

How Has Our Knowledge of Dna Improved the Study of Criminal Forensics?

...How has our knowledge of DNA improved the study of criminal forensics? Introduction Through genetics, the study of DNA, we are able to figure out what and how genes are responsible for many things like our hair color or why do some people look a lot like their parents and others don’t. It also allows us to understand better how species evolve and how are they related to each other. It is important to understand how DNA mutates, changes and replicates in order to get information about what mechanisms cause DNA to change. In the 1970s scientists developed a DNA sequencing technique and other methods to manipulate and analyze DNA. This gave them the basic tools to start exploring the DNA blueprint which provided the techniques for a vast international project called The Human Genome Project (MRC). The Human Genome Project which was a major international project with the goal of decoding all our genetic information by 2003. A rough draft was done in June 2003 and it was a huge milestone that helped us understand how our genes can determine who we are (Genome Project). Many of today’s advances in DNA and biotechnology allow scientists and medical doctors to potentially cure genetic disorders through gene therapy by inserting, deleting or manipulating genes (Tillery, page 686). Another use of DNA technology is the creation of mutation by transferring DNA from one organism to another through techniques like cloning and introducing new DNA sequence into an organism to......

Words: 1437 - Pages: 6

How to Create a Digital Marketing Strategy

...How To Create A Digital Marketing Strategy Tactics without strategy is the noise before defeat. — SunTzu There are still many companies that believe they don’t need to have a strong digital marketing strategy to be successful, and while they may be able to maintain or even grow their revenue, their customers are gradually moving to the internet to make buying decisions. That is why companies without a great digital strategy aren’t only leaving huge amounts of money on the table, they are losing customers to those that do. You need a Digital Marketing Plan. Any company no matter the size or industry can benefit from a strong digital marketing strategy. In this article we will be discussing some of the best practices in putting together a digital marketing plan that allows you to strategically outperform your competition and create results in the marketplace. Overview In digital marketing, like all forms of business, it is best to have your strategy defined before you dig in to implementation. So before you create your first Youtube video or Facebook group, lets begin by discussing what you need to think through: 1. Your target customer & the problems you are solving 2. Differentiation and branding plan 3. Customer assessment (where they are and where they will be) 4. Competitive analysis & timeline 5. Your tactical plan 6. Results and feedback Once you have figured out the following you can begin to think about which marketing......

Words: 1585 - Pages: 7

Digital Forensic

...NAME OF GROUP MEMBERS: HON HAO KONG TP027895 THOR LIH YIN TP024383 YUVARAJ MURALITHARAN TP028059 GROUP : GROUP C2I INTAKE CODE : UC3F1402IT{FC} MODULE CODE : CT040-3.5-3-LEAFC MODULE TITLE : LEGAL EVIDENTRARY ASPECTS OF FORENSIC COMPUTING, LEAFC PROJECT TITLE : LEAFC 2nd Group Assignment HAND-OUT DATE : 27th MAY 2014 HAND-IN DATE : 16TH JUNE 2014 LECTURER : MR. ALI JAVAN Table of Contents 1.0 Workload Matrix 3 2.0 Executive Summary 4 3.0 Case Detail and Assumptions 5 4.0 First Responder 7 4.1 Overview 7 4.2 First Responder Procedures 7 4.2.1 Securing and evaluating electronic crime scene 7 4.2.2 Documenting electronic crime scene 10 4.2.3 Collecting and preserving electronic evidence 15 4.2.4 Packaging electronic evidence 21 4.2.5 Transporting electronic evidence 22 4.3 Chain of Custody 23 5.0 Critical Analysis 24 5.1 Forensic Analysis 29 6.0 Case Reconstruction 40 6.1 Functional Analysis 40 6.2 Timeline Analysis 42 6.3 Relational Analysis 43 7.0 Apply and Result of Subpoena 44 8.0 Legal Discussion and Implication 45 8.1 Legal Discussion Perspectives 47 9.0 Conclusion and recommendations 51 9.1 Conclusion 51 9.2 Recommendations 51 10.0 References 52 Appendix A– Affadavit 54 Appendix B- Subpoena 59 1.0 Workload Matrix | Thor Lih Yin......

Words: 11150 - Pages: 45

Digital Forensics Lab 4

...CCSI 410 Forensic Lab Report 1) Investigator’s Name: 2) Date of Investigation: August 2, 2014 3) Lab Number and Title: Lab 4 Keyword Searches 4) Summary of Findings: I did the steps required to fulfill my report. I found there is enough evidence to continue the investigation due to the search results. 5) Details of Investigation 1. 11.45 pm – Turned on suspect computer 2. 11: 47 pm – Entered lab environment 3. 11: 49 pm – Determined keyword list 4. 11:59 pm – Added the floppy image 5. Augest 3rd 12:05 am – Added keywords to the search utility 6. 12:09 am – Initial look at .emi files and addressbook.csv complete 7. 12:11 am – Search using keywords 8. 12:15 am – Completed report 6) Please type the answers to the questions found throughout the lab here. 1. Bid rigging is well rigging a bid so that a certain firm will win the bid. http://www.ftc.gov/tips-advice/competition-guidance/guide-antitrust-laws/dealings-competitors/bid-rigging Bid Rotation is when bidding is predetermined which firm is going to win and the other firms involved in the process get something out of it as well so basically a win-win situation for all involved parties. Bid suppression is where firms can enter the bid but choose to not do so in order to let another firm win. Bid cover is when the firms making the bid knows their bid will be rejected so that another firm will the bid. 2. There are many words and......

Words: 579 - Pages: 3

Digital Forensics - Uganda’s Preparedness

... Digital Forensics: Uganda’s Preparedness Dennis Tusiime Rwatooro 2014-M142-2002 Dept of Computer Science Abstract — The more our lives continue to depend on digital communication networks and media to perform daily activities such as communication, access to information and critical services such as health, financial transactions, entertainment, and public utilities like electricity, the more we get exposed to security risks. These security risks include breach of confidentiality of communication and transactions, violation of personal privacy, crime and fraud, disruption of services, and distribution of inappropriate content, among others. The goal of digital security is to research into and develop mechanisms to address these security risks. In this paper we briefly survey some of the emerging issues in digital security. The literature shows that while some domains in digital security have remained unchanged over a long time, for example cryptography, new areas have emerged including steganography. Keywords – digital forensic techniques, volatitle data extraction, digital image forensics, malware investigations, email security, symmetric key cryptography, asymmetric key cryptography, public key cryptography. Introduction Forensic science is defined as the application of the sciences as it pertains to legal matters or problems (Gialamas, 2000). One of the branches/fields of forensic science, namely criminalistics, is the profession and scientific discipline......

Words: 7291 - Pages: 30

Forensics

...The purpose of this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by......

Words: 11835 - Pages: 48

Digital Forensic

...USSS Cyber forensics Team in an antistatic bag with tamper resistant tape. Her initials were written over the tape. I removed the USB flash drive from the bag. It was a 2GB black and green retractable Sony flash drive with the serial number of D33021. Using the mount command I confirmed that the USB had not mounted. Command: mount Using the date command I showed when I began the forensic work on the USB device. Sun Feb 1 13:21:34 EST 2015 Command: date Using the command fdisk I looked to see what the size of the device was and how much data was on the USB. It was shown to have 1MB or 1474560 bytes of information. Command: sudo fdisk -l Using the hash command sha1sum on the device I obtained the hash for the USB. 32b9fcb741aab43a4f80393d3df67c32c726924f /dev/sdb Command: sudo sha1sum /dev/sdb Using dd I was able to image the information from the USB device to another file named Ailes.case01.dd. Command: Sudo dd if=/dev/sdb of=Ailes/case01.dd bs=8192 Using the date command I showed when the copy was made. Sun Feb 1 13:25:55 EST 2015 Command: date Using the sha1sum command again I compared the original USB hash to the new image Ailes.case01.dd. 32b9fcb741aab43a4f80393d3df67c32c726924f /dev/sdb 32b9fcb741aab43a4f80393d3df67c32c726924f Ailes.case01.dd Command: sudo sha1sum /dev/sdb case01.dd After comparing the hashes from the Original USB information and the copy Ailes.Case01.dd, the hashes are the same which means it was a......

Words: 1068 - Pages: 5

How Well Your Plan Addressed an Identified Need, Reflected Principles of Adult Learning, Was Based on Availability of Resources and Made Use of Appropriate Assessment Methods

... | |Assessment method |Written, Observation | |Learning outcomes: | | | |1. Be able to create an environment conducive to learning. | |2. Be able to plan and deliver learning and development programme activity to individuals and groups. | |3. Know how to review learning and development activities | |All activities should be completed |Assessment | | |Criteria | |Activity 1 | | |Devise and deliver a plan, with clear aims and learning outcomes, for a work related learning and development | | |activity/session, lasting approximately 30 minutes. During......

Words: 787 - Pages: 4

Project 1 - Ccjs 321 Digital Forensics

...INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | Project 1 - CCJS 321 Digital Forensics For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Makestuff Company, assigned to the company’s Incident Response Team. In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause.  Mr. Andfirum tells you that at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.”  Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor).  In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years.  Mr. Andfirum provides you a copy of the source code to use in your investigation.  Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in...

Words: 1700 - Pages: 7

Project 2 - Ccjs 321 Digital Forensics

...Project 2 CCJS 321 – Digital Forensics | Name Date of submission: FEB 14, 2016 | Project 2 - CCJS 321 Digital Forensics For the purpose of this Project, you are still the InfoSec Specialist for the Makestuff Company. Consider this project a continuation of the work you performed in Project 1. With the scenario in mind, thoroughly answer the following questions (in paragraph format, properly citing outside research, where appropriate): 1.      What permissions/authorities should you have before you search Mr. Yourprop’s former Company work area, and how would you document that authority? As the InfoSec Specialist, you wouldn’t be looking for a search warrant before going into his work area. “It is important to note that employers who conduct a search based upon suspected employee misconduct must be able to point to specific, objective facts that support this suspicion. They must also limit their search to areas where they can reasonably expect to find evidence of misconduct and must end their search once this evidence is recovered” (Wilson, 2008). We also have to take note that he is no longer an employee at this company. Before I actually go into his office, I would get a written document that gives me permission to search his former work area. In this document, I would want it to specify what would be looking for during this search. This document would tell me the exact scope of what I am allowed to search and the authority to search all of the......

Words: 1778 - Pages: 8

Digital Forensic Investigation Bsc Submission

...involving the staff of TTBANK that was suspected of misuse of company property due to that staff bragging about gaining access to privileged information to his colleagues that he should have otherwise not have gotten access to. The issue first came to the attention of Mr. Ali, the Enterprise Systems Administrator of TT Bank who had investigated silently to discover the identity of the staff and that the person was a member of the Loans Department and his name was Mr. Mike. What became particularly disturbing was that Mike worked in the Loans Department and should not have any access whatsoever to any Human Resources (HR) department files. The Enterprise System Administrator decided that the case should be investigated properly and hired a computer forensic expert from the APIIT FORENSIC LABOROTARY. Upon arrival, the forensic investigator was issued full authority to conduct the search and began conducting the investigation on site at TTBANK’s own work-station that was used by Mr. Mike immediately. The work-station was found to be in switched off state, so only the hard disk image was acquired. The image size for Mr. Mike’s work-station was 4GB while the HR server image size was 8GB. An analysis of the system showed that Mr. Mike had actually installed some very sophisticated computer programs for system monitoring on his work-station. These tools seemed to be an attempt at gaining access and privilege escalation on the TTBANK network, which was later accessed from his......

Words: 1635 - Pages: 7

Computer Intrusion Forensics

...Computer Intrusion Forensics Research Paper Nathan Balon Ronald Stovall Thomas Scaria CIS 544 Abstract The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investigation. It is not enough to simple know an attacker is responsible for the crime, the forensics investigation must be carried out in a precise manner that will produce evidence that is amicable in a court room. For computer intrusion forensics many methodologies have been designed to be used when conducting an investigation. A computer forensics investigator also needs certain skills to conduct the investigation. Along with this, the computer forensics investigator must be equipped with an array of software tools. With the birth of the Internet and networks, the computer intrusion has never been as significant as it is now. There are different preventive measures available, such as access control and authentication, to attempt to prevent intruders. Intrusion detection systems (IDS) are developed to detect an intrusion as it occurs, and to execute countermeasures when......

Words: 9608 - Pages: 39