Computer forensics ...
 
Notifications
Clear all

Computer forensics question related to "Making a Murderer"

Whiznot
(@whiznot)
New Member

Hello. I recently joined your forum just to ask this one question. Please help.

On December 19, 2006, defense attorneys for Steven Avery received the image of a 40GB hard drive from a Windows computer as a discovery item. The hard drive image was created by Encase software and copied to seven DVD disks. The defense attorneys lacked Encase software needed to mount the image. The defense attorneys made the critical mistake of neglecting to submit the DVD disks for professional forensic analysis.

I would like to have a general idea of how much it would have cost in money and time back then to hire a pro to mount the image, recover deleted evidence and write a report for use at trial.

If the defense attorneys could have obtained a forensic report within 22 days they would have been able point to an alternative murder suspect. If the forensic report could have been obtained within 55 days testimony of the star prosecution witness could have been impeached.

Quote
Topic starter Posted : 23/07/2018 2:57 am
armresl
(@armresl)
Community Legend

It varies too greatly.

There is the cost of the exam, then testimony.

If I had to guess 5 to 10k which most offices can't afford.
I like to assist PD offices and even police departments due to their very limited budgets, and I do so at a heavily reduced rate.

The cost of a deposition is not included because the prosecution would have to pick up that cost.

Hello. I recently joined your forum just to ask this one question. Please help.

On December 19, 2006, defense attorneys for Steven Avery received the image of a 40GB hard drive from a Windows computer as a discovery item. The hard drive image was created by Encase software and copied to six DVD disks. The defense attorneys lacked Encase software needed to mount the image. The defense attorneys made the critical mistake of neglecting to submit the DVD disks for professional forensic analysis.

I would like to have a general idea of how much it would have cost in money and time back then to hire a pro to mount the image, recover deleted evidence and write a report for use at trial.

If the defense attorneys could have obtained a forensic report within 22 days they would have been able point to an alternative murder suspect. If the forensic report could have been obtained within 55 days testimony of the star prosecution witness could have been impeached.

ReplyQuote
Posted : 23/07/2018 6:12 am
keydet89
(@keydet89)
Community Legend

Hello. I recently joined your forum just to ask this one question. Please help.

On December 19, 2006, defense attorneys for Steven Avery received the image of a 40GB hard drive from a Windows computer as a discovery item. The hard drive image was created by Encase software and copied to six DVD disks. The defense attorneys lacked Encase software needed to mount the image. The defense attorneys made the critical mistake of neglecting to submit the DVD disks for professional forensic analysis.

I would like to have a general idea of how much it would have cost in money and time back then to hire a pro to mount the image, recover deleted evidence and write a report for use at trial.

If the defense attorneys could have obtained a forensic report within 22 days they would have been able point to an alternative murder suspect. If the forensic report could have been obtained within 55 days testimony of the star prosecution witness could have been impeached.

I started with ISS XForce ERS team in Feb, 2006…we were billed out at $300 USD/hr. However, that billing rate had not changed in 10 yrs.

If all you wanted, if the only goal was to recover deleted "evidence", then I don't think that the rate would have varied too terribly much. 40GB is not a lot, and we were issued dongles for EnCase 4.22 and 6.19 at the time.

Machine time and a report stated, "…we ran these tools and the recovered data is available on the associated DVDs…" might have been a week. Maybe.

But again, that really depends on what the goals of the exam were; like I said, if you walked into a DFIR shop and said that all you wanted was for the deleted files to be recovered, then that would not have been a great deal of effort, and most of it would have been machine time.

ReplyQuote
Posted : 23/07/2018 11:31 am
Whiznot
(@whiznot)
New Member

Thank you both for the helpful replies.

In the "Making a Murder" case appellate attorney Kathleen Zellner employed a digital forensics expert to recover the evidence that the trial attorneys ignored. The investigation and appeals are ongoing. The state's convictions are unlikely to stand.

ReplyQuote
Topic starter Posted : 23/07/2018 4:32 pm
jaclaz
(@jaclaz)
Community Legend

The defense attorneys lacked Encase software needed to mount the image.

No.
They lacked IMNSHO the good will to try and find a solution to a problem.

There are (and I believe there already were at the time) other softwares (some free) to mount .e01 or .l01 images or to convert them.

One thing is having a complete (and proper) professional forensics examination of a disk[1], another thing is having the contents accessible and decide - based on the apparent evidence that *any* or almost *any* IT technician can gather - if there is "value enough" in the evidence to justify the expense of a full examination.

Mind you such decision may well have been "wrong" anyway (because the non-forensic expert might have well missed relevant data) but "completely ignoring" a forensic image because they couldn't mount it?

Come on …

Let's make a non-digital comparison, say you receive a document written in Arabic or Japanese, one thing is finding someone that knows Arabic or Japanese to have a quick look at it, and another one is to have an official translation by an accredited translator (sweared in court) or by the Embassy.

But ignoring the document because you don't speak Arabic or Japanese?

jaclaz

[1] and consequent report and - if needed - expert witness testimony in Court

ReplyQuote
Posted : 23/07/2018 4:51 pm
Whiznot
(@whiznot)
New Member

Thank you for your NSHO (I had to Google it).

I've long been arguing that Steven Avery's trial attorneys were in cahoots with the prosecution. Trial defense attorney Dean Strang queered the venue change in favor of the county that his client had attempted to sue for a previous false conviction. Two of the jurors that the trial attorneys failed to strike had serious conflicts of interest with the defendant. After the defendant was convicted, two of his jurors reported that the conflicted jurors employed intimidation to force the guilty verdict.

ReplyQuote
Topic starter Posted : 23/07/2018 5:45 pm
hectic_forensics
(@hectic_forensics)
Junior Member

For me it was when they found the car keys after the fourth time they searched his trailer and the tampered blood sample. 😯 😯 😯

ReplyQuote
Posted : 24/07/2018 10:55 am
Share:
Share to...