@TweedyBird I seen many cases assuming CP activity, where the evidence was misinterpreted and lead to wrong conclusions. Unfortunately many experts misinterpret browser searches and artifacts.
If you can prove that the prosecution's expert did at least one mistake during the forensic workflow, then the case will be most probably dropped.
The first mistake which could been done is that your nephew's computer was started "to look around" after seizure, thus not conserving the original data content at it's original state. From there on any conclusions made by forensic experts are void because the original data integrity wasn't conserved.
Good luck!
deleting all of my posts..thanks to everyone. God Bless.
The access count issue isn't a bug in Magnet AXIOM. Access Count is stored by Internet Explorer as an internal counter for Internet history records. It does not correlate with the number of times a URL was visited. You could visit a site once and have an access count of 20.
I would be shocked to see a child abuse site use pay-per-click advertising. They generally want to stay on the down low as much as possible. They ultimately want to be found by people with interest, but they don't want people stumbling across them.
When they seized the laptop, they should have confirmed date/time. If they didn't, it's a big opening because it means the time could be significantly off and that would mean the logs and date/time stamps could be off.
The child abuse images cannot be viewed outside of a law enforcement facility in the U.S. It's part of the Adam Walsh Act. Completely standard. In other cases, the image is usually provided. In these cases, you have to go to the police station if you want to analyze the actual drive image.
if you have time go on 4chan forums … i had read there that people are doing similiar stuff just for fun , maybe you will find something there …
deleting all of my posts..thanks to everyone. God Bless.
Many years ago, we actually had a case where the defendants computer was autodialling to a CP server and downloading indecent material. This was caused by a "virus". It wasn't obvious at first. Such a thing exists, but is rarer than rocking horse p**p and the only time I have seen it was via dial up internet not broadband.
When dealing with cases like this, I would normally make a clone of the suspects drive, insert the clone into the laptop (or exact replica) and boot it up. Then monitor all activity (especially network traffic) to see whether anything untoward happens. Maybe a wise course of action for your investigator to take. Should anything provable become apparent, this can then be demonstrated to the officer dealing with the case. It could be that the investigator requires permission to do so from the authorities to ensure he too doesn't fall foul of the law - something I am sure he'll be very aware of.
With regards to the officer, I wouldn't necessarily get hung up over lack of degree / time on the job… We all started somewhere.
What are you trying to do with all these posts?
You have received help, that help is telling you that you are probably barking up the wrong tree.
Unless you upload some reports no one can assist, and honestly with the faith you have had in your past investigators, I'm pretty sure I wouldn't take the gig because anything short of "he's innocent, couldn't have done it" makes you angry and everyone is incompetent or inexperienced.
deleting all of my posts..thanks to everyone. God Bless.
deleting all of my posts..thanks to everyone. God Bless.