http://www.courant.com/news/local/nb/hc-nebwardwell0922.artsep22,0,510773.story By Arielle Levin Becker Courant Staff Writer September 22, 2007 NEW BRITAIN - The New Britain police department's computer crime expert was stumped. The state police's lab couldn't help. Even the FBI didn't have the answer. But Lt. James Wardwell kept searching, trying to find some way to infiltrate a stack of erased rewritable CDs he just knew once contained evidence. And eventually, thanks to a network of computer investigators, a Google search and some college kids blogging about how to restore their lost mp3s, Wardwell found a way to recover the data and developed a new technique in the process. The evidence Wardwell recovered helped secure the conviction of a city man who filmed himself sexually abusing children, crimes a prosecutor said were the most extreme and diabolical he ever handled. Last month, Wardwell's work earned him the Case of the Year award from the international High Technology Crime Investigation Association, an honor that he said recognized a willingness to ask for help. "I could not have ever even come close to doing this if I hadn't reached out to everybody else," he said. The plaque hangs on the wall behind Wardwell's desk, but he might prefer if it weren't there. It's bittersweet to receive an honor for working on a case in which children were brutalized, he said. "If I could redo history, my preference would be that the whole thing never happened," he said. It began with evidence seized from city resident John Kaminski. Police had some incriminating evidence, but they believed there was more on a stack of rewritable CDs. Problem was, the CDs had been erased. None of Wardwell's data recovery techniques helped. He spent a day at the state police lab and consulted the FBI, but to no avail. He reached out to other computer crime investigators, but no suggestion worked. But the problem stuck with one of them - Special Agent Jim Butler of the FBI's New Haven division's computer analysis response team. A Google search led him to a website that college students used to discuss ways to recover deleted mp3s. The students' method wouldn't solve the problem, but it led Wardwell to create a similar technique. The key would be tricking a computer into reading the CDs, which appeared empty, by burning a small portion of another file onto them. The work broke a cardinal rule of computer forensics: Don't change the original evidence. Unlike working with blood or drugs, where testing destroys a bit of the evidence, investigators in computer forensics are trained to change nothing - they make copies instead. But the computer couldn't read Kaminski's CDs, making them impossible to copy. "In this case, it was either break that taboo or not get anything," said Butler, now the president of the Connecticut chapter of the High Technology Crime Investigation Association. Wardwell spent at least two weeks practicing the technique with other CDs. When he was convinced it worked safely, he created an empty file and began burning it onto one of Kaminski's CDs, stopping as soon as the first part of the file was burned. That allowed the computer to read the CD without destroying what was on it before. From there, he could recover the data using standard software. It was early in the morning when Wardwell first saw the videos on the CD. "There was a feeling of triumph, saying `Yes, I got it,'" he said. "But then, starting to see the contents of the data, it was horrible. I had to walk away." He left it for the day. Wardwell is no stranger to horrific images and brutal cases. Computer crime cases aren't all about Internet predators or child pornography, but they're a portion of the workload that Wardwell said he will never get used to. "You just have to know when to walk away," he said. The Kaminski case stands out because it was so brutal, he said. Kaminski was accused of sexually abusing three siblings, aged 9, 8 and 6, after drugging them with sedatives and filming the assaults. He pleaded no contest to six counts of first-degree sexual assault last year, at age 51, and was sentenced to 25 years in prison. At Kaminski's sentencing, prosecutor Paul Rotiroti said, "Of all the sexual assaults I've ever handled, this is the most diabolical, the most extreme and the one that most exemplifies pure evil." Kaminski has since filed a federal lawsuit challenging the search that led police to the evidence. A Superior Court judge previously ruled that the search was legal. Copyright © 2007, The Hartford Courant __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Mon Sep 24 2007 - 00:27:10 PDT