22.2 Time as Alibi

Previous page
Table of content
Next page

22.2 Time as Alibi

Suppose that, on March 19, 1999, an individual broke into the Museum of Fine Arts in Boston and stole a precious object. Security cameras show a masked burglar entering the museum at 2000 hours and leaving at 2030 hours. The prime suspect claims to have been at home in New York, hundreds of miles away from Boston, when the crime was committed. According to the suspect, the only noteworthy thing he did that evening was to send an e-mail to a friend. The friend is very cooperative and provides investigators with the following e-mail:

    From: suspect@newyork.net    Date: Fri, 19 Mar 1999 20:10:05 EST    Subject: A quick hello    To: witness@miami.net    I am sitting innocently at home with nothing to do and I thought    I would drop a line to say hello.

The e-mail does suggest that the suspect sent the message at the time of the burglary. However, the investigators are familiar enough with e-mail to know that the header will contain dates and times of all of the computers that handled the message. They obtain the full header and examine it for any discrepancies.

    Received: from mail.newyork.net by mail.miami.net (8.8.5/8.8.5) with ESMTP id    NAA23905 for <witness@miami.net>; Sat, 20 Mar 1999 13:49:19 -0500 (EST)    Received: from suspectshome.newyork.net by mail.newyork.net (PMDF V5.1-0    #20971) with SMTP id <01J9206HG9T400NWE6@newyork.net> for    witness@miami.net; Sat, 20 Mar 1999 13:49:22 EST    From: suspect@newyork.net    Date: Fri, 19 Mar 1999 20:10:05 EST    Subject: A quick hello    To: witness@miami.net    Message-id: <01J9206VTW2E00NWE6@newyork.net>    I am sitting innocently at home with nothing to do and I thought I would drop    a line to say hello.

Sure enough, the dates and times in the header do not match, indicating that the e-mail message was forged on the afternoon of March 20. The suspect's alibi is refuted. The investigators obtain the related log entries from the two mail servers that handled the message (mail.newyork.net and mail.miami.net) as further proof that the message was sent on March 20 rather than on the night of the crime. Additionally, the investigators search the suspect's e-mail and discover messages that he sent to himself earlier in the week, testing and refining his forging skills. Finally, to demonstrate how the suspect sent the forged e-mail, the investigators perform the following e-mail forgery steps, inserting the false date (Friday, 19 March 1999 20:10:05 EST) just as the suspect did:

    % telnet mail.newyork.net 25    Trying 10.232.19.48...    Connected to mail.newyork.net.    Escape character is '^]'.    220 mail.newyork.net - Server ESMTP (PMDF V5.1-10 #20971)    helo suspectshome.newyork.net    250 mail.newyork.net OK, suspectshome.newyork.net.    mail from: suspect@newyork.net    250 2.5.0 Address Ok.    rcpt to: witness@miami.net    250 2.1.5 witness@miami.net OK.    data    354 Enter mail, end with a single ".".    Subject: A quick hello    Date: Fri, 19 Mar 1999 20:10:05 EST    I am sitting innocently at home with nothing to do and I thought    I would drop a line to say hello.    .    250 2.5.0 Ok.    quit

After being presented with this evidence, the suspect admits to stealing the precious object and selling it on the black market. The suspect identifies the buyer and the object is recovered.



Previous page
Table of content
Next page
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279
Authors: Eoghan Casey BS MA
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
C & Data Structures (Charles River Media Computer Engineering)
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Microsoft WSH and VBScript Programming for the Absolute Beginner
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy