Imagine this scenario: your employer gives you a ticking time bomb full of child porn and then you get fired and then you get prosecuted as some kind of freak. George Fitzmons spent seven months in San Bernardino County Jail, even though he was innocent of the charges against him. What were those charges? The charge was possession of child pornography; Mr. Fitzmons was facing life in state prison.
Rick Crouch & Associates, private investigators based in California and now South Africa were hired by the defence to investigate the case. Within a few weeks Rick Crouch, President of Rick Crouch & Associates had uncovered information that proved Christopher Fitzsimmons could not have committed the crime.
When you get accused of having child porn on your computer, subsequently get fired, lose your friends and family and face prosecution — hire a computer forensic expert to clear your name — assuming you’re innocent of course.
That’s what George Fitzmons, a former employee of the State of California did after getting fired for having child porn on his laptop. After a cursory examination, state investigators did in fact find child porn, which Fitzmons swore he didn’t download and wouldn’t even know how.
With charges that he downloaded images of child pornography onto his notebook filed against him, the 51-year-old Fitzmons became a pariah in his community, was shunned by friends and family and watched his wife develop a stress-related illness.
Fitzmons finally hired forensic computer expert and private investigator Rick Crouch to get to the bottom of the nightmare.
The trouble began after Fitzmons, an investigator for the Department of Industrial Accidents, was issued a new laptop by the DIA in Nov. 2002 after his originally-issued laptop was stolen.
But by March 2003, an investigator red flagged the computer after reviewing a Verizon wireless bill, noticing abnormally high data activity on Fitzmons’s laptop — usage was four-and-a-half times greater than any of the other investigators. Several days later, Fitzmons’s laptop was taken and reviewed by investigators who found Website files and images of child pornography in the temporary Internet files folder. Subsequently, Fitzmons was fired and faced prosecution by the state.
After Crouch’s investigation was completed and his report was filed, charges were dropped against Fitzmons. “The overall forensics of the laptop suggests that it had been compromised by a virus,” said Rick Crouch.
Viruses and Trojans that were found on the laptop included Downloader, a Trojan that is a Windows Metafile image file; DriveCleaner, a rogue application distributed through aggressive pop ups; Feebs Family, malicious JavaScript that is usually embedded in a malicious Web site; and Trojan.ByteVerify.
“In general, the pornography found in the temporary Internet files folder does not represent activity conducted by a user, specifically George Fitzmons,” said Crouch. “It is evident from reviewing the logs that the virus protection software was either not configured correctly or was not functioning properly. Log files for November and December are missing and entries for November are incomplete. Once they have been allowed to execute their code, they erase evidence of their tracks making it impossible to assess the damage. While it is impossible to say how badly the laptop was infected while it was in the possession of George Fitzmons, I can say with 100 percent certainty that the laptop was compromised by numerous viruses and Trojans and may have been hacked by outside sources.” Added Crouch.
Contributed by:
Rick Crouch
Rick Crouch & Associates
rick@rickcrouch.co.za