I work with The Julie Group, a group of IT'rs, teachers, lawyers and journalists that formed to help reverse the conviction of Julie Amero, a substitute teacher who was caught in an un-winnable situation in Connecticut facing 40 years for a porn-storm on someone else's computer, that has been since overturned. (The Julie Group and State v Amero - A Miscarriage of Justice?)

Since then the group that worked on the case has decided to stay together to help others who are wrongly convicted by a legal system that has failed to keep up with the times and technology.

There's a case we may take on, and I am trying to do some advance research on. An underage male who claims to have unintentionally received illegal porn via limewire. The local police are trying to try him as an adult.

I've searched the sight for over an hour now looking for "log files" and "logging" so thought I'd put this question out for your help. For now, based on the description of a family computer used by novices, I feel it's safe to assume it's a version of Windows using default installation.

Does LimeWire log the get/puts of files? Either on the client machine, or in a central repository?

Would there be anyway to show if a file was put on the server by an outside party?

Is there a way to identify mal-ware additions of Limewire that might give an outsider greater rights to your computer?

I very much appreciate and input y'all have. We have forensic techs that could use your input to gain a better understanding of what to look for.

personal information has been edited to conform with forum rules..if it had been the business number I might have let it stay, but certainly not a cell phone number

running a program called HiJackthis will help determine if the machine is pwned in some way...and of course running various other scanners will also help determine just what is up with it...there have been users who occasionally post here saying that this type of event has happened to them, though I cannot in any way verify the veracity of their claims...it is of course possible...

to answer your question re: logging....once LW is shut down it is supposed to clear any memory of what it has searched for or downloaded...once in the library a record is kept of how many hits and uploads have occured (afaik...its been a long time since I used LW)...

the first thing I would do if I were you is to talk to the prosecutors and see exactly how this person was caught....I suspect he has been caught dead to rights by the cybercrimes unit and is guilty as all hell...if he is being prosecuted by Austin then he can count his lucky stars its not Williamson County....just because he is underage (you don't specify what age) has no bearing on his innocence or relative innocence....if he is 13 years old and is into 9 year olds then he has a problem, and that needs to be dealt with....the commonly used term for such people is predator...

from what I am aware of concerning the cybercrimes unit he is most likely hosed....they catch people by doing their own logging....you of course as the defender of this person have the right to have the machine looked at by your own computer specialist who will be able to determine various things like if the pictures/videos were viewed and such....one might also be able to identify what the browsing habits of the user are also...and of course the prosecutor will do exactly the same type of research....

__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This

Location: Louisiana

I can't go into identifiable specifics yet, that's why it is simple "underage", but using your situation above, should he still be charged as an adult?

The PC is in the possession of the State, and we're beginning the work to get a forensics copy. For now, we're sensing innocence (and presuming innocence) but with complete understanding that it could go the other way. However, we have seen unjust charges leveled in other instances in other states, and are merely trying to ensure that the charges are legit. If not, they should be dismissed.

Any suggestions that y'all have would be appreciated.

The very least you can do is look at the time the file was created.

Also, he can't verify a file without looking at it. If the "security experts" opened the file before doing a (very careful) backup (which kept the disk-intern metadata), the access time has been changed, so you can't find out, if he even looked at the file. This shouldn't be the case, if law enforcement worked with care, though.

The creation time should still be intact, though. You could check that with the logged time.

Also: Did he download the file himself?

Can you check if the LimeWire has been tampered with? There are some worms anv vira which manipulate a LimeWire to spam. If the LimeWire was manipulated, your underage is the victim of criminal worm or virus authors who stole control of his computer.

The Storm-Worm for example is said to have control of more than one million computers around the world.

This would at least give him plausible deniability.

(What we learn from this: Don't use Windows...)

__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.

nope, he should not be charged as an adult for simply possessing images or videos....if he has done other things though, then that is a different story...and his age is a big factor....if he is 17 or above then he is really not a child anymore, and is legally at an age where underage and of age many times conflicts in various ways....

what I've been finding highly disturbing is that people who are caught in cybercrime stings (ala Dateline style) and haven't actually done anything yet, and those caught with images and stuff are getting far stiffer sentences than those that are actually abusing children....I don't in any way justify those that make online dates with 13 year olds, but in that scenario the supposed 13 year old is apparently willing...that is a far cry from a person who rapes unwilling children....

__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This