Unless you have used a product like Drive Scrubber 3, which overwrites deleted files, your hard drive likely contains a history of every file ever created, accessed or downloaded. Notice that I did not say which “you” have created, accessed or downloaded? It does not matter who is operating your computer when a file is viewed and then deleted. Yet, there is a presumption among police, computer forensics personnel and prosecutors in Denver, Arapahoe, and Douglas County, that any files found on your computer hard drive are possessed by you. We generally encounter this issue in Sexual Exploitation of a Child cases, C.R.S. 18-6-403, in Adams, Jefferson and Weld County.
When a file is written to a hard drive, it is considered to occupy “allocated” space. Once a file is deleted by Windows, it occupies “unallocated” space. Once someone deletes a file in Windows, Windows no longer indexes that item. The file no longer has properties like date modified, last date accessed, and date created. But, the file is stored on your hard drive platter forever, until overwritten. In the normal course of writing to your hard drive, eventually most deleted files are overwritten with new files. But, you don’t know for sure when a file is overwritten. So, you and I must assume that deleted files are still on the hard drive.
Law enforcement, police and sheriffs in Golden, Lakewood and Castle Rock possess software tools like Forensic Tool Kit (FTK) and EnCase. These software tools enable computer forensics personnel to view all the hidden files on a hard drive platter which Windows treats as deleted. Police look for evidence of a crime with these software tools. Generally, they get a lead that a person has downloaded child pornography (also known as Sexually Exploitative Material), and then they contact your Internet Service Provider for your address. They then get a search warrant and come to your home.
With a search warrant, police will come to your home looking for devices which might hold photographs, pictures or pics. They will deliver these items to a forensics laboratory like the Rocky Mountain Regional Computer Forensics Laboratory (RMRCFL). Police agencies throughout the state of Colorado are permitted to submit electronic equipment for search by the RMRCFL.
Our lawyers work with private forensic examiners in your defense. We have successfully defended clients charged with Sexual Exploitation of a Child, C.R.S. 18-6-403. It is easiest for us to do that when our clients have not spoken with police. So, if contacted by police, be smart, exercise your right to remain silent and call the experienced attorneys at the O’Malley Law Office at 303-731-0719. Together, we can protect your future.