Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
9/22/2017 12:11:25 AM
Posted: 10/2/2005 2:54:03 PM EDT
It is known that BTK was caught because of a floppy disk he sent authorities and that they were able to track down the computer and user on that computer it came from.

I'm just curious how one can determine that a random floppy disk was used in a particular computer. So if someone could explain thanks.
Link Posted: 10/2/2005 2:55:44 PM EDT
Depends on what was on the disk. If it was a DOC file then there is info unique to the computer MS Works puts in the DOC file.

-Foxxz
Link Posted: 10/2/2005 2:56:01 PM EDT
Wow, is that how they got him? Didn't know PCs tagged floppies like that.
Link Posted: 10/2/2005 2:56:12 PM EDT
tag
Link Posted: 10/2/2005 3:00:08 PM EDT
Use notepad and they can't track you with a GUID
Link Posted: 10/2/2005 3:01:57 PM EDT

Originally Posted By Foxxz:
Depends on what was on the disk. If it was a DOC file then there is info unique to the computer MS Works puts in the DOC file.

-Foxxz



Correct. MS Word used to copy down your MAC address onto all of your documents. They were eventually called on it, and I don't think they put that specific number down anymore.

It's one of the ways how we caught the maker of that huge virus a couple years ago. What was it, Melissa or something?
Link Posted: 10/2/2005 3:03:13 PM EDT
Just to clarify, according to 48 hours on CBS BTK ASKED authorities if he sent them a floppy if they could track him, they said no, so he sent a floppy presumably with something he wrote on it that he had written on a PC at his church. On 48 hours it said they could tell that a user Dennis had used the computer.

I can see how they could figure out how many Dennis's had access to a computer once they found the computer, but how did authorities determine that the floppy had come from this particular computer?

What unique information does the floppy give? A physical address, an IP address, what?
Link Posted: 10/2/2005 3:18:44 PM EDT

Originally Posted By rtr:
I can see how they could figure out how many Dennis's had access to a computer once they found the computer, but how did authorities determine that the floppy had come from this particular computer?

What unique information does the floppy give? A physical address, an IP address, what?



The floppy itself has nothing. it would be application data or OS data that got written to the floppy that would have to be used to trace the floppy's history.
Link Posted: 10/2/2005 3:26:01 PM EDT
MS Word will put in Name and organization if the computer had that information entered on install.

-Foxxz
Link Posted: 10/2/2005 3:37:34 PM EDT
AFAIK the FBI simply recovered deleted files from the disk that identified him by name and his church.
Link Posted: 10/3/2005 7:56:45 AM EDT

Originally Posted By rkbar15:
AFAIK the FBI simply recovered deleted files from the disk that identified him by name and his church.



Correct.
I haven't heard the part about identifiying him by name, but the name of the church was in one of the files that had been erased on the floppy.
Once they used an "Unerase" utility, all they had to do was look up the church in the phone book.

If he had used a fresh, new floppy disk, he'd still be out there killing.

You want to know the real reason they caught him?
About 6 weeks before the floppy showed up, a Baptist church in the area had a "BTK Service".
300 people of different faiths showed up.
All they did that night was have different ministers lead in prayers that BTK would be caught.
The entire service was spent praying for his capture.

In all the years that he had been terrorizing that community, that was the first time they had come together just to pray for an end to the crime spree.

Awesome!
Link Posted: 10/3/2005 8:19:01 AM EDT
[Last Edit: 10/3/2005 8:20:14 AM EDT by LoginName]
In a related incident that shows how computer forensics types can track a person down...

I recall watching a "true crime" type program awhile back (details might be a bit sketchy).

There was a serial killer who was kidnapping, torturing and killing women in his basement and he was video taping it.

I believe he was playing mind games with the police and he sent them a map he had printed out showing the location of one of the bodies.

The map he had printed out came from an online map service (like Mapquest, except that it wasn't Mapquest).

Investigators went to all the online map sites, entered the location and compared the results to the map the killer had sent them.

Because of the differences in the way the map was displayed (in this case it was the text), they were able to determine which map service he used.

Armed with that info they were able to obtain the server logs and determine the IP of the person who had searched for that particular map location.

They placed the persons house under surveillance and were able to obtain enough evidence to get a search warrant.

When they searched the premises they found the videos that the killer had been taping.

Anyone remember this case and/or the full details?
Link Posted: 10/3/2005 8:28:32 AM EDT
Link Posted: 10/3/2005 8:40:29 AM EDT
I thought they caught him because one of his family members was suspicious and tipped off authorities.


Wait a sec, MRW, you met that psycho?
Link Posted: 10/3/2005 8:46:31 AM EDT

Originally Posted By mini14jac:

Originally Posted By rkbar15:
AFAIK the FBI simply recovered deleted files from the disk that identified him by name and his church.



Correct.
I haven't heard the part about identifiying him by name, but the name of the church was in one of the files that had been erased on the floppy.
Once they used an "Unerase" utility, all they had to do was look up the church in the phone book.

If he had used a fresh, new floppy disk, he'd still be out there killing.

You want to know the real reason they caught him?
About 6 weeks before the floppy showed up, a Baptist church in the area had a "BTK Service".
300 people of different faiths showed up.
All they did that night was have different ministers lead in prayers that BTK would be caught.
The entire service was spent praying for his capture.

In all the years that he had been terrorizing that community, that was the first time they had come together just to pray for an end to the crime spree.

Awesome!



So God only stops killing sprees if approx. 300 people pray for it at the same time? What a loving god.

If that's the case then get 300 Baptists to pray for an end to all crime in the US. That would be great!

Back to the topic, though, it is interesting how BTK made that mistake. But, he wanted to get caught. He wouldn't have made contact with the FBI if he really didn't want to.
Link Posted: 10/3/2005 8:55:47 AM EDT
He was the only one in town who was still using floppy disks?
Link Posted: 10/3/2005 8:58:03 AM EDT
On the technical side, whenever you erase a file from any magnetic media disk, the operating system only marks the space on the disk where the file resided as 'available for write'. This means the file is there until the system actually overwrites the data.

Now I have heard tell of forensic tools that actually detect the magnetic traces from the drive all the way back to the original format. This supposedly can pick up any file that has been written to the drive from the beginning. Sort of like the old days of cassette recorders where you would get a mix of sounds when you recorded over the top of a tape that already had something on it. Even if you recorded no sound level over it before re-recording something new, you still got trace audio at low levels.
Link Posted: 10/3/2005 8:59:13 AM EDT
48 Hours also stated that the police obtained dna sample from his daughter prior to arrest for another confirmation. It was from her pap smear at college. I didn't catch if she volunteered it or they got it with court order
Link Posted: 10/3/2005 9:04:02 AM EDT
[Last Edit: 10/3/2005 9:04:24 AM EDT by rtr]

BTW- I met the man two years ago and shook his hand in his office in Park City. He wrote me a ticket for not having an outside dog house for my inside dog... He dismissed it when I went in and bickered with him


Wow, good thing he didn't kill you
Link Posted: 10/3/2005 10:09:42 AM EDT

Originally Posted By BenDover:
On the technical side, whenever you erase a file from any magnetic media disk, the operating system only marks the space on the disk where the file resided as 'available for write'. This means the file is there until the system actually overwrites the data.

Now I have heard tell of forensic tools that actually detect the magnetic traces from the drive all the way back to the original format. This supposedly can pick up any file that has been written to the drive from the beginning. Sort of like the old days of cassette recorders where you would get a mix of sounds when you recorded over the top of a tape that already had something on it. Even if you recorded no sound level over it before re-recording something new, you still got trace audio at low levels.



With the use of hardware forensic recovery tools it may be possible to recover "shadow data" and data that has "seeped" into the magnetic recording media. Shadow data is data that is written by misaligned or normal variations in head alignment that remains after secure wiping of that data. Seeping or vertical layering occurs due to physical flaws in the storage media and variances in the ability of the platters coating to hold a magnetic charge.
Link Posted: 10/3/2005 10:14:22 AM EDT

Originally Posted By mini14jac:

Originally Posted By rkbar15:
AFAIK the FBI simply recovered deleted files from the disk that identified him by name and his church.



Correct.
I haven't heard the part about identifiying him by name, but the name of the church was in one of the files that had been erased on the floppy.



Supposedly the name Dennis was referred to in one of the church documents. In any case that POS is behind bars now. Hopefully he will get whacked in prison.
Link Posted: 10/3/2005 10:20:04 AM EDT
maybe they used his name and address writen on the front of the disk
Link Posted: 10/3/2005 10:22:09 AM EDT

Originally Posted By steve-oh:
I thought they caught him because one of his family members was suspicious and tipped off authorities.


Wait a sec, MRW, you met that psycho?



That is correct, his daughter turned him in. They lied to BTK about the floppy to get a confession.

Shok
Link Posted: 10/3/2005 11:32:07 AM EDT
[Last Edit: 10/3/2005 11:34:55 AM EDT by MRW]
Link Posted: 10/3/2005 11:35:20 AM EDT

Originally Posted By LoginName:
In a related incident that shows how computer forensics types can track a person down...

I recall watching a "true crime" type program awhile back (details might be a bit sketchy).

There was a serial killer who was kidnapping, torturing and killing women in his basement and he was video taping it.

I believe he was playing mind games with the police and he sent them a map he had printed out showing the location of one of the bodies.

The map he had printed out came from an online map service (like Mapquest, except that it wasn't Mapquest).

Investigators went to all the online map sites, entered the location and compared the results to the map the killer had sent them.

Because of the differences in the way the map was displayed (in this case it was the text), they were able to determine which map service he used.

Armed with that info they were able to obtain the server logs and determine the IP of the person who had searched for that particular map location.

They placed the persons house under surveillance and were able to obtain enough evidence to get a search warrant.

When they searched the premises they found the videos that the killer had been taping.

Anyone remember this case and/or the full details?



I saw that show, pretty cool.

I think the guy was living with his mom and using her computer.
Link Posted: 10/3/2005 11:58:42 AM EDT
I have access and use many types of data recovery tools here at work.

You would be surprised how much data is left on electronic media even after it is "erased".

Encrypt as much as possible with the strongest level of encryption as possible.

Av.
Link Posted: 10/3/2005 12:09:30 PM EDT
[Last Edit: 10/3/2005 12:10:09 PM EDT by Beleg]
"You want to know the real reason they caught him?
About 6 weeks before the floppy showed up, a Baptist church in the area had a "BTK Service".
300 people of different faiths showed up.
All they did that night was have different ministers lead in prayers that BTK would be caught.
The entire service was spent praying for his capture.

In all the years that he had been terrorizing that community, that was the first time they had come together just to pray for an end to the crime spree.

Awesome! "

This has got to be the goofiest rationale for the power of prayer I've ever heard. What, God didn't have a plan for BTK? He was waiting for the input of a bunch of boobs who would go to church for the BTK Service? Give the Big Man a little credit; he ain't the personal concierge for a bunch of goofs from Kansas city.

Prayer is about surrendering yourself to the Will of God and asking for the strength to deal with the trials of life. It ain't a letter to the big magic Santa in the sky.
Link Posted: 10/3/2005 12:41:43 PM EDT

Originally Posted By Cleatus:
maybe they used his name and address writen on the front of the disk



That would probably be the extent of the FBI's abilities......or maybe they right clicked the file and saw "Denis /The BTK killer" as the author/owner of the .doc.
Link Posted: 10/3/2005 12:49:48 PM EDT

Originally Posted By Avalon01:
I have access and use many types of data recovery tools here at work.

You would be surprised how much data is left on electronic media even after it is "erased".

Encrypt as much as possible with the strongest level of encryption as possible.

Av.



Avalon01, Care to share any of your tools that you use? I've had to recover files (I work at a k-12 school) and the only program I've used is Active Undelete. I had to recover a file that hadn't been backup up yet. I was only fairly impressed with that program.
Feel free to IM me if you want.
Thanks.
Curt
Top Top