How police search for clues in cyberspace

By Charles Arthur,Technology Editor
Saturday 18 January 2014 02:45

Holly Wells and Jessica Chapman were using a computer between 5.11pm and 5.35pm on the day they disappeared. Days of investigation of the machine's hard drive will have turned up dozens of clues about any sites and chatrooms the girls visited.

The main questions are whether any discussion was logged automatically by the machine (some do; others do not), and whether anyone they talked to was the person who may have abducted them.

If an abductor set up a meeting, he might have persuaded the girls to delete the files with the log of their discussion.

"When you access the internet on a computer, it keeps track of virtually everything you do," said Gordon Stevenson, managing director of the data recovery firm Vogon, whose experts helped to convict Gary Glitter.

"Every event that happens in the computer will have time storage details of the time and date it occurred."

The details would be in temporary files, normally deleted after a few days. But nobody has used the computer since the disappearance, so they would have been retained. Older records would be retained on the hard disk, as the data itself is not deleted directly – only the index "pointer" to where it is stored. Finding that data is an expert task – but could provide the missing log, if it exists.

Mr Stevenson, who founded Vogon in the 1980s, said chatrooms were run on an anonymous basis but the police would have no trouble tracing the identities behind the sign-ons.

"You would need the co-operation of the internet service provider (ISP), but in an investigation like this they would give all the details," he said. "There will be a digital trail."

The problem that would remain for the police would be linking the identity of the computer user to a location.

The ISP should have a record of who has dialled in at what time; from there it would be a question of matching the phone number to a location – a routine task.