Forensic Analysis, Computer Forensic Cases
computer forensics, forensic analysis, expert forensic testimony
page-template-default,page,page-id-15139,paged-3,page-paged-3,ajax_fade,page_not_loaded,,qode-child-theme-ver-1.0.0,qode-theme-ver-7.6.2,wpb-js-composer js-comp-ver-4.5.3,vc_responsive

What We’ve Done

Child Pornography, Plea Agreement

State of Arizona vs. Matthew Bandy

After a cybertip from Yahoo! that contraband images had been uploaded to a Yahoo! Group, 16 year old Matt Bandy was arrested and charged with possession of child pornography. Although Bandy maintained his innocence and passed numerous lie detector and psychosexual tests, he faced approximately 90 years in prison. Loehrs was hired to examine the Bandy computer where her preliminary findings revealed approximately 200 viruses, Trojans and other malware that may have been responsible for the activity. Before any additional forensics analysis was conducted to determine the extent of the unwanted intrusions, the State offered Bandy a plea agreement with no jail time and no sex offender registration.

Download the PDF: Technology Entraps the Innocent


Unauthorized Use, Network Intrusion, Dismissal

United States vs. Michael Keehn

07-CR 00532
Michael Keehn was employed by the Tahoma Colusa Canal Authority (TCCA) for approximately 18 years during which time he designed and implemented a software application to regulate the canal. Keehn was fired from that position when the TCCA computer unexpectedly shut down one evening a computer technician for TCCA could not get the computer to boot. It was alleged that Keehn caused the shut down by remotely accessing the computer and wiping all of the data. Loehrs was hired to conduct a forensics examination of Keehn’s computers and the TCCA computer that was allegedly wiped by Keehn. The forensic analysis revealed a virus in the Master Boot Record of the TCCA computer that would not allow the computer to boot and a simple fix revealed all of the data was still intact. In addition, Keehn was alleged to have remotely accessed the computer using a dial up modem, the only means available to access the antiquated software, but no modem was seized from Keehn’s home and the forensic analysis revealed no modem was installed on any of the computers. The case was dismissed before going to trial.

Download the PDF: Former TCCA Employee Facing Computer Fraud Charges