AFFIDAVIT

  I, K. Gus Dimitrelos, am a certified cyber and mobile forensics expert.

  1. I am a retired US Secret Service agent and began cyber forensics in 1996 getting certified by the Royal Canadian Mounted Police and US Treasury CIS2000 program.  
  2. I am certified in International, US Federal and US State Courts as a Digital Evidence Forensic Expert.
  3. I am certified in US Federal and US State Courts as an Expert in Cellular Historical Data Reconstruction (Cellular Triangulation).
  4. I am currently contracted to provide cyber investigations, computer and mobile device forensics, and provide training to the Alabama Securities Commission in fraud related cases including fraudulent ICOs, online financial fraud schemes, and securities fraud.
  5. I develop courses and teach dead-box and network-based forensics and data breach investigations in various environments including Linux, PC and OSX environments.  
  6. I am a Certified Ethical Hacker and perform penetration testing and vulnerability assessments on Government Infrastructure networks and small to medium corporate networks.
  7. I have been contracted since 2007 by the US Department of Justice-US Attorney’s Office (DOJ-USAO) to conduct cyber investigations and cyber and cellular forensics and collect, examine, investigate and testify in cyber and cellular cases for all federal agencies and more than 40 state and local police departments.
  8. I conducted over 1000 computer examinations and mobile device forensic examinations for DOJ-USAO and thousands more in defense and civil matters.
  9. The last contract for services and testimony for the Department of Justice, US Attorney's Office was an email forensics examination related to alleged fraudulent email and email activity. 
  10. I am an instructor for the Regional Counterdrug Training Academy teaching the course I wrote titled Cellular Triangulation and Mobile Device Forensics for Law Enforcement.
  11. I am a US Department of State contracted lead instructor, course developer and cyber program coordinator for the Global Cyber anti-Terrorism Assistance program (GATA).
  12. I perform cyber investigations or cellular triangulation services for corporations including Toyota Tsusho of America, DHL, State Farm and Allstate.
  13. I am an expert consultant to the defense in the USA v Kevin Watkins appeal.  Funding for my services as an expert consultant to the defense is being waived as Mr. Watkins is innocent and has been serving a prison sentence based on a fabricated document which purports to be an email.  In my testimonial history, these types of examinations and testimony exceed $10,000.00 but no charges are being sought in this matter.
  14. I have requested the complete images of the alleged email but have not received any as of this affidavit and the information contained within this affidavit reflects my 24 years experience in digital evidence analysis and specifically, email evidence analysis.
  15. I have reviewed a printed document in this matter which is allegedly an email containing Mr. Watkins. I am summarizing my findings however, Electronic Mail contains additional artifacts not available for me to review as of this affidavit writing.  Without these artifacts which include email headers and the analysis of the computer system alleged to have created the email, my summary was based on my 24 years of experience and expert opinions.
  16. If the email was provided in a printed format whether printed on paper or printed as electronic documents such as PDFs, they have no authenticity and can easily be manipulated or falsely created.
  17. Email inherently has additional metadata known as an email header which contains Email network routing, creation date and time, distribution, email content, submission date and time, delivery date and time and other artifacts which can be used to validate the Email communication.  
  18. Any and all computer based evidence and artifacts requires a cyber forensics analysis to determine the nature and authenticity of the email. 
  19. I can easily replicate the ease of creating or modifying what appears to be an email.
  20. Using the simple and novice modification techniques, it can take me seconds to alter a single email and minutes to alter thousands of email.  
  21. If an analysis of the computer system which allegedly authored and contains the email is not conducted, the email provided in this matter in any format are to be treated as forensically unsound and should not be permitted as actual evidence of email.
  22. If an analysis of the email platform (i.e. Hotmail, Yahoo, Outlook, GMail, etc.) which allegedly authored and contains the email is not conducted, the email provided in this matter in any format are to be treated as forensically unsound and should not be permitted as actual evidence of email.
  23. If an analysis of the accuser’s computer system which allegedly received and contains the email is not conducted, the email provided in this matter in any format are to be treated as forensically unsound and should not be permitted as actual evidence of email.
  24. If an analysis of the accuser’s email platform (i.e. Hotmail, Yahoo, Outlook, GMail, etc.) which allegedly received and contains the email is not conducted, the email provided in this matter in any format are to be treated as forensically unsound and should not be permitted as actual evidence of email.
  25. Manipulation of email or creation of email can easily be authored using simple document editors Microsoft Word, Google Docs, and any other text software which is installed by default on computer operating systems.  
  26. Manipulation of email headers can also easily be authored using simple text editors, Microsoft Word, Apple Pages, and any other text software which is installed by default on computer operating systems.  
  27. Using the freely available and simple text editors, any fields can be modified including the  content of the message, subject, to, from, date and time and any other email fields.  
  28. Because the delivery of alleged email was in printed format by hand, the alleged computer system which allegedly received the email must be analyzed. 
  29. Conducting a computer forensics analysis will allow an expert to determine if someone other than the actual computer email recipient or sender deliberately created fake the email as retaliation and intending to do harm 
  30. If an unknown person created email using another person’s email account and/or computer and then deleted the email, they can only be recovered by a forensic examination of the source computer system or email account. 
  31.  Only a computer and email platform analysis can validate or challenge the authenticity of the email.
  32. Because of the failure to validate, restore or otherwise analyze the originating email, it would be impossible to properly render any conclusion other than the email presented in this matter can not be considered true and verifiable.
  33. Therefore, forensically unsound practices and a fake email as evidence was used to wrongfully convict Mr. Kevin Watkins. I respectfully request access to and analysis of any and all computer systems, email platforms and any other storage media which contain the alleged email.  
  34. Any other conclusions or decisions would result in opinions and results would circumvent decades of sound forensic practices and would be a completely unorthodox.  

    ___________    ______________________

    K. Gus Dimitrelos
    CEO - Cyber Forensics, Inc
    Retired - US Secret Service