(Page 2 of 2)

While organizers are used mostly in white-collar crimes, they have also been helpful in homicide investigations. When the police were investigating the murder of 7-year-old Danielle van Dam near San Diego last February, for example, they copied the contents of four computer hard drives and a Palm Pilot belonging to the man who was convicted in the case, David A. Westerfield.

Advertisement

In a recent homicide case in Texas, the assailant turned out to be a person on the contact list in the victim's organizer. "It was a close personal friend who did it for financial gain," said Amber Schroader, who is director of forensics for Paraben, in Orem, Utah, and helped with the investigation.

The police will often seize a suspect's organizers to establish a link with the victim, check on alibis or determine motivation. In an attempted homicide case that Dr. Leibrock recently worked on, the suspect planned his day around his victim's schedule, which he kept in his Palm. The man, whom Dr. Leibrock described as obsessive compulsive, also kept detailed notes of his fantasies about the woman on the device. "He was going to capture this woman, tie her up and have his way with her," Dr. Leibrock said.

People are remarkably truthful on their personal digital devices - even when they are lying elsewhere. Federal investigators from the Department of Health and Human Services will use doctors' own organizer schedules to catch them for falsely billing for Medicaid and Medicare patients they have never seen. (Investigators don't need a warrant for these searches, since doctors agree to make records available as a term of their participation in the programs.)

Organizers are rarely encrypted or password-protected - even when criminals take similar precautions in other electronic formats. "If you went to their desktop machine they would have a good 5 to 10 passwords," Ms. Schroader said. "But when it came to their P.D.A. they felt it was so close to them that they didn't need it."

In fact, investigators often find passwords for protected desktop or laptop computer files stored on suspects' hand-helds.

Even when Palms are encrypted, they are remarkably easy to crack, said Joe Grand, the principal engineer at Grand Idea Studio, a product design firm in Boston, who has analyzed the security flaws in the Palm operating system.

Organizers are easy to locate, because they are almost always found with individuals or in their cars. As a result, the devices themselves even help in identifying bodies. In a suicide case in Virginia in March, for example, a decomposing body was found on the Appalachian Trail with a hand-held but no wallet or other identification. When the device was cleaned off and powered up, it revealed the name of the 55-year-old Maryland man who had shot himself.

Previously the information now found in one place may have been scattered in various locations - wallets, desks, cars and even dumpsters.

"It gets a little disgusting sometimes when you have to dig through their trash for their bank statements," said Joshua Holzer, a special agent with the Commerce Department's Office of Export Enforcement, which is responsible for preventing certain goods from being exported to countries like Libya and Iran. In tracing suspicious American companies, the agents often search for account numbers to subpoena bank information to look for money transfers from foreign banks.

But now, Agent Holzer and fellow investigators have begun to find account numbers stored neatly on the hand-helds of suspected export violators. "It saves us from the white spaceman suits and jumping into the big Dumpster," he said.

As with computer hard drives, deleting something on a hand-held doesn't make it really gone.

"Things people think are deleted are still retrievable," said Larry Gagnon, a detective with the Peel Regional Police in Ontario. "Whereas if you rip up a piece of paper and throw it out, it's gone for good."

Investigators say that organizers have also been used to commit crimes. In a case in Texas, a government employee was caught using his Handspring Treo to transfer child pornography. "When we pulled the guy in to do an interview, what does he have on his pocket but the wireless device," said Jamey Tubbs, a federal law enforcement agent who worked on the case. "We seized it right then and there."

In another case earlier this year, a Fortune 500 company in the Chicago area discovered that an employee was using his company-issued Palm to steal patent applications bit by bit. "It totally blew their mind," said Thomas Rude, a security consultant from Atlanta who was called in to investigate the case.

Hand-held analysis may become even more fruitful over the next few years as the devices become more sophisticated and gain wireless capabilities. A person's movements can often become a critical issue in civil and criminal investigations.

Michael Burnette, director of information technology at an Atlanta law firm, Rogers & Hardin, made an interesting discovery when he was asked to do forensic analysis on a BlackBerry, the popular wireless device. Because BlackBerries are always on to receive e-mail, they constantly communicate with the network around them and create an internal ledger of the nodes they have recently talked with. "It's moving around with you and telling a story about you," Mr. Burnette said. "But then again, it has to be intimately intertwined with who you are in order to be as useful as it is."