After a St. Louis County grand jury indicted Gov. Eric Greitens on felony invasion of privacy charges for allegedly taking a photo of a partially nude woman with whom he was having an affair, his attorneys denied a photo existed.
This week, an assistant with the St. Louis County circuit attorney has acknowledged they don't possess the photo that was allegedly taken without the woman's consent, but they intend to get it.
The indictment alleges a photo was taken and "transmitted in a way that it could be accessed by a computer." However, the acknowledgment by the prosecutor's office has raised questions as to whether the photo still exists, as well as if it could be retrieved from a camera or cellphone used to take it or computer used to store it.
While it is easy to erase an image or information from a cellphone, computer, memory chip or other device, it can also be easy to retrieve that information with the right knowledge and tools, a law enforcement instructor said.
Assistant Professor Anshuman Singh of the University of Central Missouri in Warrensburg launched a program in 2015, which is part of the law enforcement training the university offers. The training prepares students to become criminal investigators who can be expected to piece together forensic evidence from phones and computers.
"If you are looking to retrieve information, you look at digital artifacts that are left," he said. "On a cellphone, it's the flash memory. Even when it is powered off, you can still find some bits. Now, if someone is sophisticated enough to remove a handle, then you would have a more difficult time."
A handle, he explained, is another word for username, which can be used to identify people online.
"You can't get access without a handle," he said. "That's the same for computers whether they be desktop or laptop or Mac or Windows."
Singh said it might be easier to retrieve information from a computer versus a cellphone.
"With a computer, you have to have easy access to acquire an image of the hard drive," he said. "Once you get that image, a person can analyze what's left behind.
"For phones, especially the Apple iPhone 6 or later versions, those are more challenging. Apple let people create pass codes, which are longer than what you normally see," he said. "If that feature is enabled, it's more challenging for experts to retrieve data."
Singh said forensic investigators take an image of the entire memory of a device, then run a software analysis to get into the application data for all apps on a phone or device. This could be the device's photo app or third-party apps that allow for taking photos.
"Any of those apps have their own space for data and can be easily accessed," he said. "Apple phones are harder to get images off their system. But if law enforcement asks them to, it can be done. It's not as hard on an Android, not as hard with computers. The browser keeps all data for browsing history and the activity log.
Chairman of House panel: Lawmakers' sole duty is to determine facts behind Greitens indictmentRead more
"If you're on Facebook and you delete a post, it's still there on the Facebook server," he said. "You just don't have the handle to get to the post anymore."
If someone tries to delete a browsing history, it can be retrieved, Singh said.
"Most of the systems do logging. Any action we take on a computer is logged," he said. "That information is still there. Only a very few, like a professional hacker, would be able to successfully get that off a computer, so most of the time there are still some artifacts on drives that could be picked up."
Singh said law enforcement agencies are training people to do information retrieval and many use Cellebrite, an Israeli company he said claims to get some of the toughest information out of phones. He said they work only with law enforcement agencies, including the FBI.
"What authorities are wanting to do is make sure they maintain the chain of custody of evidence and make sure it's admissible in court," he said. "If they are not careful, then it may not be accepted in court. "
Singh said the risk of personal data being shared isn't limited to when you dispose of your old phone or computer. Data is shared by cellphone companies throughout the current life of the phone as they sell data from their customers to potential advertisers.
"Although (companies) say they don't look at personal information, that seems to be the current business model," he said. "They sell data to advertising firms, and we should be careful about where data is stored, whether that's on physical drives or on the cloud.
"Most companies say the cloud you can access from anywhere," he said. "Customers agree to terms which no one reads. They waive rights, and that allows the companies to sell to potential advertisers."
The FBI and Missouri Highway Patrol declined to comment for this story.