ARCHIVE 11/21/08: Detective Defends Forensic Exam of Benoit Wikipedia Hacker’s Computer. I Don’t Buy It.

ARCHIVE 11/21/08: Where Are They Now? Congressman Bobby Rush
May 20, 2009
ARCHIVE 10/21/08: Open Letter to the Benoit Wikipedia Hacker
May 20, 2009

This morning Detective Chester Perkowski of the Darien, Connecticut, police called me.

Detective Defends Forensic Exam of Benoit Wikipedia Hacker’s Computer. I Don’t Buy It.

Friday, November 21st, 2008

This morning Detective Chester Perkowski of the Darien, Connecticut, police called me. I appreciated his willingness to explain further what I have concluded was a grossly inadequate examination of the computer of Matthew Greenberg, the Benoit Wikipedia hacker.

Perkowski did not persuade me that a serious effort was made to determine where Greenberg might have picked up on the Internet rumor that Nancy Benoit was dead on Sunday, June 24, 2007, before posting the rumor as fact at Wikipedia, many hours prior to the discovery of the Benoit family bodies.

But I also acknowledged in our conversation — as I have on this blog — that the root problem lies not with Detective Perkowski and not with the Stamford Police Department, which commissioned him to examine the computer. The root problem is in Fayette County, where sheriff’s investigators, for whatever reason, decided from the get-go to define the scope of their task as simply confirming that Chris Benoit committed the double murder and suicide. They went out of their way to proclaim outside that scope what my investigation reveals as child’s play: exposing the highly suspicious timeline of the weekend, which in turn illuminates the pathological culture of pro wrestling.

Chief among the open mysteries is why it supposedly took Chavo Guerrero and Scott Armstrong more than 24 hours to alert World Wrestling Entertainment officials to Chris’s alarming series of text messages to them. Having arbitrarily decided that the timeline didn’t matter, the sheriff asked a Stamford detective to question Greenberg, and in so doing evidently didn’t mention that it might be a pretty darn good idea to ask him about Guerrero. (In the course of a wide pattern of Wikipedia vandalism, Greenberg had removed defamatory material from Guerrero’s Wiki page!)

In this same see-no-evil motif, the Stamford detective then asked Darien’s Perkowski to look at Greenberg’s computer, but didn’t instruct him to look closely for the exact wrestling news and fan sites that Greenberg had visited, from which he  may have picked up on Nancy Benoit rumors. Instead, Perkowski understood his charge as finding out only if there was information on the computer connecting Greenberg to the commission of the crime. Of course, there was not. (To reiterate, Perkowski’s entire report consists of a bit of throat-clearing followed by a one-sentence conclusion.)

In our conversation today, I asked Perkowski if his exam really turned up no Internet history whatsoever. He said that, yes, there was some Internet history, but not very much and nothing important enough to cite in his report (with the disclaimer, again, that he considered his task to be finding Greenberg’s connection to the crime, not to the coincidentally or not-so-coincidentally true rumors about the crime).

Finally, Perkowski volunteered the thought that a heavy web browser such as Greenberg might have routinely used software that scrubbed clean his Internet history. Such programs keep the computer’s “cache” from overloading and slowing down performance, and have the added benefit of removing possibly embarrassing information.

But this blog’s ad hoc high-tech forensics consultant, Kevin Ripa of Computer Evidence Recovery (http://www.computerpi.com), was unimpressed by the detective’s explanation.

“Most history-scrubbing software is a joke,” Ripa told me. “In almost any other industry, the people peddling products like the best-known ones would get sued for false advertising. I’ve been involved in cases where files were not only cleansed, but also allegedly deleted altogether, and I was still able to recover data. If the Connecticut report couldn’t recover data, it at the very least could have recovered evidence confirming that scrubbing software had indeed been used.”

The next questions on this blog go to Matthew Greenberg directly.

Irv Muchnick

Comments are closed.