Upload File

i, milton efrain jaque tarco, an ecuadorian citizen ... · carvajal, dr. ramiro garcia falconi,...

  • Home
  • Documents
  • I, MILTON EFRAIN JAQUE TARCO, an Ecuadorian citizen ... · Carvajal, Dr. Ramiro Garcia Falconi, Daniel Moncayo, and Veronica Asimbaya. 5. The first machine (CPU) used by Dr. Zambrano
7
1 [signature] CERT. MERRILL VER: JD I, MILTON EFRAIN JAQUE TARCO, an Ecuadorian citizen, declare under penalty of perjury that the following is true to the best of my knowledge and experience. 1. I work in the Criminology Department of the Judicial Police of Pichincha, as an expert in the area of computer forensics. I have been working in computer forensic analysis since 2009. 2. The Prosecutor General’s Office – Nueva Loja Prosecutor’s Office asked me to serve as expert and analyze the computer equipment at the Office of the President of the Provincial Court of Justice of Sucumbíos that Dr. Nicolas Augusto Zambrano Lozada allegedly used. I performed the examination together with Mr. Tulio Patricio Simba Chuquimarca, and the result of our work is contained in a report that was presented to the Nueva Loja Prosecutor’s Office. 3. Specifically, our w ork c onsisted of l ocating on t hose c omputers, on t he ha rd dr ive of the computer that was used by the author of the judgment (Judge Nicolas Zambrano), while he served as P resident of t he P rovincial C ourt of Justice, an d analyzing whether t he d igital f ile containing the text of the judgment dated February 14, 2010 existed. The Sucumbíos Prosecutor, Dr. Carlos Jimenez T., later corrected that the judgment was issued in 2011. In order to facilitate our work, the Clerk of that Court provided us an official copy of both the judgment and the order expanding a nd c larifying t he j udgment. B elow I de scribe t he w ork pe rformed, t ogether w ith several conclusions regarding an analysis of the state of operation of the equipment and the files found on t he c omputers t hat D r. Zambrano a llegedly used w hile he w orked a t t he P rovincial Court. 4. When w e arrived a t t he of fices of t he P rovincial C ourt of J ustice of Sucumbíos, we were informed that while Dr. Zambrano served as President of the Court, he used two different computers ( at di fferent t imes) t o pe rform hi s w ork a nd pr ocess t he c ourt c ases h e w as responsible f or. W hile t he f orensic copy pr ocess ( explained i n t he f ollowing p aragraph) w as being conducted at the Provincial Court of Justice of Sucumbíos, representatives of both parties were p resent, as w ell as t echnicians r epresenting the P rovincial C ourt o f J ustice o f Sucumbíos. The f ollowing w ere p resent: D r. C arlos M oreno, P rovisional J udge of Sucumbíos, D r. E nrique Carvajal, Dr. Ramiro Garcia Falconi, Daniel Moncayo, and Veronica Asimbaya. 5. The first machine (CPU) used by Dr. Zambrano has serial number MXJ64005TG, and was l abeled i n o ur an alysis as “P C-02.” T he s econd m achine us ed b y D r. Z ambrano ha s s erial number MXLO38123D, and was labeled “PC-01.” The first step we performed was to create two sets of “forensic copies” of each one of the hard drives installed in the two computers (CPUs). “Forensic co py” i s u nderstood as t he ex act i mage t hat i s cr eated o f al l o f t he d ata and information from the hard drives in a computer at a certain moment Plaintiff's Exhibit 6371 p. 1 of 7 11 Civ. 0691 (LAK) PLAINTIFF’S EXHIBIT 6371

Upload: others

Post on 26-Jan-2021

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 1 [signature]

    CERT. MERRILL VER: JD

    I, MILTON EFRAIN JAQUE TARCO, an Ecuadorian citizen, declare under penalty of perjury that the following is true to the best of my knowledge and experience.

    1. I work in the Criminology Department of the Judicial Police of Pichincha, as an expert in the area of computer forensics. I have been working in computer forensic analysis since 2009.

    2. The Prosecutor General’s Office – Nueva Loja Prosecutor’s Office asked me to serve as

    expert and analyze the computer equipment at the Office of the President of the Provincial Court of Justice of Sucumbíos that Dr. Nicolas Augusto Zambrano Lozada allegedly used. I performed the examination together with Mr. Tulio Patricio Simba Chuquimarca, and the result of our work is contained in a report that was presented to the Nueva Loja Prosecutor’s Office.

    3. Specifically, our work consisted of locating on t hose computers, on t he hard dr ive of

    the computer that was used by the author of the judgment (Judge Nicolas Zambrano), while he served as P resident of t he P rovincial C ourt of Justice, an d analyzing whether t he d igital f ile containing the text of the judgment dated February 14, 2010 existed. The Sucumbíos Prosecutor, Dr. Carlos Jimenez T., later corrected that the judgment was issued in 2011. In order to facilitate our work, the Clerk of that Court provided us an official copy of both the judgment and the order expanding a nd c larifying t he j udgment. B elow I de scribe t he w ork pe rformed, t ogether w ith several conclusions regarding an analysis of the state of operation of the equipment and the files found on t he c omputers t hat D r. Zambrano a llegedly used w hile he w orked a t t he P rovincial Court.

    4. When w e arrived a t t he of fices of t he P rovincial C ourt of J ustice of Sucumbíos, we

    were informed that while Dr. Zambrano served as President of the Court, he used two different computers ( at di fferent t imes) t o pe rform hi s w ork a nd pr ocess t he c ourt c ases h e w as responsible f or. W hile t he f orensic copy pr ocess ( explained i n t he f ollowing p aragraph) w as being conducted at the Provincial Court of Justice of Sucumbíos, representatives of both parties were present, as well as technicians representing the Provincial Court of Justice of Sucumbíos. The following were present: Dr. Carlos Moreno, Provisional Judge of Sucumbíos, Dr. Enrique Carvajal, Dr. Ramiro Garcia Falconi, Daniel Moncayo, and Veronica Asimbaya.

    5. The first machine (CPU) used by Dr. Zambrano has serial number MXJ64005TG, and

    was labeled in our analysis as “PC-02.” The second machine used by Dr. Zambrano has serial number MXLO38123D, and was labeled “PC-01.” The first step we performed was to create two sets of “forensic copies” of each one of the hard drives installed in the two computers (CPUs). “Forensic co py” i s u nderstood as t he ex act i mage t hat i s cr eated o f al l o f t he d ata and information from the hard drives in a computer at a certain moment

    Plaintiff's Exhibit 6371 p. 1 of 7

    11 Civ. 0691 (LAK)

    PLAINTIFF’SEXHIBIT6371

  • 2 [signature]

    CERT. MERRILL VER: JD

    in time. Together with the copies, we generated the hash code for the copy of each computer. A “hash code” is an alphanumeric sequence of around 80 characters that identifies the content of each computer at a certain moment in time. If any modification at all is made to a computer’s files, the hash code that is generated by a later copy will be different. So the use of hash codes serves to guarantee the integrity and the digital chain of custody of the information generated or the forensic copies.

    6. The relevant information for this document was found in computer PC-02. So hereafter I will only discuss this computer.

    7. The computer labeled PC-02 was operational (time elapsed between the first time it was turned on and the last time it was turned on) from July 14, 2010, through Sept. 13, 2012. When we made the forensic copy of its content, it generated the following hash code:

    8. Once the forensic copies were made, the Expert from the Criminology Support Unit of Sucumbíos, Police Corporal Fernando Villacis Barrera, took over the procedure. He was given copies of the hard drives (“Copy 1”). The two actual computers subject to our analysis were also placed i n hi s c ustody. Corporal F ernando V illacis B arrera p roceeded t o de liver bot h t he t wo computers (CPUs), as well as Copy 1, t o the person in charge of the warehouse at the Judicial Police of Sucumbíos, where they are cur rently. We proceeded personally t o take anot her cop y (“Copy 2”) t o t he of fices of C riminology of P ichincha, l ocated a t A ve. Mariana d e J esus a nd Ave. Occidental in Quito, where we performed our analysis.

    9. Shortly a fter beginning our a nalysis, t he ha rd dr ive w hich c ontained C opy 2 be came unreadable and i naccessible due t o an electrical discharge. Through official l egal channels we requested that a t hird forensic copy be made of the hard drive in PC-02 (“Copy 3”). As a final step, we proceeded to verify and validate that computer PC-02 had not been modified or altered in a ny w ay, w hich we did b y generating ha sh c odes o f C opy 3. T he ha sh c ode or iginally generated for P C-02 i s identical t o t he h ash c ode of C opy 3 of P C-02. T his me ans th at the computers were not manipulated, modified, or a ltered dur ing the t ime that passed between the creation of the different forensic copies.

    10. On t he ha rd dr ive f rom c omputer P C-02, w e f ound a f ile na med PROVIDENCIAS.docx, which contains s everal h undred pa ges. Around p age 24, a t ext begins that is very similar to the judgment and the expansion and clarification that the Court provided us. At the end, in the same file, are other documents.

    11. The di fferences be tween t he t ext f ound i n the f ile P ROVIDENCIAS.docx m entioned above, and the texts of the judgment, expansion, and

    Plaintiff's Exhibit 6371 p. 2 of 7

  • 3 [signature]

    CERT. MERRILL VER: JD

    clarification against which they were compared are, in our brief analysis, minor.

    12. At the time the judgment in question was issued, the judges were supposed to load them into the s ystem known as “Automatic S ystem for Ecuadorian J udicial P rocessing” (SATJE, i n Spanish).” In the city of Quito, [at the] Criminal Tribunal of Pichincha, we performed a DATA TEST th at a llowed u s to e stablish th at in itial a nd f inal h eaders were A UTOMATICALLY inserted on or ders or j udgments upl oaded b y o fficials w ith t he da te a nd t ime on t he s erver. Likewise, officials can directly modify a text (judgments, orders, and other documents) using the SATJE system before they are recorded and then served.

    13. By analyzing the metadata of the PROVIDENCIAS.docx file, we can conclude that i t

    was created on computer PC-02 on October 11, 2010, by user “CPJS.” In addition, this is one of the Users of the operating system installed on that computer. The last date on which the file was modified is March 18, 2011, and the last date it was opened was September 10, 2012.

    14. The an alysis o f t he m etadata o f t he forensic co pies, l oaded i nto available f orensic

    software ACCESS DATA FTK, also allowed us to conclude that the total editing time for the file PROVIDENCIAS.docx w as 3,571 hour s. “ Editing t ime” i s und erstood as t he t otal a mount of time th e f ile w as o pen, n ot e xclusively th e time d uring w hich it w as a ctively b eing written/modified.

    15. Likewise, a review of the Operating System files, specifically the USB port event LOG,

    shows that there is a history of connections to USB ports, with dates of connection and removal from the unit during 2012. The analysis established that no external USB units were connected to the computer labeled PC-02 before that year.

    16. Based o n t he f orensic a nalysis p erformed, w e d etermined t hat t he co mputers ar e n ot

    protected b y any ki nd of ope rating s ystem pa ssword. T he f ile P ROVIDENCIAS.docx i s not password protected. Given in Quito, on October 21, 2013 [signature] MILTON EFRAIN JAQUE TARCO ID 0502339815

    Plaintiff's Exhibit 6371 p. 3 of 7

  • Plaintiff's Exhibit 6371 p. 4 of 7

  • Plaintiff's Exhibit 6371 p. 5 of 7

  • Plaintiff's Exhibit 6371 p. 6 of 7

  • Plaintiff's Exhibit 6371 p. 7 of 7

    Previous Document


LUIS XAVIER FALCONI - archivos.chimborazo.gob.ec

Agua - Darío Falconi (El Mensú, 2014)

Libro Proyectos Armando Tarco Sanchez

Análisis Estructural - Roberto Falconi

Verdadeiro poder-falconi

Innovación en Perú Giancarlo Falconi

Analisis Estructural Roberto Aguilar Falconi

Falconi, María Inés - Sobre ruedas

6.lavado de manos falconi

Francesco Falconi, "Muses"

Proyecto de-vida-de-evelyn-tarco-copia

O Verdadeiro Poder-Falconi

Vicente Falconi - Como Escolher Uma Equipe0001

Calidad Falconi

Perdao Gera Saude (Armando Falconi Filho)

Vicente Falconi - Motivação real

Tarco sale

Texto - O Verdadeiro Poder - Falconi

Exposición: Las Vacaciones Gabriel Ñaccha Tarco 3 ero A de Primaria

Dylatacje TARCO 12 Lat Doswiadczen

Vicente Falconi - O Verdadeiro Poder

040 Session 4A Muzi Falconi - bledcom.com 4A_Muzi Falconi... · BledCom . Title: 040_Session 4A_Muzi Falconi Created Date: 7/17/2018 2:52:11 PM

Cristina Falconi G deber

Informe Diseño Falconi Ocampo PazmiñoJ PazmiñoD

Pineida tarco alexandra

Verdadeiro Poder Falconi

Presentación splgou milagros tarco salcedo

TARCO WINDY 400 Leaf Machine The Educational Services

revistamelhorespraticas.com.brrevistamelhorespraticas.com.br/novo2015/admin/uploads/indice_f... · O verdadeiro Poder, Vicente Falconi, fundador e líder da Falconi Consultores de

Ana María Falconi Del Pozo

O VERDADEIRO PODER - VICENTE FALCONI

Falconi,FE SolutionOfTheWarpingTorsionUsing

22C-6e-20190506162521...Werner Müller Racing Team Tarco Tarco Racing Team Juchheim Zeitnehmung: FiPe sports results Nat. AUT AUT AUT AUT AUT AUT AUT AUT AUT Nr. Name Jahrg. 2010

Apresentação Zaclis Falconi

Vicente Falconi Campos