Tuesday, July 3, 2012

More on Ms. Amero

Well, It's been a while but it's time to reveal the reason Ms. Amero plead out during a secret, unscheduled appearance in court. This appearance was no doubt leaked to the media as they where present to interview/ photograph her upon her exit. I don't recall her granting an interview but I do remember the expression on her face which was caught on camera. I'd call it "A deer in the headlights". Following are the facts which could not be disputed by any of her supports: Mr. Horner, Mr. Ecelberry, Nancy Whatsherface, Rick Green, et al. Most of the supporters won't understand nor care and will nit pick any and all irrelevant content. Here goes.

While reviewing the evidence I  located the "curly hair styles" document (www.new-hair-styles.com/curly-hairstyles.htm). The document was modified on 10-19-2004 at 9:23am. The source code for the document included a javascripted Google advertisement banner and a javascripted pop-up advertisement for "femistim". The frame of the pop-up document was present, allowing the user to close the document by "x'ing out". CoputerCop Pro did recover the image for the pop-up document. It was created on 10-19-2004 at 9:23:08am and was non-pornographic in nature. The pop-up document included a link to the site: www. herbalsensations.com. The document for the herbalsensations.com site was also recovered. It was modified on 10-19-2004 at 9:36am. It included an advertisement banner and a secure link for ordering the product: "femistim". The school's firewall logs also showed the herbalsensations.com document was requested by the user, Ms. Amero.

Oct 19 09:26:23.188 cofirewall httpd[80]: 121 Statistics: duration=0.05 id=WDpH9 sent=342 rcvd=365 srcif=Vpn6 src=10.2.19.252/1996 dstif=Vpn5 dst=207.99.115.220/80 op=GET arg=http://www.herbalsensations.com/cgi-bin/af/b.cgi/6611/femistim.html result="302 Found" proto=http rule=2

Needless to say both Mr. Eccelbery and Mr. Horner were incorrect when they each indicated insome way shape or form that content of the "curly hair styles" document was responsible for the flood of never ending pornographic pop-ups. The source code was located in the home page:
www. new-hair-styles.com and there was no pornographic content associated with the pop-up
(www.topforall.com) which popped when Amero closed the new-hair-styles.com home page.
The source code of the home page says it all: onunload="window.open(http://TopForAll.com/cgi
-bin/in.pl?id=omystery&cate=Women')" A number of benign, date related web site ads pop-up
thereafter. The "curly hair styles" document had nothing to do with the benign pop-ups. Sorry.

I reviewed all recovered HTML documents recovered during the searches made with ComputerCop Pro for the pornographic keyword and for the hair styles keyword searches for the purpose of locating any additional pop-up windows and any included javascripting.  

There were two pornographic pop-ups which were recovered by ComputerCop Pro. These pop-ups were spawned directly as a result of Ms. Amero's request for the document: http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm on 10-19-2004 at 10:39:52am and on 10-19-2004 at 11:00:49am as logged by the school's server firewall software. The following is evidence of the facts. 

The school's firewall logs revealed that on 10-19-2004 at 09:55:40am Ms. Amero was viewing a document on the orgasm-mystery.com web site: www.orgasm-mystery.com/lesbian-orgasm-movie.htm. This document contained a number of images which included an image named: cheatinglesbians.jpg. I viewed the current example of the www.orgasm-mystery.com/lesbian-orgasm-movie.htm document. I noted the same image was included in the document and that this image acted as a link to the document: http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm. The firewall logs revealed that the http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm document was requested directly from the www.orgasm-mystery.com/lesbian-orgasm-movie.htm document on 10-19-2004 at 10:00:48am.

Oct 19 09:55:39.105 cofirewall httpd[80]: 121 Statistics: duration=0.16 id=WDwXw sent=571 rcvd=144 srcif=Vpn6 src=10.2.19.252/2843 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/lesbian-orgasm-movie.htm result="304 Not Modified" proto=http rule=2

Oct 19 09:55:40.939 cofirewall httpd[80]: 121 Statistics: duration=0.16 id=WDwXL sent=435 rcvd=146 srcif=Vpn6 src=10.2.19.252/2860 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/images/lesbians/cheatingles1.gif result="304 Not Modified" proto=http rule=2

Oct 19 09:56:28.612 cofirewall httpd[282]: 121 Statistics: duration=49.22 id=WDosS sent=494 rcvd=437 srcif=Vpn6 src=10.2.19.252/2847 dstif=Vpn5 dst=194.67.35.191/80 op=GET arg=http://u5696.40.spylog.com/cnt?cid=569640&p=1&rn=0.6280684134740159&t=240&r=http%3A//www.orgasm-mystery.com/index.htm&pg=http%3A//www.orgasm-mystery.com/lesbian-orgasm-movie.htm result="500 Unable to connect to remote system" proto=http rule=2 (Unable to connect to remote system)

Oct 19 10:00:48.432 cofirewall httpd[77]: 121 Statistics: duration=0.52 id=WDuLa sent=340 rcvd=24157 srcif=Vpn6 src=10.2.19.252/2862 dstif=Vpn5 dst=66.28.207.155/80 op=GET arg=http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm result="200 OK" proto=http rule=2

This evidence shows that while viewing the www.orgasm-mystery.com/lesbian-orgasm-movie.htm document Ms. Amero requested the http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm document by mouse clicking on the cheatinglesbians.jpg image link located in the www.orgasm-mystery.com/lesbian-orgasm-movie.htm document. The link was written to open the http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm document in a new browser window (target="_blank"), leaving the www.orgasm-mystery.com/lesbian-orgasm-movie.htm document open in its browser window. Note: Both documents contained a number of adult pornographic images.

Evidence documents recovered by ComputerCop Pro include a number of document pages from the orgasm-mystery.com web site which were created on 10-19-2004. One of the documents: http://www.orgasm-mystery.com/oral-sex-technique.htm was created on 10-19-2004 at 10:49:51am. The document included two links to the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document. One link was represented by the cheatinglesbians.jpg image, the second by text which read "CUNNILINGUS VIDEO BY Cheating Lesbians. Look at their techniques during the pussy licking action. Quality movies, beautiful models. Watch them now." The links were written to open the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document in a new browser window (target="_blank"), leaving the http://www.orgasm-mystery.com/oral-sex-technique.htm document open in its browser window. 

The school's firewall logs show the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document was requested directly from this document.

 Oct 19 10:39:18.250 cofirewall httpd[282]: 121 Statistics: duration=4.51 id=WDPwC sent=497 rcvd=26500 srcif=Vpn6 src=10.2.19.252/3629 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/oral-sex-technique.htm result="200 OK" proto=http rule=2

Oct 19 10:39:22.033 cofirewall httpd[77]: 121 Statistics: duration=0.16 id=WDNMH sent=416 rcvd=144 srcif=Vpn6 src=10.2.19.252/3666 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/images/eb3_42.gif result="304 Not Modified" proto=http rule=2

Oct 19 10:39:29.332 cofirewall httpd[80]: 121 Statistics: duration=10.23 id=WDXgC sent=506 rcvd=540 srcif=Vpn6 src=10.2.19.252/3637 dstif=Vpn5 dst=194.67.35.191/80 op=GET arg=http://u5696.40.spylog.com/cnt?cid=569640&p=1&rn=0.3340214971575809&t=240&r=http%3A//www.orgasm-mystery.com/give-a-girl-an-orgasm.htm&pg=http%3A//www.orgasm-mystery.com/oral-sex-technique.htm result="200 OK" proto=http rule=2

Oct 19 10:39:52.594 cofirewall httpd[282]: 121 Statistics: duration=0.55 id=WDPyr sent=337 rcvd=25233 srcif=Vpn6 src=10.2.19.252/3668 dstif=Vpn5 dst=66.28.207.155/80 op=GET arg=http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm result="200 OK" proto=http rule=2

This evidence shows that while viewing the www.orgasm-mystery.com/oral-sex-technique.htm document Ms. Amero requested the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document by mouse clicking on either of the two links located in the www.orgasm-mystery.com/oral-sex-technique.htm document. Note: Both documents contained a number of adult pornographic images.

I noted that written into the source code for the document: http://www.cheatinglesbians.com/t1/revs=mystery/tour1.htm, was javascripting which added the web site's URL to the user's browser bookmarks. The cheatinglesbians.com/t1 document was viewed for approximately eight minutes, from 10:00:48am to 10:08:30am, as shown by the firewall logs.

I noted that written into the source code for the document: http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm, was javascripting which opened a pop-up document. The pop-up document was: http:www.amateurnest.com/t1/exitoffer01.htm. The firewall logs contain this document which was also recovered by ComputerCop Pro.

Oct 19 10:39:54.465 cofirewall httpd[80]: 121 Statistics: duration=0.40 id=WDXiT sent=424 rcvd=11374 srcif=Vpn6 src=10.2.19.252/3670 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exitoffer01.htm result="200 OK" proto=http rule=2

The http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document was viewed for approximately six minutes, from 10:39:52am to 10:45:30am, as shown by the firewall logs. At 10:45:30am Ms. Amero logged into an aol.com account. The amateurnest.com pop-up document remained open. This was evident as javascripting was written into that document which would spawn a second pop-up document:http://www.amateurnest.com/t1/exit02.htm, when the amateurnest.com/t1/exitoffer01.htm document was closed.

Oct 19 10:45:30.561 cofirewall httpd[80]: 121 Statistics: duration=0.08 id=WDXwD sent=848 rcvd=414 srcif=Vpn6 src=10.2.19.252/3676 dstif=Vpn5 dst=64.12.193.185/80 op=GET arg=http://startpage.aol.com/?action=login result="302 Found" proto=http rule=2

I noted that the pop-up document: http://www.amateurnest.com/t1/exitoffer01.htm contained links to several pornographic web site documents. One of the site documents was http://www.vaginalcumshots.com./t1/tour1.htm. ComputerCop Pro recovered this document, modified on 10-19-2004 at 11:07:58am. The document contained no pop-ups. The school's firewall log also shows that this document was requested on 10-19-2004 at 10:57:24am.

Oct 19 10:57:24.361 cofirewall httpd[282]: 121 Statistics: duration=1.85 id=WE1sQ sent=317 rcvd=75256 srcif=Vpn6 src=10.2.19.252/3772 dstif=Vpn5 dst=66.28.207.171/80 op=GET arg=http://www.vaginalcumshots.com/t1/tour1.htm result="200 OK" proto=http rule=2

Note: This evidence reveals that Ms. Amero requested the document: http://www.vaginalcumshots.com/t1/tour1.htm, by mouse clicking on the specific link for that document, located on the pop-up document: http://www.amateurnest.com/t1/exitoffer01.htm.

ComputerCop Pro also recovered evidence, in the form of a .jpg images (Files\Content.IE5\SHEZ8PAV\header_03[1].jpg and Files\Content.IE5\STC18VS5\top[1].gif) created on 10-19-2004 at 11:07:57am and at 11:08:16am, which were from the www.vaginalcumshots.com document. The vaginalcumshots.com document was viewed for approximately three minutes, from 10:57:24am to 11:00:29am as shown in the firewall logs.

At 11:00:29am Ms. Amero closed the http://www.amateurnest.com/t1/exitoffer01.htm pop-up document. The amateurnest.com/t1/exit02.htm was spawned. This was shown in the firewall logs.

Oct 19 11:00:29.988 cofirewall httpd[273]: 121 Statistics: duration=0.34 id=WDVlV sent=258 rcvd=7716 srcif=Vpn6 src=10.2.19.252/3775 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exit02.htm result="200 OK" proto=http rule=2

Oct 19 11:00:31.045 cofirewall httpd[273]: 121 Statistics: duration=1.05 id=WDVm0 sent=423 rcvd=192 srcif=Vpn6 src=10.2.19.252/3775 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/images/consoles/bigtitsroundass.jpg result="304 Not Modified" proto=http rule=2

At 11:00:49am Ms. Amero requested the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document for a second time. Again, the http://www.amateurnest.com/t1/exitoffer01.htm pop-up document was spawned. The http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document was recovered by ComputerCop Pro, created on 10-19-2004 at 11:11:22am (computer terminal time) This was also shown in the firewall's logs.

Oct 19 11:00:49.553 cofirewall httpd[80]: 121 Statistics: duration=1.89 id=WDY4B sent=539 rcvd=25233 srcif=Vpn6 src=10.2.19.252/3776 dstif=Vpn5 dst=66.28.207.155/80 op=GET arg=http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm result="200 OK" proto=http rule=2

Oct 19 11:00:50.081 cofirewall httpd[273]: 121 Statistics: duration=19.03 id=WDVm3 sent=424 rcvd=11374 srcif=Vpn6 src=10.2.19.252/3775 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exitoffer01.htm result="200 OK" proto=http rule=2

At 11:01:22am Ms. Amero closes the http://www.amateurnest.com/t1/exitoffer01.htm pop-up document and the second pop-up was spawned gain as it should. She requests the browser home page document which is located on the school's network:   This was shown in the firewall logs.

Oct 19 11:01:22.559 cofirewall httpd[77]: 121 Statistics: duration=31.88 id=WDZzC sent=258 srcif=Vpn6 src=10.2.19.252/3778 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exit02.htm proto=http rule=2 (Unknown error)

Oct 19 11:01:34.627 cofirewall httpd[77]: 121 Statistics: duration=0.08 id=WDZCV sent=341 rcvd=207 srcif=Vpn6 src=10.2.19.252/3781 dstif=Vpn4 dst=10.1.240.2/80 op=GET arg=http://www.norwichpublicschools.org/ result="304 Not Modified" proto=http rule=2

While the http://www.norwichpublicschools.org document was loading, the http://www.amateurnest.com/t1/exitoffer01.htm pop-up document was also loaded. The firewall logs show this activity as an apparently unrequested pop-up. As such, it would most probably have been spawned by malware, malware installed on computer as a result of Ms. Amero's prior browsing of the adult pornographic document: http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm which was responsible for spawning the http://www.amateurnest.com/t1/exitoffer01.htm pop-up document.

Oct 19 11:02:00.522 cofirewall httpd[77]: 121 Statistics: duration=9.23 id=WDZF3 sent=422 rcvd=140 srcif=Vpn6 src=10.2.19.252/3782 dstif=Vpn4 dst=10.1.240.2/80 op=GET arg=http://www.norwichpublicschools.org/images/events_news_off.jpg result="304 Not Modified" proto=http rule=2

Oct 19 11:02:34.695 cofirewall httpd[282]: 121 Statistics: duration=0.36 id=WE1NY sent=424 rcvd=11374 srcif=Vpn6 src=10.2.19.252/3784 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exitoffer01.htm result="200 OK" proto=http rule=2

The http://www.amateurnest.com/t1/exitoffer01.htm pop-up document was exited and the http://www.amateurnest.com/t1/exit02.htm pop-up document was again spawned as a result of this exit. The firewall logs show this. ComputerCop Pro recovered both of these pop-up documents, created on 10-19-2004 at 11:13:07am and 11:07:37am respectively.

Oct 19 11:03:04.156 cofirewall httpd[282]: 121 Statistics: duration=29.10 id=WE1O9 sent=258 rcvd=7716 srcif=Vpn6 src=10.2.19.252/3785 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/exit02.htm result="200 OK" proto=http rule=2

Oct 19 11:03:04.266 cofirewall httpd[282]: 121 Statistics: duration=29.18 id=WE1Oa sent=423 rcvd=193 srcif=Vpn6 src=10.2.19.252/3784 dstif=Vpn5 dst=66.28.207.144/80 op=GET arg=http://www.amateurnest.com/t1/images/consoles/bigtitsroundass.jpg result="304 Not Modified" proto=http rule=2

Oct 19 11:03:11.589 cofirewall httpd[273]: 121 Statistics: duration=0.02 id=WDVoc sent=341 rcvd=207 srcif=Vpn6 src=10.2.19.252/3788 dstif=Vpn4 dst=10.1.240.2/80 op=GET arg=http://www.norwichpublicschools.org/ result="304 Not Modified" proto=http rule=2

Well, Firewall logs and HTML don't lie. Next up We'll examine Mr. Horner's testimony/ statements and compare his assumptions to more firewall logs and HTLM documents. Funny he associated the "curly hair style" document with www.hair-styles.org, wrong site. We'll also revisit Mr. Ecelberry's erroneous statements regarding the "curly hair styles" htm doc. Silly Frenchman. Se dommage.

Friday, January 30, 2009

THE TRUTH IS SOMETIMES PAINFUL

Well, It's over. The self proclaimed "popular" substitute teacher has plead GUILTY to Disorderly Conduct and has accepted being stripped of her teaching license for, as the media put it, being the victim of a deluge of unrequested, pornographic pop-ups which appeared on the computer terminal in her classroom at the Kelly Middle School located in Norwich, Connecticut on October 19, 2004. It ended during an unannounced meeting with court officials which was leaked to the media.

Following her first conviction, being found guilty by a jury of her peers of committing four counts of Risk of Injury to a Minor, the Norwich Bulletin, one of very few journalistic newspapers in the USA, ran the story noting that the maximum, possible sentence associated with her crimes totaled 40 years, not that she was sentenced to 40 years. That would be absurd. Apparently, it was not absurd to the prolific number of reporters who populate this planet, writing erroneous accounts of events they know nothing about. My favorite reporter is the one and only Rick Green of the Hartford Courant. His "CT Confidential" tale of Amero's plight is Pulitzer Prize winning fictional material. Too bad he erroneously subtitles his fiction with the phrase "What's really happening." In his latest and, hopefully, final chapter, following Ms. Amero's admission of culpability, he spins a tale of vindication. Confidential? . The best quote is:

"But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made -- even after computer experts from around the country demonstrated that Amero's computer had been infected by "spyware.""

"Spyware", I think Mr. Green means "malware". That's the stuff which infects your computer, usually after you visit those free Porn sites. Besides, the issue was not about "spyware". It was about determining the manner in which the Porn found its way to Amero's computer terminal. Was the porn requested or did it pop-up? Unfortunately the "computer experts" who include the likes of one Alex Eckelberry demonstrated nothing. None of the "computer experts" appeared or testified at Amero's sentencing hearing, prior to that event, or since that event. None of the "computer experts" have presented, published, or posted any evidence that Amero was the victim of a storm of creamy porn filled pop-ups.

The only person who testified on Amero's behalf was Mr. Herb Horner . This was during the original trial only. His testimony was limited as the defense attorney failed to disclose to the prosecution the "evidence" in Mr. Horner's possession which was collected over the course of one year. Why was there no disclosure? Why didn't Mr. Horner present the "evidence" at the sentencing hearing? He did speak of "spyware" and "adware" on the Network Performance Daily site, not "malware", however. Read it here: Attack of the Google Ad Banner and the Mysterious Curly Hairstyle Script .

Mr. Eckelberry writes of great doings, claiming responsibility for overturning the first conviction and for organizing an army of great people who did great things: The Mob Rules But, neither he nor anyone of his expert examiners ever testified in court. They would have been required to testify in order to present any evidence. Mr. Eckelberry still hasn't presented evidence. He has evidence. He wrote me concerning this document, one of many documents which make up the www.orgasm-mystery.com website, a document which was requested by clicking a link:

From: Crime Prevention [mailto:crimeprevention@norwichpolice.org]
Sent: Tuesday, March 06, 2007 11:51 AM
To: Alex Eckelberry
Subject: Re: Follow-up

Alex,

Is it a pop-up? Is it a malware generated pop-up? Or, is it a document within a site to which someone navigated? It does make a difference. Isn't the original claim that a never ending, deluge of pornographic pop-ups were launched by some nefarious script. That's the story written at Network Performance Daily.

Is the font tag for the link in the homepage source code? Is the link always red. You're right. It doesn't make a difference. It doesn't change the fact that you have one of the documents which answers the question of intent:

Click or Pop?

Mark

Tuesday, March 6, 2007 12:00 PM

From:

"Alex Eckelberry" <AlexE@sunbelt-software.com>

To:

"Crime Prevention" <crimeprevention@norwichpolice.org>

Ok -- then let's seperate this out:

I guess we all agree that red means nothing as a link color, because regardless of link color, relative links, etc., the browser was set to display links in green. Any link she would have clicked on would have been green, not red. So hopefully we can put that to rest.

Now, click vs. popups? That we can discuss at length, but I'm not comfortable in any discussion until I have a forensically valid copy of that drive and the firewall logs for that day. Can you help us get this? I'm happy to fly someone up there for the day to work on the drive transfer, using a write blocker and using the correct utilities.

Alex

From: Crime Prevention [mailto:crimeprevention@norwichpolice.org]
Sent: Tuesday, March 06, 2007 3:49 PM
To: Alex Eckelberry
Subject: Re: Follow-up

OK,

As I said from the start I'm sticking with the data recovered by ComputerCop Pro until there is contrary data recovered by a more universally accepted tool. I also maintain that any such recovered data, if presented to me, will be forwarded to the prosecution without delay.

My position on the font tag usage is based on the data recovered by the software. As I said, that tag would have to be present in the source code for not only the document associated with the link but also every other document on the site. The use of the tag denotes a change in link color from the default link color. So, if you set your default links color to blue and you wanted one of those links to always be red you'd have to add the font color tag to every document containing that particular link. Well, enough of that.


Concerning the firewall logs. I have not looked at the case at all. I did not investigate this complaint. I just stepped up to the plate in the bottom of the ninth and took a fastball to the head. No good deed goes unpunished. I have read, in several blogs and news articles, that the school had no firewall (hardware and/or software) in place.? I'm sure the investigating officer's complete report has everything including any firewall logs. The defense attorney should have them already but, I will check records and will get back to you in any case. I take it that Mr. Horner has prodded the Ghosted hard drive in a less than sterile manner.

I do have a copy of FTK's Imager and would be happy to create an image for you. I do think a new request to the judge would need to be submitted by the attorney first. Another option would be for me to provide you with an exported copy of ComputerCop Pro's data. You could contact the company and inquire about their software to determine whether or not it is acceptable to you.

Mark

Tuesday, March 6, 2007 4:05 PM

From:

"Alex Eckelberry" <AlexE@sunbelt-software.com>

To:

"Crime Prevention" <crimeprevention@norwichpolice.org>

It had no desktop firewall on the machine, but it did have a Raptor firewall in place. What was expired was the content filter -- WebNot from Symantec.

I'll check with the attnys.

Alex

That was the last I heard from Mr. Eckelberry. It has been close to two years. He never bothered to obtain the firewall logs OR obtain his own mirrored image of the subject drive. No one ever showed up. The document in question was http://orgasm-mystery.com/viagra-cream-for-woman.htm. It was a relative link click from the home page. The link color on the home page for this document was blue. The same link on this particular document was red. As I said in court, the link color did change. As I said, several documents from this website were requested by relative link. Most contained pornographic images. The website is still up. Go to the home page and click the blue link for "female sex enhancers" in the "Female Orgasm" link tree. This is the web document Mr. Eckelberry and I were discussing. Notice the link color is red. Why was Mr. Eckelberry not comfortable discussing the fact the document was requested, not a pop-up? Again, why did he not obtain the firewall logs and a mirrored image of the subject drive?


More evidence can be found in Mr. Eckelberry's own "Technical review of the Trial Testimony State of Connecticut vs Julie Amero", dated March 21, 2007. First, note the date. It was published 15 days after our last email exchange, the email exchange concerning the requested web document at www.orgasm-mystery.com. Secondly, he writes in his technical review:

"Hence, we are unable to complete a full forensic examination on the drive in question without having a bit-for-bit copy of the hard drive, as well as the complete firewall logs for that day (or at least for the morning of October 19th, 2004)."

Really, you saw the emails. The offer was made. Mr. Eckelberry had the opportunity to obtain a bit-for-bit copy of the drive in question and the firewall logs. Why did he neglect to get them so he could complete his full forensic examination and view the firewall logs? Read it for yourself at Technical Testimony .

The days browsing didn't stop or start at www.orgasm-mystery.com. It continued for the entire school day. The firewall logs exist and are available for all to see. Request your copy by contacting the Norwich Police Department's Records Division. You can also get your own copy of the case report. It contains tons of evidence which includes the following excerpt:

Evidence documents recovered include a number of document pages from the orgasm-mystery.com web site which were created on 10-19-2004. One of the documents: http://www.orgasm-mystery.com/oral-sex-technique.htm was created on 10-19-2004 at 10:49:51. The document included two links to the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document. One link was represented by the cheatinglesbians.jpg image, the second by text which read "CUNNILINGUS VIDEO BY Cheating Lesbians. Look at their techniques during the pussy licking action. Quality movies, beautiful models. Watch them now." The links were written to open the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm document in a new browser window (target="_blank"), leaving the http://www.orgasm-mystery.com/oral-sex-technique.htm document open in its browser window.

The firewall logs show the request. Here they are:

Oct 19 10:39:18.250 cofirewall httpd[282]: 121 Statistics: duration=4.51 id=WDPwC sent=497 rcvd=26500 srcif=Vpn6 src=10.2.19.252/3629 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/oral-sex-technique.htm result="200 OK" proto=http rule=2

Oct 19 10:39:22.033 cofirewall httpd[77]: 121 Statistics: duration=0.16 id=WDNMH sent=416 rcvd=144 srcif=Vpn6 src=10.2.19.252/3666 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/images/eb3_42.gif result="304 Not Modified" proto=http rule=2


Oct 19 10:39:52.594 cofirewall httpd[282]: 121 Statistics: duration=0.55 id=WDPyr sent=337 rcvd=25233 srcif=Vpn6 src=10.2.19.252/3668 dstif=Vpn5 dst=66.28.207.155/80 op=GET arg=http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm result="200 OK" proto=http rule=2

Interestingly enough the http://www.orgasm-mystery.com/oral-sex-technique.htm hasn't changed much, if at all, in the past five years. Visit it for yourself and notice the LINKS for the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm porn filled document still exists. Click on one of the links (YOU HAVE TO AS IT"S NOT A POP-UP) and note that it's chock filled with large sized adult pornographic images, so many you'll need to SCROLL down the page to see them all. Just as one of the victim children testified in court, saying Amero was "SCROLLING"....