This podcast discusses domestic violence, criminal behavior, murder and adult themes, while not explicit listener discretion is advised.
Josh Powell went to court in Tacoma, Washington, on the first day of February 2012. He wore a jacket, a blue shirt and tie and carried a crumpled brown paper sack from a FedEx office copy center, it contained a typed statement for the court. This is what Josh wrote, Having demonstrated my fitness as a parent, it is time for my sons to come home.
Josh had lost custody of his sons, Charlie and Braden, four months earlier after police raided the South Hill home he shared with his father. Detectives were looking for evidence related to the unsolved disappearance of Josh's wife, Susan. Instead, they found his father's stash of voyeur videos, I was living with him at the time.
However, within the first month I established my own home and I have consistently proven my fitness as a stable and loving parent.
In court, Josh's attorney, Jeff Basset, told Judge Katherine Nillson his client had done everything she had asked of him.
He has been nothing. If it's not cooperative to the entire, uh, everything that's been asked of him in this case, Josh had even gone so far as to endure a psychological evaluation.
I have proven myself as a fit and loving father who provides a stable home even in the face of great adversity. Not so fast.
Assistant Washington Attorney General John Long told the court police in West Valley City, Utah, had just shared concerning new evidence based on some information that's been provided by a criminal investigation judge overseeing the criminal investigation. I think it's clear from that court order that these can be linked to Mr. Powell.
No one came right out and said it in open court that day. But the evidence in question was a set of nearly 400 pornographic images. They were digital files, most of them small thumbnails. The majority were cartoons showing characters from animated TV series, often depicting children and adults together. Detectives and the FBI had found those thumbnails on a computer taken out of Josh and Susan Powell's house in Utah the day after she disappeared in December of 2009.
In court documents, police said the images belonged to Josh. They were wrong. This is a bonus episode of Cold Project Sunlight. I'm Dave Colly. Back after a word from our sponsors. It's an election year and I work in a newsroom, needless to say, sometimes my brain just needs a break. That's when I like to clear a few levels on best friends. It's the perfect escape for my head. If you can match three, you can play, but it never gets old because the puzzles get more and more challenging as you go and you earn the help of cute little bugs.
Better you do, the more bugs you befriend and the more slugs you can beat. Best friends is the infamously impossible to put down puzzle game that's free to download more levels. Events and challenges get added all the time. So there's always something new to discover. For example, right now all of the Bogle's have little costumes on to celebrate Halloween and there are some new challenges related to that. And special missions you can do as well. With over a hundred million downloads, this five star rated mobile puzzle game is a must play download best feeds free on the Apple App Store or Google Play.
That's friends without the ah best fiends. Let's go back again to Judge Katherine Nelson's chambers in Pierce County Superior Court on February 1st, 2012.
Josh Powell's attorney, Jeff Bassett, pushed back against the claim of new evidence against his client. He wondered why detectives were only then raising the issue. If these cartoon pictures were so bad. He asked, why hadn't police just arrested Josh when they had first found them?
And I just think that we are allowing ourselves to be manipulated from outside sources on this case without cause.
Detective Ellis Maxwell, the lead investigator on the Susan Powell case, was not in court that day, but he told me he had tried to secure charges against Josh on those images. Prosecutors would not go for it. You know, I'm sure a lot of people were wondering, OK, well, they've had this for several years, but now they're going to introduce it now.
Well, that's why police also considered the images contraband illegal to possess or view. And so we had to go through the courts here and they made an exception to release the evidence to the state of Washington for review purposes. And it was very specific to where only the judge and the attorney and the social workers and small scope.
And I think one detective, the judge's order did not allow Josh to see the images, but it did grant permission for forensic psychologist James Manley to review them.
The overall tone of these were incestuous. James had already delivered a report about Josh's parenting capacity to the court in Washington. After viewing the images, he had new concerns. So James authored a follow up.
I went down to the police station and talked with the guardian ad litem and the detective and the attorney general decided didn't take much to decide. But we entered a request or petition to the court for a psychosexual evaluation.
On the one side, Judge Nelson had Josh making the case for reunification. On the other side stood police, prosecutors, a psychologist, all arguing Josh might not be a safe father based on these thumbnail images of cartoon incest, pornography.
Josh, for his part, seemed to make a vague reference to the pictures. In that typed statement to the court that day, he wrote, I have recently heard rumblings that some people are dipping deep down to the bottom of the barrel in a desperate effort to find and manufacture fault with me. Due to their attitudes, the word manufacture there is significant. Josh seemed to imply that he believed police had fabricated the new evidence.
His protest did not sway the judge. She told Josh he was not getting his boys back that day. Instead, Judge Nelson ordered Josh to take the psychosexual evaluation. You know what happened next?
Days after this court hearing, Josh murdered his sons and killed himself when he was not only not killed in custody, but then the stipulations that they put on almost the psychosexual and some other things, I think that kind of cracked the psychosexual evaluation was the end of the road for him, because with the revelation that, you know, he had these pictures on his computer, you know, it's explicit and it's it's of concern.
It's very, very disturbing. And so that was something else that they knew about it. And that was found by the West Valley police on his computer. Only I can now tell you it wasn't Josh's computer. I've discovered that the computer in question belonged to Susan. Let's step backward in time to examine how I made this discovery and what it means about ownership of those pornographic images. Susan Powell sent an email to an old friend on Christmas Eve 2008, a little less than a year before her disappearance.
In it, she vented about the rocky state of her marriage, expressing despair over its dysfunction.
She also wrote that Josh did not allow her to go online with his computers.
I love Facebook and Josh is still convinced using it or anything else on the web automatically uploads evil. And he doesn't trust me with most of his computers.
The only computer Josh allowed Susan to use at home was a Compaq brand IPAC by then a nine year old model. In a July 2009 Facebook message, she told another old friend the Compaq Computer was not all that useful.
The crappy computer I have access to at home is so old and slow that I literally log in to Facebook, walk away, click profile, walk away because it takes so long to load. Josh, on the other hand, used multiple computers. He had built a custom tower, complete with a radar array in 2007. Susan mentioned that machine in her July 2008 video documenting the family's assets.
Here's the kind of pimping out stuff he's done to his computer. He built it himself.
Josh also had a work issued laptop that he often used around the house, but he didn't seem to think his wife had much need for a computer of her own.
The control that Josh had over her, he wouldn't let her do certain things.
In a July 2009 email, Susan told her work friend Linda Bagley the only task Josh allowed her to use a computer for was tracking her spending. Having every year down to the penny of totals of each category is a priority with my husband and not me. For years, Josh had tasked Susan with scanning his documents. Susan told Linda doing Josh's data entry was a waste of time. She wrote. I enter on each receipt. If it was clothing for Josh, clothing for Susan, accessories for Susan, toiletries for Susan, shoes, cosmetics, groceries has broken down to listing each item or describing if it was produced.
Frozen shelf, stable foods, incidentals like batteries or non consumables. We categorize diapers versus wipes versus diaper ointment versus children's clothing, children's books, children's toys, children's movies, etc., etc.. Susan begged Josh for a better computer throughout 2009. He kept telling her he would build her one but never did.
Was always the best for him and the least they could do it for her. But yet she around as much or more income than he did.
Finally, at the end of August, the Compaq IPAC died. Susan felt cut off from her friends and family and she resorted to sneaking on to Facebook at the office, she told a co-worker in an email she feared those Internet sessions might cost her her job.
I just found out they might be doing final warnings and firing people for using non-work related websites. I value my job more than email, I guess. Let's go back to the stone age of cell phones.
The solution to this problem had been staring Susan in the face for months. She knew of a family that had shut down an in-home business earlier in the year. That family owned several computers they no longer needed. Susan decided to buy one without telling Josh. That presented a new problem, though, at that time, Josh and Susan had only one car, she didn't get the car, it was him unless he didn't have the most.
He had the day off maybe, or something that was always him.
So on September 18th, 2009, Susan asked her daycare provider, Debbie Caldwell, to swing by in her Mazda Miata. When Debbie showed up, Susan plopped down into the passenger seat and told Debbie where to go. That night, Susan bought a computer of her own for 100 bucks. In the interest of full disclosure, I should mention, I know who sold Susan that computer at this time, I'm opting not to report that detail. Josh flipped out when he found out about Susan's purchase, immediately pounced on the computer, I told him it was my computer and not to mess with it.
The computer was a Dell Opta plex, Gex 270, far from top of the line. But Susan told her co-workers in this email that it was enough. It does what I need and that's all I care about. I explained I wanted to do Facebook, Hotmail, PBS dog and let the kids watch movies and such. Susan didn't want her computer downstairs in the office with Joshes. Instead, she cleared space in a small upstairs bedroom. And that is exactly where West Valley City police detectives found it less than three months later when they entered the house with the search warrant.
The Dell Computer ended up at the FBI's Intermountain West Regional Computer Forensics Lab, along with all of the rest of the digital evidence in the Powell case.
I talked about the taskforce work in Episode 12 as a refresher, though, here's FBI Supervisory Special Agent Cheney Hangtown.
The software reuse goes in and retrieves deleted files, files that are in this so-called like unallocated space that the computer knows can use now. And so we're able to pull stuff that's deleted and things like that.
That's exactly where investigators found almost all of the cartoon pornography in unallocated space on the Dell computers hard drive.
The images had been deleted, likely as part of an automatic purge of Web browser cache files.
In other words, someone had visited a website hosting the images, but had probably not explicitly downloaded copies of them, typically computer files carry metadata that can tell you things like when the file was created, modified or last accessed. Forensic examiners can use that metadata to determine when files were downloaded from the Internet.
But that's not always the case. With deleted files, they are often stripped of metadata. This presented a problem for West Valley police when they and the FBI discovered the cartoon incest pornography in 2010, they opened a new case in the hopes of securing federal child pornography charges against Josh. Police records show a detective even screened the case with an assistant U.S. attorney, but the AUSA refused to charge, pointing out police could not prove Josh was the person who had accessed the explicit cartoons.
The police, FBI and prosecutors all missed something, something that I recently discovered, a time stamp showing when at least some of those cartoon porn images were accessed. I need to take a second and explain how I discovered this when the taskforce finished its work on the Dell Computers Hard Drive, it turned over copies of its findings to West Valley police.
We provide an archive of all of the work that we do. We also generate a digital report for them. That report will have all of the files that were deemed pertinent. Deemed pertinent, that means the report only included copies of a subset of all of the files found by the forensic software. Now I have a copy of this report reviewing it. I discovered that one of the explicit cartoons still held metadata. It showed the image had last been accessed on March 20th of 2009.
That is six months before the Dell desktop ever entered the Powell house. That's not all. The report also included a database indicating all of the files that the forensic software had been able to see. It did not include copies of every file, but you can use the database to see stuff like names, sizes, metadata and the location where the file had been stored on the file systems directory. I know this is all really dull, but just stick with me here.
Knowing the date and time from the metadata on that one cartoon image, I was able to find references in the database to several Internet cookie files from cartoon pornography Web sites.
They were created just before 1:00 a.m. on March 22nd, 2009, again six months before the Dell Computer ever entered the Powell house, the prior owner had failed to wipe the hard drive when selling it to Susan.
This fact carries significant implications. It means neither Josh nor Susan could have been the person who downloaded the cartoon pornography, and because of that, the judge's order that Josh undergo a psychosexual evaluation, an order that many people close to the case say broke Josh just days before the murder suicide was based on flawed information. Josh was in a hurry. It was February 3rd, 2009, he and Susan were making final preparations for a vacation to Washington, they planned to spend the better part of a month visiting their families and old friends in the state where they had first met and fallen in love.
Before leaving their home in Utah, Josh wanted to finalize the legal trust he had been working on with an attorney. He was becoming frustrated, though, because the lawyer was not responding to his messages. He complained to Susan about it in this e-mail.
I can make a generic trust with that software program just to have something done before leaving.
Susan replied with an email of her own, urging her husband to worry about it later.
Seriously push for generic. For now, we don't need him delaying our entire vacation.
More practical concerns were forefront in Susan's mind.
She needed to find someone to watch their Pet Parrot trilogy while they were gone. Hello. Susan Proctor, sister in law, Jennifer Graves into serving as the bird babysitter, but Josh just couldn't shake his fixation with the trust loss plan to go over the language in detail while driving the bird to Jenny's.
Susan made clear she wanted this legal stuff off of Josh's plate as soon as possible.
I'm really, really obsessed with the idea of leaving Thursday, early a.m. to arrive by dinner.
So if that trust works good, that looming 15 hour drive didn't seem to concern Josh much.
I also need to work on backing up data. I think I finally have a workable plan, but it will take time to process the files. I better start the process before leaving for Jenny.
Several months earlier, Josh had purchased a one terabyte Western digital brand. My book, World Edition External Hard Drive. He kept it in his basement office connected to their home network by way of an Ethernet cable. Susan even mentioned that hard drive in the video she made documenting the family's assets in July of 2008, and this is some type of backup device, says W.D. on the side like shares the information.
Somehow, Josh had come up with a method for sinking copies of his files from each of his computers to the external hard drive over the home network.
West Valley police detectives took the my book World Edition Hard Drive when they raided Josh and Susan's home with a search warrant the day after she disappeared, the same day they took Susan's Dell desktop like the Dell the my book, World Edition Hard Drive ended up at the CFL, but investigators couldn't manage to get anything off of it. Josh's network backup was locked with encryption. That encrypted hard drive is one of the last persisting mysteries in the Powell case, and for the first time we have a clue as to what secrets it might hold.
Earlier in this episode, I mentioned Josh's home built computer tower, it's the one with the raid array that was in the basement office of the Sierra Circle House.
I think there's like five hard drives, something about grades. There's those for all the computer geeks.
Again, that is Susan's voice from the video she made documenting her assets in the summer of 2008. Josh's radar array computer also ended up at the FBI's computer lab after Susan disappeared, but it didn't appear to hold much in the way of evidence.
Investigators flagged some family photos on it, as well as a single file named Vivi DBI, one network encrypted DOT TDB. I have a copy of this file. At first, I couldn't make much of it, I didn't recognize the file format, a little Googling suggested it was probably some kind of database, but without knowing what program created it, there was little chance of viewing it. Maybe I figured something might show up if I tried to open the file as text.
When I did, it revealed a single, extremely long line of letters, numbers and foreign language symbols, almost incomprehensible. Some dictionary words and even short phrases did jump out, but those foreign characters made it impossible to get a clean read, scrolling what seemed endlessly toward the right. My eyes started to lose focus. That's when it happened. A pattern began to emerge. The random placement of these foreign language characters was not actually random. On a hunch, I replaced all of those foreign characters with line breaks.
That unreadable string of long text transformed into a neat list, scrolling vertically. Then I could see the list was roughly 70000 lines long. Each line was a discrete reference to an individual file.
Got all sorts of files. This is all things to me trying to save them. These were file paths. The very first line read vice versa.
Synchronization tracking, vice versa, is a file backup app.
There's some tapes and DVDs and stuff to back up all the computer geek stuff, our family photos and financial information.
And I soon learned that the TDB file extension was short for tracking database. So the file I was looking at was how viceversa kept track of which items to synchronize. It was a log of what was copied from where to where the source where the original files were copied from and the target where they were copied to where both represented in the list. Looking through the database, I could see the source was called temp backup unorganized.
The target volume carried the name My Book World, my book work, World Edition.
I think that's the stuff I was looking at earlier that saves information.
That means the vice versa database file is very likely. The table of contents to Josh is encrypted. Hard drive. A few takeaways were evident when I started studying the vice versa database file, Josh tended to keep his documents well organized in a series of nested folders. They had orderly names like business, education, finances, insurance, housing and so on. Each individual file carried a descriptive name. Many of the files and folders also included exact dates in their names.
The formatting was always the same four digit year, two digit month, two digit day. Josh's documents dated as far back as the early 90s when he was a teenager, the most recent files dated to September of 2009, three months before Susan's disappearance. Perhaps most important, I recognized some of the files. In fact, I already had copies of some of them, like Josh's audio journals.
I went home, started working on my computer again. I pretty much did my computer for every aspect of my life right now.
But my copies of Josh's journals came from hard drives. West Valley police seized from Steve Powell's house and Josh's safe deposit box in Washington in 2011.
Today, I got up and started working on the computer. I decided to get Windows 98 installed on it so I could start using my scanner.
So how did Josh have copies of those files in Washington in 2011 if police had seized all of his digital data from the Sierra Circle House in Utah right after Susan disappeared in 2009?
None of this technology stuff is particularly esoteric to me.
The simple answer is off site backups. So where did Josh stash his off site copy? Back to those e-mails Josh and Susan exchanged in February of 2009 before leaving on their road trip to Washington.
In one, Josh told Susan he wanted a backup of his computer done before their meeting with the attorney. Here's what he wrote.
I really intend to fully back up the computer and bring a copy.
Now, I can't say for sure, but it's reasonable to believe Josh might have placed this copy of his digital archive in a safe deposit box where maybe he left it with a friend. If so, he could have retrieved it after Susan disappeared and carried it with him to Washington. Evidence exists to support this idea, as I just mentioned, the Josh Powell Journal files I received from West Valley City during my research for Cold came from devices police had seized in 2011, but they line up with the vice versa database from 2009.
The folder structure on Josh's encrypted backup is almost identical to that of his archive. As it appeared two years later, they both derived from the same original source.
That discovery raised an interesting question.
Could the digital data seized by police in 2011 hold the key to unlocking the my book World Hard drive from 2009? To find out I would need the help of someone with access to all of the digital evidence.
Can I bend the ear of a homeowners out there for just a minute? I happen to be one and if you are, you know how tough it is to find the right home insurance coverage. Even if your rights like mine have just been creeping up slowly over the years. I get the idea that the insurance companies know you don't want to go through all the hassle of comparison. Pricing and replacing your policy can really seem exhausting, particularly this time of year in December.
It's one of the busiest months of the year. That's why Policy Genius reimagined the entire process so you can get the right coverage at the best price. Here's how easy it is. First, head to policy genius dotcom and answer a few quick questions about yourself and your property. Then Policy Genius will compare your policy against options from top insurers to make sure that you're getting the right home insurance coverage at the best possible price. Listen to this. They've saved their customers on average, 690 dollars per year doing just that.
Whether you need home insurance for a new place or just want to recap your current policy, head to policy genius Dotcom. Today, you can get started on your smartphone right now, policy genius when it comes to home insurance. It's nice to get it right.
Are you concerned about what's in your hair color that it might be damaging your hair? I was, too, which is why I decided to try Madison Reed. Unlike many other hair color brands, it doesn't have these eight harsh ingredients. No ammonia, no PBD, no resource at all, no parabens, no phthalates, no gluten, no FLSA and no titanium dioxide. It's super convenient to they deliver it right to your door on your schedule, making it super easy to color your hair when you want.
No appointment needed. Madison Reed even made it easy to find my perfect shade. I took their online color quiz, answered a few questions and wound up with a color I love. Get Omonia free, multi-dimensional hair color delivered to your door, starting at twenty two dollars at Madison. Dasch, Reed Dotcom. Use my promo code cold ten and you'll get ten percent off plus free shipping on your first color kit. My promo code again is called Ten.
Visit Madisen Dash read Dotcom now to find your perfect shade. That's medicine dash read Dotcom Boy of twenty twenty has taught us anything.
It is that maintaining your health is one of the keys to happiness in your life and staying healthy helps to combat even viruses like covid-19. Because of the restrictions, access to your regular avenues of exercising may have been blocked. So maybe you've packed on a few unwanted pounds. But let me share something I discovered even before the pandemic that may be of help to you.
Less mills on demand, less. Mills has been creating world leading fitness programs for half a century, and now they've packed all of that success and knowledge into a handy fitness app. So you can have your favorite workout when you want it, where you want it on demand. Some days I don't have a full hour to workout, so I'll jump on the app for a quick 15 minute workout. They have over a thousand to choose from, but my favorite is body combat that works my entire body and also provides the motivation that I need on Tuesdays and Thursdays.
It's strength training and my mental health is lifted as well as my physical health. Right now for our listeners, there is a special offer from Les Mills on Demand, where you can get 21 days free access to the fitness app. So don't wait. Go to try. Les Mills forward slash cold. That's try Élysées am I LLC dot com forward slash cold to get this incredible offer.
At the start of October 2013, Susan's dad, Chuck Cox, sent an email to West Valley Police Detective Ellis Maxwell, a man named Richard Hickman from a company called Decipher Forensics, had reached out to Chuck offering to help get into Josh's encrypted hard drive.
I saw the news story about the hard drives being encrypted and the FBI having a hard time being able to crack the encryption. And I thought of the cryptocurrency mining machines that we had in our office that we also utilized for passport breaking for our forensics from time to time. And so I thought, well, let's reach out. Let's see if we can maybe just donate some time on our machine.
Richard Cohen, decipher with two other partners, Trent Levitt and Mike Johnson. They had founded the firm in 2011.
Decipher primarily was a computer, forensic and cell phone forensic company. We would handle cases in civil litigation, work with law enforcement as well on anything from homicide cases to divorces. Sometimes everyone in the same and everything in between intellectual property theft, employment law, civil litigation of all types.
That is Trent. West Valley City had declared the Powell case cold five months earlier. At Chuck's urging, police reached out to decipher to see if they could help decrypt the my book World Hard Drive.
I believe we met with Detective Maxwell. Very nice guy, very easy to work with. He was actually very appreciative of our willingness to do this for free and to try and move things along and get more answers.
Trent told us about the machines they intended to use. Decipher had poured about 14 grand into building them. They were both contained in milk crates. You just have this box, this milk crate box. And we we actually took a piece of wood across the side of it to be able to kind of act as like the shelf. And then we just set down these four really powerful graphics cards that are just gaming graphics cards and hook them up that way.
These milk crates weren't much to look at, but they were necessary because the rigs consumed a lot of power and generated a great deal of heat. It required a full size van just to keep them cool. It generated enough heat in the winter that we would open up our windows and didn't have to turn on the furnace in our office. It literally heated. Our entire office now was impressed. He ran the idea up his chain of command and received an OK from the deputy chief.
So in December of 2013, West Valley gave the deciphered team a copy of the my book World Drive. The arrangement came with a condition decipher had to sign a non-disclosure agreement. They were not allowed to discuss their work and we didn't talk about the fact that we were even doing it with anybody.
And the deal required that they report any discoveries to Ellis, anything that we find program of West Valley City.
You know, when we originally started this, anything we found was to go back to West Valley City and to go nowhere else. Confidentiality was not an issue for decipher. It was common practice with almost every case they worked talking about a case, especially on camera.
It's weird. It's very weird.
Trent and Richard are only discussing this now because West Valley City released them from the NDA at Kolb's request. My thanks to West Valley for that. Trent, Richard and Mike hooked up Josh's encrypted drive to their milk crate rig, they had decided to run what's known as a dictionary attack against the encryption.
We put together this strategy of combining a whole lot of password lists from previous data breaches and dumps that had happened. Hackers will breach a company. They'll pull all their usernames and passwords, and then they leak that to the Internet. And so all of those lists are publicly available. And so we downloaded a lot of these lists of very common passwords and then we created our own big combined dictionary, applied a whole bunch of rules to it to say, try the original password and then we're going to swap all the A's with that symbols, S's with dollar signs, ease with three's eyes, with ones or exclamations, all of these different combinations and putting a one on the end, putting or maybe combining two passwords.
And it created this massive dictionary that we knew and and our software showed was going to take forever to get through. But we thought, why not? Let's give it a try.
It didn't take long before deciphering countered some initial success.
The tool they used for the dictionary attack came across a password app one one two four that I don't know how I remember that, but some things you just don't forget. AP one one two four.
They plugged that six character string into the encrypted drive, then attempted to access it. There was nothing there. The drive appeared to be empty with True Grit, without getting really super technical. You can have multiple layers of encryption.
I will have more to say about this point in a bit. But for now, it's enough to know that this discovery meant to decipher had to start all over again. They set the milk crate machines back to work.
It ran for a very long time.
The code cracking software ripped through hundreds of millions, then billions of possible password permutations.
Heat took its toll on the milk crate machines and they would run round the clock 24/7 for months, if not close to two years before those things burned up and still didn't break it.
Ellis retired around that same time, and a different detective, David Grecco, took over as caretaker of the Powell case. 2016 past. Still no break. In August of 2017, Detective Greco dropped in on the decipher office to check up on things, Richard and another member of their team, Kylie Richmond, told him they still had the encrypted drive and were still working on it. They brought him up to speed on their early discovery in a sort of good news, bad news kind of way.
AP one one, two, four. That's what we have to give you. It means absolutely nothing. A couple of months later, in October of 2017, a private investigator working for Susan's parents called Decipher to check in on things. Trent told the Pi Rosenquist he didn't have much to say, but he let slip, they discovered a short password that didn't provide access to any files.
It's really not a big deal. There's nothing here. Rose shared this information. I actually spoke to her on the phone on the night of October 25th, 2017.
She told me then Decipher had decoded a first layer on Josh's encrypted hard drive. I contacted West Valley police who confirmed the general thrust of what Rose had said. So I broke that story on the 10 o'clock news that night.
KSL radio producer Dave Colly on the phone with us tonight with the latest development. And Dave, this has to do with a hard drive. It does, Dave.
A company called Winkworth Investigations is collaborating with Susan Powell's parents, Chuck and Judy Cox, and they're working with the Utah company called Decipher Forensics to try and gain access to a copy of one of Josh Powell hard drives.
I didn't understand then that decipher was working for West Valley, not the Kocsis private investigator Rosenquist health care.
So they are in need of more resources now to devote to the effort the reaching out to Amazon, hoping the Internet giant can use its cloud computing platform to speed up this process.
The following day, Rose made the rounds talking to other local and national media about the encryption.
This is our best hope right now is this computer and the other computers that the police have been calling it a potential breakthrough.
A private investigator hired by the parents of Susan Cox Powell hopes are remaining hard. Drive gives them the clues they need.
The brass at West Valley City were not happy. It seemed to them that December had violated the nondisclosure agreement.
I received a phone call from a U.S. official at West Valley City and wanting to know why the press was starting to camp out at the front of the doors. I said, I have no idea what you're talking about.
Trent figured it out and went to work attempting to limit the damage.
Who violated the trust of another department in our industry, which gets around pretty quick, when in fact we didn't violate the trust, someone else did. But that damage was done, obviously, in trying to be cooperative.
We just did whatever West Valley City told us to do and they said, don't say anything. We said, OK, we've been pretty good at that. So we thought West Valley City put out a statement. We just kept our mouths shut.
That didn't keep Trent's phone from blowing up dozens and dozens of phone calls, probably from your station as well. And I had no comment.
I had actually just started hanging up on people because I had work to do and I wasn't getting it done. The deciphered team feared West Valley would demand the encrypted drive back, shutting down their effort. But the city didn't do that and the situation did have a silver lining, the renewed interest in the Powell case started the team thinking about how to whittle down that giant dictionary into something more manageable, a custom dictionary to Josh alone.
It's a much more personalized dictionary based on the information that we have about him. And so we can take all of his computer information and even enter in manually information like his birthday, his kids names, his kids birthdays, family members and important life events and that kind of stuff.
But they could only build that custom dictionary if they had access to Josh's other unencrypted hard drives.
During the course of that week, our former business partner, Mike Johnson said, I'm positive there's more drives in this case that just didn't give them to us.
What if we took all of the drives and like Richard talked about, created a dictionary of all the drives that aren't encrypted?
A few weeks after the leak, Detective Greco dropped in on the decipher office once again to remind Trent, Mike and Richard they were still bound by the non-disclosure agreement. The deciphered team took that opportunity to ask for copies of all of the digital data from the Powell case, West Valley City agreed, in spite of the recent breach of trust and in 2018, the accounting firm Ida Bailey acquired decipher forensics.
Trent brought the Powell drives with him to his brand new state of the art digital forensics lab. The October 2017 leak had another unintended consequence, Rob Burton, an expert and self-described news junkie, had followed reports about the Powell case from the beginning.
So it affected me very personally, just like many of us here in Utah and nationally.
Rob was paying attention when the Rose Rosenquist started doing news interviews about Josh's encrypted hard drive.
There are some local news media coverage of the encrypted hard drive that had made the news here in Salt Lake City, as well as some podcasts.
It was Nancy Grace on her podcast Crime Stories. The show characterized the latest news as a, quote, big development and the most hopeful lead in the Powell case in years. Attentive Rob listened several times, and as I heard the the digital forensic details, it just didn't quite line up. Rob worked for a large corporate employer in Salt Lake City as an information security analyst and digital forensics specialist. He had expertise in this field. She kind of glossed over it.
I don't think she fully understood the details and the intricacies that were involved, especially with West Valley City.
At one point, a guest on the podcast mentioned there was nothing preventing police from making more copies of the encrypted hard drive and sharing those with other digital forensic experts. That started Rob thinking, I actually work in West Valley, my employer has a major I.T. office in West Valley, and so hearing that, I wondered I wonder if I could get involved with that.
Rob headed over to West Valley police headquarters on his lunch break one day. They were actually very positive, very favorable. I asked them specifically for the detective involved in the case. He wasn't there at the time, but I left him a message and then he called me back a few days later and met with me.
Detective David Greco made a fresh copy of the encrypted my book World Hard Drive for Rob and delivered it to him at the start of January 2018. Just like with this cipher, Rob signed a non-disclosure agreement. He was gagged from talking about the project.
In fact, as I started this project two years ago, being under NDA, I knew I just couldn't create a folder on my computer called Susan Powell Project because I was under NDA and kind of had to keep it hidden. And so I named the folder on my computer project, Sunlight, because I thought every good secret project has to have a good code name. Right. Like you see in movies and TV shows. And I named it Project Sunlight because sunlight is the best disinfectant.
Again, West Valley City has granted Roba release from that NDA had called to request my thanks to the city for allowing Rob to share his story.
And now that it's a little more out in the open, I'm very relieved to be able to talk about it. Once Rob obtained a copy of the encrypted hard drive, he started tinkering, he bought several computers second hand and set them up to run a password cracking program.
I basically built a small computer lab out of extra computers that I had and that I've been able to acquire with some other video cards and then just running the software against it. It's called Password and it's commercially available and it's what law enforcement agencies also use.
Password began plugging every possible password into the drive one by one as fast as it could. This is what's known as a brute force attack, a different approach from the dictionary attack the decipher team had first employed.
There's a couple different strategies when it comes to decryption, but brute force is kind of the last effort, really the last ditch effort, really, after several of the easier things have been exhausted, you're really left with brute force and that's where you're basically just trying combinations of letters, numbers, characters to try and guess it.
Password guessing password had only been running for a handful of weeks when something unexpected happened. One morning I came in and looked at that and it said, Password found one. And I thought, oh, is that a bug? Was that real?
And sure enough, yeah, I know it really did find one password, a P one one two four, the same password the deciphered team had discovered.
But we mounted that and it's blank. There's no data there. Earlier I mentioned I would get back to the idea of this being an outer layer of encryption.
Think of it as a box within a box. Rob explained the app one one two four password was the key to open the outer box.
There's a process known as plausible deniability. If someone was caught and had to give up the password to this drives by law enforcement, law enforcement, arrest the suspect and convinces them to give up a password to the drive, they could say, OK, well, my password is here's my password. Law enforcement thinks, oh, great, we've got the password to the drive. We can decrypt it, they can decrypt that outer partition and it can be totally empty.
And they think, oh, there's nothing here.
Cracking the outer partition password brings them no closer to discovering the hidden partition password.
It's a whole different password. There's the outer password and there's the enter password. So it's starting over and it's a much different layer of complexity.
App one one two four isn't very secure as far as passwords go nowadays. Many websites would refuse to let you use it because it's not long enough, doesn't include special characters and uses only lowercase letters. Richard Hickman and Trent Levitt told me it's likely the password Josh used on the hidden partition.
If a hidden partition even exists, is much more complex.
There might not even be a second layer. It could just be we cracked that top code and it was an empty, hard drive. That's possible. We have no idea. So we'd like to think that there's something else to go after.
The vice versa pro database log I talked about earlier suggests there probably is something to go after, but the only way to know for sure is to either crack the second password or run the brute force attack until the end of time.
No encryption is bulletproof, but if you can delay the amount of time it takes, then becomes improbable.
The way you increase the amount of time it takes is by using a long, strong password. Josh did provide police with a password for one of his computers in 2011, it consisted of his birthdate, his full name, his Social Security number, his user account name, and a string of what appeared to be random letters and numbers. It's 59 characters, including upper and lower case letters, numbers, as well as hyphens, slashes and parentheses. However, many characters long may be exponentially increases the complexity and the length that it takes.
West Valley police were sifting through the first round of digital data seized from the Sierra Circle House in the days after Susan disappeared, when in March of 2010, Josh Powell's attorney, Scott Williams, sent them an email. Williams asked for the return of Josh's computers and hard drives. The sergeant in charge of West Valley's major crimes unit told Williams that was not going to happen, but the sergeant said if Josh had a particular file in mind, detectives could try to find it for him.
That would go easier, he added. If Josh would cough up his password. Josh claimed he could not remember the password in spite of that, Josh emailed over his final wish list. A few days later, at the top of the list were his family photos. Here's what he wrote in his email.
I'm a white hard drive. Most of it will be in the folder called photos or Photos and videos or similar naming. If possible, please send all photos, audio and video files you can find there will be some hundreds of gigabytes in total.
The white hard drive he's talking about is the encrypted my book World Drive. Everything that can be released from the White Western Digital Drive would be greatly appreciated.
Josh called the photos and videos, quote, unreleasable, even though he already had copies of them safe and sound in Washington.
Is it possible then that this request to police was just a ruse, a way of finding out if they had managed to break into his encrypted archive? A bit earlier, I described how I compared the vice versa pro database to the digital evidence seized by police in 2011 and discovered they lined up. But there were a few conspicuous omissions from the 2011 data files, with names like Gmail, email account info and encryption instructions were missing. This suggests that at some point after Susan's disappearance, Josh performed an audit of his own files and deleted anything that might give away his passwords.
In a more curious omission. Josh appeared to have deleted any file that showed he once owned a set of rigid brand power tools. Paperwork for all of his other tools was still present, but not the rigid tools. It's not clear why he did that. Back to that email Josh sent police. He told them he also wanted a complete copy of his work issued laptop and if possible, please find the image that is displayed on the desktop and include it or just photograph the computer with the desktop horseshoeing to try as a memory aid, a memory aid.
To what remember his password, Kayleigh Richmond, a member of the digital forensics team at IDE Bailey, recovered Josh's desktop at colleagues request. The photo was not what I expected. It's just a stark image of a chameleon, whatever it might have meant to. Josh, I can't say, but I can say this. After all of this time spent analyzing the digital data and searching for clues. It's clear Josh Powell was not some computer genius.
He created some websites. There's eight year olds that create websites and they're not prodigies. Anyone can get a book and create a website. It's just sitting down and going through the book. Josh did have some aptitude when it came to tech.
He wasn't really the smartest, but he certainly utilized whatever was available at the time.
He could run a database. But cryptography was not his specialty. He was no hacker.
There's not that many true hackers in the world from a percentage standpoint.
But if you work in technology, people think you're a hacker and it's just not the case. True Creped.
The program Josh used to encrypt the my book World Hard Drive was available for free on the Internet in 2009.
You didn't have to be the smartest or the most technical savvy. You could just download it and use it.
True, Creped is just as strong today as it was a decade ago. There is no simple shortcut or back door to discovering Josh's password just because the resources on technology are a little bit better today doesn't change the fact that encryption in the first place was top notch and that it's still going to take that many permutations to get through it.
Even if investigators someday make it into the drive, they will have to contend with the fact that vice versa, probe the app. Josh used to backup files to the My book World Drive also applied its own layer of encryption. You hook it up to your home router, you backup several computers. Josh was very meticulous, it sounds like in doing that, this is how digital forensics works. It is a constant process of coming up against hurdles and finding ways to overcome them.
Some solutions are technical. Some are rooted in human nature. Don't care who you are. Decryption is not easy or fast. And at this point, with Josh, Michael and Steve Powell all dead, there's no expectation on the part of law enforcement that decrypting the my book World Drive will lead to anyone being held accountable for what happened to Susan. But there is hope that some small clue might lead police to Susan's body.
If it were my daughter, I'd go to the ends of the Earth, just like the Cox family has done for years now to make sure I exhausted every avenue possible if that were my daughter.
That is why this effort continues.
Everything that we've done on this, everyone that's participated in helping us, no one's been compensated for it at all. It's just to try and help the Cox family as much as possible in any way that we can.
Trent Levitt and Kaylee Richmond did.
I'd Bailey, along with Richard Hickman, Mike Johnson and the rest of their old decipher forensics team, are still brainstorming new approaches.
I would love to see someone else able to do it if they know a hacker out there that knows how to get into her crypt. I'd love an introduction. And Rob Burton, now a part of the effort, is providing his time and insight to project sunlight. I as a corporate investigator, I've got a little extra time on my hands. I'm not constrained by international terrorist cases or other criminal cases that tie up law enforcement resources. And so I have a little extra time that I can devote to this.
I think it's worth it. I want to continue and I wanted to try to draw additional resources at it. As technology improves, software gets better, hardware gets better. I think that we'll get there eventually and it's the home worth the effort. And we're trying we got to do what we can.
If Susan's story sounds familiar in your own life, in other words, if you or someone you know is experiencing domestic abuse in any form, please get immediate help in the U.S. support is a phone call away at the National Domestic Violence Hotline at one 800 799 1733 or online at W-W dot the hotline, Doug. If you would like to support cold, please subscribe in your podcast app of choice and consider leaving us a rating or review all of those help us reach new listeners.
You can also find us on Facebook, Instagram and Twitter at the Cold podcast. And we have a website with articles, pictures and video, the cold podcast, Dotcom.
Michael Bond Miller composed the music for Cold, except for the guitar stuff, that was me, the Castle podcast's team includes too many people to name here, but my special thanks to our leader, Cheryl Warmsley, to our TV producer, Kara Fremont, to our radio producer, Becky Bruce, digital specialist Josh Tilton, and my fellow podcast producers Nina Ernest and Danielle Prager. Cold is a production of KCL podcast's, thank you for listening.