Levy computer search spotlights Web trails

By Daniel Sieberg
CNN Science and Technology

(CNN) -- The methods used to search missing former intern Chandra Levy's computer for clues to her whereabouts are widely employed by law enforcement, say experts observing the case.

A unit of the FBI called the Computer Analysis and Response Team has examined the hard drive on Levy's computer, and some of the information found has led investigators to search specific areas of Washington.

One of the Web sites she browsed included information about the Klingle Mansion in Rock Creek Park, the Washington Post reported. Police have also said there was a "great deal of activity" on her computer the day she disappeared.

RESOURCES Message Board: Missing intern

Lawrence Rogers, a senior member of the technical staff at the CERT's Coordination Center, says the high-tech procedures likely used by the FBI are relatively straightforward and have been used by authorities for several years.

"It's very easy to do," said Rogers. "And there are many commercial products that can aid them with their searches. These are well-known acts that most law enforcement (investigators) know how to do."

From a forensics point of view, it's a necessary part of the investigation, he added.

Computer searches could involve a number of things, said Rogers, such as looking through the Web pages that were recently visited and examining the hard drive for deleted files or e-mails.

Deleted doesn't always mean gone

Even when a person empties the trash folder, information can still be recovered from the hard drive.

"The references to the files are deleted, but the actual data is stored in the free blocks of the file system," Rogers said. Over time, the files will eventually disappear from the hard drive, he said, depending on its capacity. But they can remain there for a long duration.

Most Internet browsers keep a history of the Web pages recently visited, and authorities can easily scan this list through the program itself.

Small files of information called "cookies" can also offer investigators clues. These tiny files are often indecipherable when read, but they provide data to servers used by Web sites that doesn't need to be entered each time a site is visited by a user. Rogers said they also have a time stamp, which can help establish the last time a site was visited.

But a computer's ability to retain data for long periods of time can be a double-edged sword for users, said Rogers, since they are often unaware of how much information is kept on them.

"People usually don't know how much information is being left behind," he said, which can also become a contentious issue when companies track the behavior of an employee.