Agent charged with theft and forgery; collected commissions for fictitious customers

A former Vancouver insurance agent has been charged with theft and forgery for allegedly collecting about $15,000 in commissions by creating fictitious applicants for insurance policies.

Julie Anne Goss, 43, an independent agent for AFLAC, was arraigned last week in Clark County Superior Court.

The scam came to light after the owner of a restaurant in Battle Ground, Wash. told AFLAC that she�d received premium bills for two �employees� that had never worked there. 

AFLAC investigated, and it turned out that Goss wrote dozens of policies for 15 people that either weren�t employees at the named businesses or apparently didn�t exist. In other cases, she wrote policies for real employees, but they said they hadn't applied for the coverage.

In each case, Goss stood to get a commission for the policy. All told, the investigator found, between August 2010 and January 2011, Goss wrote 91 fraudulent insurance policies and collected more than $15,000 in commissions for them.

The company canceled its contract with Goss in March 2011 and reported the matter to our Special Investigations Unit. After investigating further, we revoked Goss� insurance license in January 2012. The charges against her were filed in late June.
If you suspect insurance fraud and you live in Washington state, please report it.

Daily Blog #37: Web 2.0 Forensics Part 2

Hello Reader,
             Sunday Funday is always fun for me for two reasons. One it gets me two blog posts out of one so I get more time to get work done and two I like getting a general feeling of what level of understanding exists on certain artifacts. So while you get a prize, that I strive to make worth your effort, I get to see what I can continue to help you learn by writing additional blog posts to fill those gaps. With that said we are continuing the web 2.0 series today that I realized was needed from the IEF Sunday Funday challenge two weeks ago.

Json Data Structures

Json data structures are fairly easy to find, they are structure name pairs that are exchanged between the web server and the web client, for instance the Gmail server and the Chrome browser. In this example the Chrome browser would then parse the data to generate the view that you see.

Here is what a message summary from your Gmail inbox looks like:

Index data for gmail
["140303866b4ce541","140303866b4ce541","140303866b4ce541",1,0,["^all","^i","^o","^smartlabel_notification"]
,[]

Email from/subject/message preview and date
,"\u003cspan class\u003d\"yP\" email\u003d\"mail-noreply@google.com\" name\u003d\"Gmail Team\"\u003eGmail Team\u003c/span\u003e","\u0026raquo;\u0026nbsp;","Welcome to the new Gmail inbox","Hi David Meet the new inbox Inbox tabs put you back in control with simple organization so that you",0,"","","10:35 am","Tue, Jul 30, 2013 at 10:35 AM",1375198584460000,,[]
,,0,[]
,,[]
,,"3",[0]
,,"mail-noreply@google.com",,,,0,0]

Here is what a full message loaded and what the email header looks like:

 



  

  




  

   



  

    





    Gmail Team

    <mail-noreply@google.com>

    

 

 

10:35 AM (36 minutes ago)

img class="f T-KT-JX" src="images/cleardot.gif" alt="">

to me 

This is followed by the  body of the message.In addition on each page you have a listing of all the labels, email counts, circles and more data that is preloaded to each page providing you with a large amount of data on your custodians activities but also providing for a large amount of duplicates.

Tomorrow we will go into the important fields and their meanings and I'll provide a regex for carving them out. Recovering webmail used to be simple, just find a javascript library known to the service and carve out the html before and after it, now with JSON/Ajax services like Gmail we get fragments of emails and possibly entire messages but we either have to manually carve them or use a tool like IEF to do it for us.

I start with IEF and let find the fully formed messages and then go back myself to find partials knowing the users email address.

See you tomorrow! Leave comments or questions below if your seeing data differently. I'm going to install fiddler on my system tonight to show how the data looks as its being transmitted.

Smokey Eyes (First Date) � Tutorial!

I was feeling super inspired a couple of weekends ago and decided to film myself getting ready (for a date, ooo-err) and made it into a tutorial for you guys!  Admittedly, this is nothing special makeup wise � I wear this look daily to work and find it really quick and easy to do; it just consists of a bit of eyeliner, flawless base and smokey under-eye shadow.

Watch the video below to see how I created this look!
 
 

Tutorial!

Products Used:
Kiehls Ultra Light Daily Defense SPF 50
Urban Decay Primer Potion
Benefit Stay Flawless Primer
Sleek Ink Pot Gel Eyeliner in Dominatrix
HD Brows Kit (matte black shadow to help pro-long the gel liner)
Cover FX Total Cover Cream Foundation with the Real Techniques Buffing Brush
Avon Supershock Gel Eyeliner in Black
Urban Decay Brow Box
HD Brow Kit (Taupe shadow under the eye)
MAC Studio Finish Concealer in NC15 with the Real Techniques Deluxe Crease Brush
Rimmel Stay Matte Powder
Japonesque Eyelash Curlers
YSL Babydoll Mascara
MAC Blush in Strada
Zoeva Contour Brush
MAC Sushi Kiss Lipstick

I really hope you guys enjoy this!  I�m quite embarrassed about going totally eye makeup free (don�t think I�ve EVER done that before on this blog) but I think it adds to the before & after look!  If you are short of time but want to try this look, swap the gel liner for a liquid liner in a pen form, it�s a lot quicker!

Do let me know if you would like to see any more tutorials from me in the future!

xxxxx

Daily Blog #36: Sunday Funday 7/28/13 Winner!

Hello Reader,

                This Sunday Funday I thought was easier than the last and we had several submissions both post on the blog and submitted anonymously but only one was done before the deadline of Midnight PST. o congratulations go out to Jonathan Turner who while not having the most complete answer of all the ones submitted, that goes to Harlan Carvey this week, as he was the only one who submitted his answer before the cutoff!

I got a lot of answers after, do you need me to change the rules to give you more time to play? I thought 24 hours (I try to post at Saturday midnight CST) was enough time, but you need more time to play I can change the rules to let more people participate. I'm hoping as these contests continue we will continue to get great prizes to give away that will tip you over the 'should I try this one' cliff.

Here was the challenge:

The Challenge:     I'm going to step down the difficulty from last week, I may have been asking for a bit much on a Sunday. So this weeks question is going back to basics:
For a Windows 7 system:
Your client has provided you with a forensic image of a laptop computer that was used by an ex-employee at their new employer, it was obtained legally through discovery in a litigation against them. You previously identified that the employee took data when they left where on the system would you look for the following:
1. The same external drive was plugged into both systems
2. What documents were copied onto the system
3. What documents were accessed on the system

Here is Jonathan's answer:

1) The manufacturer, model, and serial number of USB keys plugged into a system are stored in the registry at HKLM\SYSTEM\Control\(CurrentControlSet|ControlSet001|ControlSet002)\Enum\USBSTOR. Comparing these keys on the two systems should show any common devices.
2) The created timestamp on the above registry key can be used to filter a timeline of file creation times to determine what files were added to the system around the time it was plugged in. These files could contain metadata about where they were originally created as well as other interesting information that can be manually collected.
3) Documents accessed on the system should show up in jump lists and (potentially) shellbag information stored in the users' ntuser.dat hive.

 Here is Harlan's answer:

Sorry this is late, but I was at a couple of events yesterday starting at around 2pm...I'm not sending it in so much as a submission, but more to just provide my response...

*1. The same external drive was plugged into both systems

This type of analysis starts with the Enum\USBStor keys.  I would locate the subkey that contained the device identifier for the external drive in question, and see if there is a serial number listed.  If not, that's okay...we have other correlating information available.  If there is a serial number pulled from the device firmware, then we're in luck.  

Beneath the device serial number key, I can get information about when the device was first plugged in, from the LastWrite time to the LogConf key, as well as the Data value (FILETIME time stamp) from the \Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000 subkey.  I would correlate this time with the value in the setupapi.dev.log file, as well as with the first time for that device that I found in the Windows Event Log (for device connection events).    I could then get subsequent connection times via the Windows Event Log, as well as the final connection time from the NTUSER.DAT hive for the user, via the MountPoints2 key (for the device, given the volume GUID from the MountedDevices key) LastWrite time value.  

To be thorough, I would also check beneath the \Enum\WpdBusEnumRoot\UMB key for any volume subkeys whose names contained information (device ID, SN) about the device in question.

Getting the disk signature for the specific external drive can be difficult on Win7, using just the System hive file, as there is very little information to correlate the Enum\USBStor information to the information in the contents of the MountedDevices key.  However, further analysis will be of use, so keep reading.  ;-)

The "\Microsoft\Windows NT\CurrentVersion\EMDMgmt" key in the Software hive contains a good deal of information regarding both USB thumb drives and external drives; the subkeys will be identifiers for devices, and for external drives, you'd be interested in those that do NOT start with "_??USBSTOR".  The subkey names will have an identifier, as well as several underscores (""); if the name is split on underscores, the first to the last item, if there is one, will be the volume name, and the last item will be the volume serial number, listed in decimal format.  This final value changes if the device is reformatted, but it wouldn't make any sense to copy files to the device, reformat, and then connect it to the target device, so we can assume that this information won't change between the two systems.

I could then use this information to correlate to LNK files in the Windows\Recent and Office\Recent folder within the user profile, as well as LNK streams within the user's *.automaticDestinations-ms Jump Lists.

At this point, I will have a drive letter that the external drive was mapped to, so I can then return to the MountedDevices key in the system hive, and by accessing available VSCs, locate one in which the drive letter was available for the ext. drive.  This will provide me with the disk signature of the device itself, as well as the volume GUID.

At this point, I have device identifier, the device serial number, the volume serial number, potentially the disk signature, and the time(s) of when the external drive had been connected to the laptop.  I can then use this information to correlate to the other system.

*2. What documents were copied onto the system

I would create a timeline of system activity, correlating file creation dates on the system with times when device was connected to the system, based on the time-based information provided in the response to #1 above. 

*3. What documents were accessed on the system

The shellbags artifacts likely won't server you much use this time, as on Win7, they tend to not contain the same sort (and volume) of information as they do on WinXP.  However, I would start by looking at the shortcut/LNK files in the user's profile (Windows\Recent and Office\Recent), as well as Jump Lists.  This information also helps us identify the application used to access the documents (Office, Adobe, etc).  I would also, for clarity sake, verify this information via Registry MRUs, even though some of them (ie, RecentDocs) will not contain full path information.  However, now that we have information about the applications used (from the Jump Lists, after performing any required AppID lookups), I would be sure to examine any available application-specific MRUs.

Harlan gave a great answer but didn't get in on time, so the winner of a Specialist Track ticket to PFIC is Jonathan Turner. There is still more to be said on this topic though. I use specific operating systems for a reason as artifacts change between them and there are still artifacts and scenarios not clearly being shown even in both of these answers. When I'm done with the web 2.0 series I'll go into depth on it.

In the mean time, do you want to go to PFIC? I still have more tickets to give away next week. If two answers make it in on time that are both great (or I change the rules based on your feedback to extend the time), I can give away more than one! Tomorrow we resume the web 2.0 series and I hope you follow along as it continues to give me the motivation to keep these up daily! Only 316 more blogs before the year is up!

Poker Training Software free download latest version

Poker training software is the best software I have ever used. It is the teacher for those who wants to learn how to play Texas Holdem Poker. This poker training software will make you a real champion of Poker game and then you can beat your friends easily.

The best thing about this software is that it is very easy to use and even a child can use it. This software is the reason that you see manysmall kids these days are getting expert in poker. So you also try this software and become a champion of Holdem Poker!

 

 

In Case the Falcons Tear Down Friendship Baptist

It's been in the news so I went see Atlanta's Friendship Baptist Church. If the powers chose the "south" site for the new Falcons Station, Friendship is a goner. But maybe they'll chose the "north" site. I took pictures of the cornerstones, just in case.

 
It's beautiful. The institution itself has been REAL important for a long time though the buildings aren't particularly old.


The 2002 "Listed in National Register of Historic Places" plaque doesn't necessarily mean it's safe.


It's not in perfect condition, but it is in immaculate condition.

 
The gulch swallows it up. It's in such an open area, it doesn't have much visual impact until you get close.


View Larger Map
The church is picturesque but the setting isn't. Friendship is a buffer between the Georgia Dome, the railroad gulch, Castleberry Hill, and the Atlanta University Center.


Go see.


The 2002 bronze plaque plaque (2nd picture in this post) says 1866; this stone says 1862.

 
This is the 1968 cornerstone. This one says "1862" too.


The pastor's cornerstone says 1862.

This deserves more study but I was having a look around. Northside at Martin Luthor King is an "amen corner" with four churches.


Mount Vernon Baptist Church would be a goner if they pick the south site but they aren't talking with the press so we don't hear much about it.


Central United Methodist Chruch is on the west side of Northside Drive. I presume it's not at risk from the stadium.


The West Mitchell CME Church is also safe. Pardon me for taking a picture of the back side. You can't always tell with moderns.

Go see.

Introducing Balthazar!

I don�t know about you, but whenever I see a blogger posting about their pet (whether it be a kitten, bunny rabbit, dog or even hedgehog) I am immediately filled with delight and happiness and sigh a big fat �awwhhh� out loud.  Now, my mum and sister are allergic to cats and dogs (I would love nothing more than a little kitten running around at home) so for my whole life we have always had little hamsters!  I�ve never done a post on hamsters before but thought I�d introduce you to the current cutest member of the Snooks family!





Having a staring contest (excuse the bare, no makeup face!)

Ladies and gents, I introduce you to Balthazar, the light of my life!  Balth is coming up to two years old now so is turning into a little old girl, but she is still as energetic and loving as ever.  Whenever I�m feeling down I just look to Balthazar and she instantly makes me happy.  I�m the trainer of Snooks family hamsters and am always given the job of holding the hamsters first and teaching them not to bite, but Balth has been the only hamster we�ve ever had that has never bitten, ever!  She loves cuddles and I like to feed her food whilst holding her (bonding sessions).

She had to have a little operation a few months ago as she had a little lump that kept growing on her ear, so a vet removed it and she has been happy (but silly looking) ever since and was so brave, running all over the place once she came round from the anaesthetic. 

Our last little hamster was called Bishmael, who was equally as loved and adorable. You can watch a video of Bish and I here -

The last Snooks hamster�Bishmael!

There we have it!  I hope you enjoyed (and squealed �awwh�) at this post.  I�d love to know if you have any little pets, tweet me a photograph! @katesnooks

Do you have a little hamster? What�s your favourite pet to have?

xxxx

How to find an old life insurance policy (and other unclaimed property)

We get a lot of queries from people looking for old life insurance policies that they think might have named them as a beneficiary.

Here are some quick tips. For more specifics and links, please see our brand-new "how to find an old life insurance policy" web page.

• Try to track down as much information as possible. You'll presumably know the name of the policyholder (any name changes?), and it also helps to know the state or states that the person lived in.

• Ideally, you'll be able to locate a copy of the policy itself, which will have a number on it. But sometimes there's a wrinkle: the insurance company or its name may have changed, especially for older policies. That can be a challenge, but your state's insurance department can probably help you track down the current company information. If you live in Washington state -- we're the state insurance regulator there -- feel free to call us at 1-800-562-6900 and talk to our consumer advocacy staff.

• If you can't find the policy, try going through the person's financial records, looking for payments made to an insurer. Also, look through old mail: the company may have sent periodic statements or billing reminders. It's also worth checking with the person's auto- or homeowners insurers, since people sometimes buy life insurance from the same company.

• You could opt to pay a search company to run a check for the person's name through industry databases or send queries to a large number of insurers.

• If a policy goes unclaimed for a long time, insurers are supposed to turn the money over to state-run unclaimed property programs. They hold the money, often forever, in case someone files a claim. You can easily run the person's name through these free, state-run online search sites. Washington state's is at http://ucp.dor.wa.gov, and you can easily find other state's unclaimed property programs at www.unclaimed.org.

• One other important tip: Many life insurance policies automatically end at a certain age.  

Favourite Summer Nail Polishes!

I love choosing out makeup and nail polish shades for different seasons and decided to pick a whopping 18 nail polish shades that I adore for this summer.  This post will be mainly picture heavy, but watch my video to see why I chose these particular shades out!

 
L-R Colour Club in London Calling, Bourjois in Green Fizz, Bourjois in Amande Defile, 17 Lasting Fix in Mint Choc Chip, China Glaze in Too Yacht To Handle,  Bourjois in No Blues


L-R Deborah Lippmann in Lara�s Theme, Mavala in Jaipur, Colour Club in Reign in Spain, 17 Lasting Fix in Orange Soda, Bourjois in Melon.


L-R Bourjois in Peach and Love, Pixi Glow in Pirouette Pink, China Glaze in Neon & On & On, Models Own in Pink Punch


L-R Colour Club in Pardon My French, 17 Lasting Fix in Parma Violet, China Glaze in That�s Shore Bright.

Favourite Summer Nail Polishes!

I explain exactly why I love each polish and show more swatches of it in the video, so have a peak to see why I chose these babies out!

What are your favourite polishes for Summer?

xxx

The Low Museum's Very First Show - Gallery Opening on Monday!

 
Pastiche Lumumba's projected survey based on "Girl with a Pearl" hashtags was live and interactive.

The High Museum closes on Mondays. The Low Museum opens. You can't get a haircut or visit a gallery on Monday. But there I was last night for the very first show at The Low Museum of Contemporary Culture in the Old Fourth Ward.


It's brand new, an idea rather than a place, run by focused students rather than veteran mavens. (The Low Museum is on Facebook and on Twitter @TheLowMuseum.)

It was a gallery hop with only one hop. It takes a little courage to visit a gallery for the first time. Would I see anyone I knew?

The show - #MoreOfTheSame - featured hashtags: "...we are intrinsically aware of the fact that anything we do has been done before."

Clovice Holt, Chris Holloway, Pastiche Lumumba, Steffen Sornpao, Jordan Stubbs, Beau Torres.


This is the place, a gallery in a student's apartment on this odd row of houses on John Wesley Dobbs just off Boulevard. I was happy to see inside after all these years of drive-bys.


The living area became a gallery.


By Steffen Sornpao.


"Double Rothko" by Chris Holloway was huge and delightful.


You young folks will "get" the hashtag stuff. I'll have to study.


I think "Iconversation" by Clovice Holt is a work in progress. It's been getting attention around town.


Jordan Stubbs is the Low Gallery guy. This is his "Last Supper," one in a set of 9 works. The phone in a frame is part of the work. Esme Jarrell is in the "Last Supper" and the only person I knew. Thanks for saying hello Esme.


These outward looking gender-confused portraits at eye-level by Clovice Holt were in charge of the glamor.


These witty artist-at-work self-portraits by Beau Torres rewarded a long look.


The opening and the gallery worked. Folks kept arriving, doing the gallery-browse and gallery-chat.


It was breezy on the porch and we needed it.


 Time to go. I switched to architecture tourist mode. The building is at a high point on the Boulevard corridor, on a wide street with a view of downtown. It feels open and airy.


I wondered about this side-facing ghost portico next door.

 
It was nice to get a close look. I watched it being built in 2004. It never really clicked with me though I liked the geometry, the innie/outie curves, and the scored bands. And who can resist a red awning? Last night I decided that the rustic California-style stucco finish muddied the crisp lines.Was the designer on vacation when they did the stucco?


Thanks for an interesting Monday.

The Low Museum is on Facebook and on Twitter @TheLowMuseum.

COBRA and Medicare: How to avoid a common (and costly) mistake

If you're continuing your employer health coverage through COBRA and you become eligible for Medicare, it's important for you to sign up for Medicare during your Medicare eligibility period.

Here's why: Health insurers generally include language in their policies that says they can refuse to pay bills if they find out that you stayed on COBRA coverage after you were eligible for Medicare.

A lot of consumers get caught in this trap. Many people who are on COBRA don't know that they should sign up for Medicare when they become eligible. Instead, they assume that COBRA will continue to pay their medical bills, so they delaying signing up for Medicare until their COBRA coverage ends.

Then, months after becoming eligible for Medicare, they find out that their COBRA plan is refusing to pay for medical care that the consumer already received. They can't backdate their Medicare enrollment, so they're stuck with those medical bills. Yikes.

Don't get caught in this trap. If you're on COBRA and become eligible for Medicare, sign up.

"My doctor says I need a treatment, but my insurer won't cover it. What can I do?"

Q: "My doctor says that I need a particular medical treatment, but my health insurance company won't cover the cost. Is there anything I can do?"

A: Yes, there definitely is. Contact your health insurer, tell them you want to file an appeal, and ask what you need to do to start the process.

Then collect materials to support your argument, such as letters from your doctors describing why this is the best treatment for you, any medical journal articles or studies showing the treatment's effectiveness, etc.

You may also want to point out the health problems that will or can arise if the company doesn't pay for the treatment. Be sure to provide and estimate of the costs of treating those problems, especially if those costs would be significantly higher than paying for the treatment.

After you send in your appeal to your insurer, don't give up. Most people don't win the first round, but the odds of winning increase as you reach higher levels of appeals. The change of winning is highest when your appeal reaches the final level, called an "independent review organization."

For more tips on appeals, including templates, sample letters and detailed pointers, please see the appeals section of our website or call our consumer advocates at 1-800-562-6900. (If you live in a state other than Washington, please contact your own state's insurance department.)

Free Video Player is the best audio and video player

Free Video Player is something which every computer user is searching for. So today, we re going to share one best and free Free Video Player which I am sure you will like. This Free Video Player has all the latest features and very simple and easy to use interface. This Free Video Player can also be called one best free audio player as well because you can also play your all audio clips with this best and Free Video Player.

 

 

 

A Wake for the Last Church in Blandtown

But see, folks used to live in Blandtown and they built some pretty churches.

I'd like to pay my respects to the folks who met here, got married here, got christened and baptized here, who got eulogized here, who ate many fine covered-dish dinners here.


The Temple of God, 1353 Boyd Avenue as it stood on October 30, 2011.

Blandtown is now the West Midtown Design District. It's home to the Goat Farm Arts Center, Forsyth Fabrics, Lewis and Sharon Textiles, Myott Studio, and all those cool stores on Huff Road and Ellsworth Industrial. It's also home to a remarkable lake-on-a-hilltop, Reservoir Number 1 on Howell Mill.

But it's no longer home to any churches.


This was the last one. Picture courtesy of Myott Studio.


View Larger Map
When you see a lake on a hilltop, you know it ain't natural.


Blandtown is in blue on the NPU D Map. They don't even call it Blandtown anymore.

"Blandtown was named for Felix Bland. Born a slave, he was willed land by his former owner... It was one of the first black settlements around Atlanta after the Civil War. As a community it declined from the 1950s through 1990s" Wikipedia

Now Blandtown is a recovering warehouse light industrial re-purposed to design district. It's practical but nowhere pretty.


So on one of my take-the-long-way-home drives I turned down Boyd Avenue and found this immaculate little church. It could have been painted that very morning for all I could tell.


It classed up the whole street, the whole neighborhood.


I presume this was a walk-to church in its day, surrounded by homes. I'd bet nobody from that era lives in Blandtown today. There are a few new condos and apartments, not gentrification, not exactly.


They saved the cornerstones: Little Bethel, Greater Bethel, J. A. Hadley, Smooth Ashlar, Prince Hall, J.W. Dobbs.


I took pictures of the windows as best I could. North and south sides had matching symbols.


I wanted to see inside but there was no one to let me in.


When I came back on February 27, 2013, it was gone...buffed. I couldn't find a demolition permit. Georgia Power bought it from the Temple of God Inc.on 03-28-2012 for $315,000, about 1/5 acre.

Myott Studio is across the street so I knocked on the door to see if they knew anything. Myott was there, said they took some pictures and they'd send them to me. Here they are.


No fun looking at them. Picture courtesy of Myott Studio.


This is the only way I could see the inside. Picture courtesy of Myott Studio.


Probably a couple of days work. Picture courtesy of Myott Studio.


For the Atlanta insiders: I'm facing due east. The straight-line hill with the streetlights is the dam for Reservoir Number 1.