Pages

Wednesday, July 31, 2013

Agent charged with theft and forgery; collected commissions for fictitious customers

A former Vancouver insurance agent has been charged with theft and forgery for allegedly collecting about $15,000 in commissions by creating fictitious applicants for insurance policies.
Julie Anne Goss, 43, an independent agent for AFLAC, was arraigned last week in Clark County Superior Court.
The scam came to light after the owner of a restaurant in Battle Ground, Wash. told AFLAC that she�d received premium bills for two �employees� that had never worked there. 
AFLAC investigated, and it turned out that Goss wrote dozens of policies for 15 people that either weren�t employees at the named businesses or apparently didn�t exist. In other cases, she wrote policies for real employees, but they said they hadn't applied for the coverage.
In each case, Goss stood to get a commission for the policy. All told, the investigator found, between August 2010 and January 2011, Goss wrote 91 fraudulent insurance policies and collected more than $15,000 in commissions for them.
The company canceled its contract with Goss in March 2011 and reported the matter to our Special Investigations Unit. After investigating further, we revoked Goss� insurance license in January 2012. The charges against her were filed in late June.
If you suspect insurance fraud and you live in Washington state, please report it.

Tuesday, July 30, 2013

Daily Blog #37: Web 2.0 Forensics Part 2

Hello Reader,
             Sunday Funday is always fun for me for two reasons. One it gets me two blog posts out of one so I get more time to get work done and two I like getting a general feeling of what level of understanding exists on certain artifacts. So while you get a prize, that I strive to make worth your effort, I get to see what I can continue to help you learn by writing additional blog posts to fill those gaps. With that said we are continuing the web 2.0 series today that I realized was needed from the IEF Sunday Funday challenge two weeks ago.

Json Data Structures

Json data structures are fairly easy to find, they are structure name pairs that are exchanged between the web server and the web client, for instance the Gmail server and the Chrome browser. In this example the Chrome browser would then parse the data to generate the view that you see.

Here is what a message summary from your Gmail inbox looks like:

Index data for gmail
["140303866b4ce541","140303866b4ce541","140303866b4ce541",1,0,["^all","^i","^o","^smartlabel_notification"]
,[]

Email from/subject/message preview and date
,"\u003cspan class\u003d\"yP\" email\u003d\"mail-noreply@google.com\" name\u003d\"Gmail Team\"\u003eGmail Team\u003c/span\u003e","\u0026raquo;\u0026nbsp;","Welcome to the new Gmail inbox","Hi David Meet the new inbox Inbox tabs put you back in control with simple organization so that you",0,"","","10:35 am","Tue, Jul 30, 2013 at 10:35 AM",1375198584460000,,[]
,,0,[]
,,[]
,,"3",[0]
,,"mail-noreply@google.com",,,,0,0]

Here is what a full message loaded and what the email header looks like:








 



 

 




 

   



 

   





    Gmail Team

    <mail-noreply@google.com>

   

 

 















10:35 AM (36 minutes ago)






img class="f T-KT-JX" src="images/cleardot.gif" alt="">
















































to me 
































This is followed by the  body of the message.In addition on each page you have a listing of all the labels, email counts, circles and more data that is preloaded to each page providing you with a large amount of data on your custodians activities but also providing for a large amount of duplicates.

Tomorrow we will go into the important fields and their meanings and I'll provide a regex for carving them out. Recovering webmail used to be simple, just find a javascript library known to the service and carve out the html before and after it, now with JSON/Ajax services like Gmail we get fragments of emails and possibly entire messages but we either have to manually carve them or use a tool like IEF to do it for us.

I start with IEF and let find the fully formed messages and then go back myself to find partials knowing the users email address.

See you tomorrow! Leave comments or questions below if your seeing data differently. I'm going to install fiddler on my system tonight to show how the data looks as its being transmitted.

Smokey Eyes (First Date) � Tutorial!

I was feeling super inspired a couple of weekends ago and decided to film myself getting ready (for a date, ooo-err) and made it into a tutorial for you guys!  Admittedly, this is nothing special makeup wise � I wear this look daily to work and find it really quick and easy to do; it just consists of a bit of eyeliner, flawless base and smokey under-eye shadow.

Watch the video below to see how I created this look!
 
MKAEUPbefore and afterFACEOFTHEDAY 
tutorial2

Tutorial!

Products Used:
Kiehls Ultra Light Daily Defense SPF 50
Urban Decay Primer Potion
Benefit Stay Flawless Primer
Sleek Ink Pot Gel Eyeliner in Dominatrix
HD Brows Kit (matte black shadow to help pro-long the gel liner)
Cover FX Total Cover Cream Foundation with the Real Techniques Buffing Brush
Avon Supershock Gel Eyeliner in Black
Urban Decay Brow Box
HD Brow Kit (Taupe shadow under the eye)
MAC Studio Finish Concealer in NC15 with the Real Techniques Deluxe Crease Brush
Rimmel Stay Matte Powder
Japonesque Eyelash Curlers
YSL Babydoll Mascara
MAC Blush in Strada
Zoeva Contour Brush
MAC Sushi Kiss Lipstick

I really hope you guys enjoy this!  I�m quite embarrassed about going totally eye makeup free (don�t think I�ve EVER done that before on this blog) but I think it adds to the before & after look!  If you are short of time but want to try this look, swap the gel liner for a liquid liner in a pen form, it�s a lot quicker!

Do let me know if you would like to see any more tutorials from me in the future!

xxxxx

Monday, July 29, 2013

Daily Blog #36: Sunday Funday 7/28/13 Winner!

Hello Reader,
                This Sunday Funday I thought was easier than the last and we had several submissions both post on the blog and submitted anonymously but only one was done before the deadline of Midnight PST. o congratulations go out to Jonathan Turner who while not having the most complete answer of all the ones submitted, that goes to Harlan Carvey this week, as he was the only one who submitted his answer before the cutoff!

I got a lot of answers after, do you need me to change the rules to give you more time to play? I thought 24 hours (I try to post at Saturday midnight CST) was enough time, but you need more time to play I can change the rules to let more people participate. I'm hoping as these contests continue we will continue to get great prizes to give away that will tip you over the 'should I try this one' cliff.

Here was the challenge:
The Challenge:     I'm going to step down the difficulty from last week, I may have been asking for a bit much on a Sunday. So this weeks question is going back to basics:
For a Windows 7 system:
Your client has provided you with a forensic image of a laptop computer that was used by an ex-employee at their new employer, it was obtained legally through discovery in a litigation against them. You previously identified that the employee took data when they left where on the system would you look for the following:
1. The same external drive was plugged into both systems
2. What documents were copied onto the system
3. What documents were accessed on the system

Here is Jonathan's answer:
1) The manufacturer, model, and serial number of USB keys plugged into a system are stored in the registry at HKLM\SYSTEM\Control\(CurrentControlSet|ControlSet001|ControlSet002)\Enum\USBSTOR. Comparing these keys on the two systems should show any common devices.
2) The created timestamp on the above registry key can be used to filter a timeline of file creation times to determine what files were added to the system around the time it was plugged in. These files could contain metadata about where they were originally created as well as other interesting information that can be manually collected.
3) Documents accessed on the system should show up in jump lists and (potentially) shellbag information stored in the users' ntuser.dat hive.

 Here is Harlan's answer:
Sorry this is late, but I was at a couple of events yesterday starting at around 2pm...I'm not sending it in so much as a submission, but more to just provide my response...

*1. The same external drive was plugged into both systems

This type of analysis starts with the Enum\USBStor keys.  I would locate the subkey that contained the device identifier for the external drive in question, and see if there is a serial number listed.  If not, that's okay...we have other correlating information available.  If there is a serial number pulled from the device firmware, then we're in luck.  

Beneath the device serial number key, I can get information about when the device was first plugged in, from the LastWrite time to the LogConf key, as well as the Data value (FILETIME time stamp) from the \Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000 subkey.  I would correlate this time with the value in the setupapi.dev.log file, as well as with the first time for that device that I found in the Windows Event Log (for device connection events).    I could then get subsequent connection times via the Windows Event Log, as well as the final connection time from the NTUSER.DAT hive for the user, via the MountPoints2 key (for the device, given the volume GUID from the MountedDevices key) LastWrite time value.  

To be thorough, I would also check beneath the \Enum\WpdBusEnumRoot\UMB key for any volume subkeys whose names contained information (device ID, SN) about the device in question.

Getting the disk signature for the specific external drive can be difficult on Win7, using just the System hive file, as there is very little information to correlate the Enum\USBStor information to the information in the contents of the MountedDevices key.  However, further analysis will be of use, so keep reading.  ;-)

The "\Microsoft\Windows NT\CurrentVersion\EMDMgmt" key in the Software hive contains a good deal of information regarding both USB thumb drives and external drives; the subkeys will be identifiers for devices, and for external drives, you'd be interested in those that do NOT start with "_??USBSTOR".  The subkey names will have an identifier, as well as several underscores (""); if the name is split on underscores, the first to the last item, if there is one, will be the volume name, and the last item will be the volume serial number, listed in decimal format.  This final value changes if the device is reformatted, but it wouldn't make any sense to copy files to the device, reformat, and then connect it to the target device, so we can assume that this information won't change between the two systems.

I could then use this information to correlate to LNK files in the Windows\Recent and Office\Recent folder within the user profile, as well as LNK streams within the user's *.automaticDestinations-ms Jump Lists.

At this point, I will have a drive letter that the external drive was mapped to, so I can then return to the MountedDevices key in the system hive, and by accessing available VSCs, locate one in which the drive letter was available for the ext. drive.  This will provide me with the disk signature of the device itself, as well as the volume GUID.

At this point, I have device identifier, the device serial number, the volume serial number, potentially the disk signature, and the time(s) of when the external drive had been connected to the laptop.  I can then use this information to correlate to the other system.

*2. What documents were copied onto the system

I would create a timeline of system activity, correlating file creation dates on the system with times when device was connected to the system, based on the time-based information provided in the response to #1 above. 

*3. What documents were accessed on the system

The shellbags artifacts likely won't server you much use this time, as on Win7, they tend to not contain the same sort (and volume) of information as they do on WinXP.  However, I would start by looking at the shortcut/LNK files in the user's profile (Windows\Recent and Office\Recent), as well as Jump Lists.  This information also helps us identify the application used to access the documents (Office, Adobe, etc).  I would also, for clarity sake, verify this information via Registry MRUs, even though some of them (ie, RecentDocs) will not contain full path information.  However, now that we have information about the applications used (from the Jump Lists, after performing any required AppID lookups), I would be sure to examine any available application-specific MRUs.

Harlan gave a great answer but didn't get in on time, so the winner of a Specialist Track ticket to PFIC is Jonathan Turner. There is still more to be said on this topic though. I use specific operating systems for a reason as artifacts change between them and there are still artifacts and scenarios not clearly being shown even in both of these answers. When I'm done with the web 2.0 series I'll go into depth on it.

In the mean time, do you want to go to PFIC? I still have more tickets to give away next week. If two answers make it in on time that are both great (or I change the rules based on your feedback to extend the time), I can give away more than one! Tomorrow we resume the web 2.0 series and I hope you follow along as it continues to give me the motivation to keep these up daily! Only 316 more blogs before the year is up!

Poker Training Software free download latest version

Poker training software is the best software I have ever used. It is the teacher for those who wants to learn how to play Texas Holdem Poker. This poker training software will make you a real champion of Poker game and then you can beat your friends easily.
The best thing about this software is that it is very easy to use and even a child can use it. This software is the reason that you see manysmall kids these days are getting expert in poker. So you also try this software and become a champion of Holdem Poker!
 
 

In Case the Falcons Tear Down Friendship Baptist

It's been in the news so I went see Atlanta's Friendship Baptist Church. If the powers chose the "south" site for the new Falcons Station, Friendship is a goner. But maybe they'll chose the "north" site. I took pictures of the cornerstones, just in case.

 
It's beautiful. The institution itself has been REAL important for a long time though the buildings aren't particularly old.

IMG_2699-2013-07-26-Friendship-Baptist-Church-Atlanta-historical-Plaque-placed-April-2002
The 2002 "Listed in National Register of Historic Places" plaque doesn't necessarily mean it's safe.

IMG_2698 2013-07-26-Friendship-Baptist-Church-Atlanta sign
It's not in perfect condition, but it is in immaculate condition.

 IMG_2693 2013-07-26-Friendship-Baptist-Church-Atlanta
The gulch swallows it up. It's in such an open area, it doesn't have much visual impact until you get close.


View Larger Map
The church is picturesque but the setting isn't. Friendship is a buffer between the Georgia Dome, the railroad gulch, Castleberry Hill, and the Atlanta University Center.

IMG_2694 2013-07-26-Friendship-Baptist-Church-Atlanta
Go see.

IMG_2701-2013-07-26-Friendship-Baptist-Church-Atlanta-Cornerstone-1862-date
The 2002 bronze plaque plaque (2nd picture in this post) says 1866; this stone says 1862.

 IMG_2702-2013-07-26-Friendship-Baptist-Church-Atlanta-Cornerstone-placed-1968
This is the 1968 cornerstone. This one says "1862" too.

IMG_2700-2013-07-26-Friendship-Baptist-Church-Atlanta-Cornerstone-list-of-pastors
The pastor's cornerstone says 1862.

This deserves more study but I was having a look around. Northside at Martin Luthor King is an "amen corner" with four churches.

IMG_2687 2013-07-26-Mount-Vernon-Baptist-Church-Atlanta-MLK
Mount Vernon Baptist Church would be a goner if they pick the south site but they aren't talking with the press so we don't hear much about it.

IMG_2690-2013-07-26-Central-United-Methodist-Chruch-Atlanta-Mitchell-Street-detail
Central United Methodist Chruch is on the west side of Northside Drive. I presume it's not at risk from the stadium.

IMG_2692 2013-07-26-West-Mitchell-CME-Church-Atlanta
The West Mitchell CME Church is also safe. Pardon me for taking a picture of the back side. You can't always tell with moderns.

Go see.

Friday, July 26, 2013

Introducing Balthazar!

I don�t know about you, but whenever I see a blogger posting about their pet (whether it be a kitten, bunny rabbit, dog or even hedgehog) I am immediately filled with delight and happiness and sigh a big fat �awwhhh� out loud.  Now, my mum and sister are allergic to cats and dogs (I would love nothing more than a little kitten running around at home) so for my whole life we have always had little hamsters!  I�ve never done a post on hamsters before but thought I�d introduce you to the current cutest member of the Snooks family!

BALTHAZAR1
BALTHAZAR2
image(5)
BPJxx9HCUAAjEyp.jpg large
Having a staring contest (excuse the bare, no makeup face!)

Ladies and gents, I introduce you to Balthazar, the light of my life!  Balth is coming up to two years old now so is turning into a little old girl, but she is still as energetic and loving as ever.  Whenever I�m feeling down I just look to Balthazar and she instantly makes me happy.  I�m the trainer of Snooks family hamsters and am always given the job of holding the hamsters first and teaching them not to bite, but Balth has been the only hamster we�ve ever had that has never bitten, ever!  She loves cuddles and I like to feed her food whilst holding her (bonding sessions).

She had to have a little operation a few months ago as she had a little lump that kept growing on her ear, so a vet removed it and she has been happy (but silly looking) ever since and was so brave, running all over the place once she came round from the anaesthetic. 

Our last little hamster was called Bishmael, who was equally as loved and adorable. You can watch a video of Bish and I here -

The last Snooks hamster�Bishmael!

There we have it!  I hope you enjoyed (and squealed �awwh�) at this post.  I�d love to know if you have any little pets, tweet me a photograph! @katesnooks

Do you have a little hamster? What�s your favourite pet to have?

xxxx

Thursday, July 25, 2013

How to find an old life insurance policy (and other unclaimed property)

We get a lot of queries from people looking for old life insurance policies that they think might have named them as a beneficiary.

Here are some quick tips. For more specifics and links, please see our brand-new "how to find an old life insurance policy" web page.
  • Try to track down as much information as possible. You'll presumably know the name of the policyholder (any name changes?), and it also helps to know the state or states that the person lived in.

  • Ideally, you'll be able to locate a copy of the policy itself, which will have a number on it. But sometimes there's a wrinkle: the insurance company or its name may have changed, especially for older policies. That can be a challenge, but your state's insurance department can probably help you track down the current company information. If you live in Washington state -- we're the state insurance regulator there -- feel free to call us at 1-800-562-6900 and talk to our consumer advocacy staff.

  • If you can't find the policy, try going through the person's financial records, looking for payments made to an insurer. Also, look through old mail: the company may have sent periodic statements or billing reminders. It's also worth checking with the person's auto- or homeowners insurers, since people sometimes buy life insurance from the same company.

  • You could opt to pay a search company to run a check for the person's name through industry databases or send queries to a large number of insurers.

  • If a policy goes unclaimed for a long time, insurers are supposed to turn the money over to state-run unclaimed property programs. They hold the money, often forever, in case someone files a claim. You can easily run the person's name through these free, state-run online search sites. Washington state's is at http://ucp.dor.wa.gov, and you can easily find other state's unclaimed property programs at www.unclaimed.org.

Wednesday, July 24, 2013

Favourite Summer Nail Polishes!

I love choosing out makeup and nail polish shades for different seasons and decided to pick a whopping 18 nail polish shades that I adore for this summer.  This post will be mainly picture heavy, but watch my video to see why I chose these particular shades out!

SUMMERNAILS BLUEGREEN NAILS
L-R Colour Club in London Calling, Bourjois in Green Fizz, Bourjois in Amande Defile, 17 Lasting Fix in Mint Choc Chip, China Glaze in Too Yacht To Handle,  Bourjois in No Blues

ORANGE NAILS
L-R Deborah Lippmann in Lara�s Theme, Mavala in Jaipur, Colour Club in Reign in Spain, 17 Lasting Fix in Orange Soda, Bourjois in Melon.

PINK SUMMER NAILS
L-R Bourjois in Peach and Love, Pixi Glow in Pirouette Pink, China Glaze in Neon & On & On, Models Own in Pink Punch

PURPLE NAISL
L-R Colour Club in Pardon My French, 17 Lasting Fix in Parma Violet, China Glaze in That�s Shore Bright.

SUMMER NAILS

Favourite Summer Nail Polishes!

I explain exactly why I love each polish and show more swatches of it in the video, so have a peak to see why I chose these babies out!

What are your favourite polishes for Summer?

xxx

Tuesday, July 23, 2013

The Low Museum's Very First Show - Gallery Opening on Monday!

 
Pastiche Lumumba's projected survey based on "Girl with a Pearl" hashtags was live and interactive.

The High Museum closes on Mondays. The Low Museum opens. You can't get a haircut or visit a gallery on Monday. But there I was last night for the very first show at The Low Museum of Contemporary Culture in the Old Fourth Ward.

IMG_2591-2013-07-22-opening-Low-Museum-MoreOfTheSame-sign-right-Jordan-Stubbs
It's brand new, an idea rather than a place, run by focused students rather than veteran mavens. (The Low Museum is on Facebook and on Twitter @TheLowMuseum.)

It was a gallery hop with only one hop. It takes a little courage to visit a gallery for the first time. Would I see anyone I knew?

The show - #MoreOfTheSame - featured hashtags: "...we are intrinsically aware of the fact that anything we do has been done before."

Clovice Holt, Chris Holloway, Pastiche Lumumba, Steffen Sornpao, Jordan Stubbs, Beau Torres.

IMG_2596-2013-07-22-opening-Low-Museum-MoreOfTheSame-curve-modern-rustic-stucco-California-style-facade-John-Wesley-Dobbs
This is the place, a gallery in a student's apartment on this odd row of houses on John Wesley Dobbs just off Boulevard. I was happy to see inside after all these years of drive-bys.

IMG_2590-2013-07-22-opening-Low-Museum-MoreOfTheSame
The living area became a gallery.

IMG_2583-2013-07-22-opening-Low-Museum-MoreOfTheSame-poloroids-by-Steffen-Sornpao
By Steffen Sornpao.

IMG_2580-2013-07-22-opening-Low-Museum-MoreOfTheSame-Double-Rothko-by-Chris Holloway
"Double Rothko" by Chris Holloway was huge and delightful.


You young folks will "get" the hashtag stuff. I'll have to study.

IMG_2588-2013-07-22-opening-Low-Museum-MoreOfTheSame-Iconversation-by-Clovice-Holt
I think "Iconversation" by Clovice Holt is a work in progress. It's been getting attention around town.

IMG_2578-2013-07-22-opening-Low-Museum-MoreOfTheSame-Last Supper-by-Jordan-Stubbs-with-Esme-Jarrell
Jordan Stubbs is the Low Gallery guy. This is his "Last Supper," one in a set of 9 works. The phone in a frame is part of the work. Esme Jarrell is in the "Last Supper" and the only person I knew. Thanks for saying hello Esme.

IMG_2586-2013-07-22-opening-Low-Museum-MoreOfTheSame
These outward looking gender-confused portraits at eye-level by Clovice Holt were in charge of the glamor.

IMG_2587-2013-07-22-opening-Low-Museum-MoreOfTheSame
These witty artist-at-work self-portraits by Beau Torres rewarded a long look.

IMG_2589-2013-07-22-opening-Low-Museum-MoreOfTheSame
The opening and the gallery worked. Folks kept arriving, doing the gallery-browse and gallery-chat.

IMG_2594-2013-07-22-opening-Low-Museum-MoreOfTheSame-porch-smile-red-chair
It was breezy on the porch and we needed it.

IMG_2582-2013-07-22-opening-Low-Museum-MoreOfTheSame-porch-sunset-sunburst-balustrade
 Time to go. I switched to architecture tourist mode. The building is at a high point on the Boulevard corridor, on a wide street with a view of downtown. It feels open and airy.

IMG_2593-2013-07-22-opening-Low-Museum-MoreOfTheSame-ghost-gable-next-door
I wondered about this side-facing ghost portico next door.

IMG_2595-2013-07-22-opening-Low-Museum-MoreOfTheSame-curve-modern-sunset-rustic-stucco-California-style-false-color 
It was nice to get a close look. I watched it being built in 2004. It never really clicked with me though I liked the geometry, the innie/outie curves, and the scored bands. And who can resist a red awning? Last night I decided that the rustic California-style stucco finish muddied the crisp lines.Was the designer on vacation when they did the stucco?

IMG_2581-2013-07-22-opening-Low-Museum-MoreOfTheSame
Thanks for an interesting Monday.

The Low Museum is on Facebook and on Twitter @TheLowMuseum.


COBRA and Medicare: How to avoid a common (and costly) mistake

If you're continuing your employer health coverage through COBRA and you become eligible for Medicare, it's important for you to sign up for Medicare during your Medicare eligibility period.

Here's why: Health insurers generally include language in their policies that says they can refuse to pay bills if they find out that you stayed on COBRA coverage after you were eligible for Medicare.

A lot of consumers get caught in this trap. Many people who are on COBRA don't know that they should sign up for Medicare when they become eligible. Instead, they assume that COBRA will continue to pay their medical bills, so they delaying signing up for Medicare until their COBRA coverage ends.

Then, months after becoming eligible for Medicare, they find out that their COBRA plan is refusing to pay for medical care that the consumer already received. They can't backdate their Medicare enrollment, so they're stuck with those medical bills. Yikes.

Don't get caught in this trap. If you're on COBRA and become eligible for Medicare, sign up.

Saturday, July 20, 2013

"My doctor says I need a treatment, but my insurer won't cover it. What can I do?"

Q: "My doctor says that I need a particular medical treatment, but my health insurance company won't cover the cost. Is there anything I can do?"

A: Yes, there definitely is. Contact your health insurer, tell them you want to file an appeal, and ask what you need to do to start the process.

Then collect materials to support your argument, such as letters from your doctors describing why this is the best treatment for you, any medical journal articles or studies showing the treatment's effectiveness, etc.

You may also want to point out the health problems that will or can arise if the company doesn't pay for the treatment. Be sure to provide and estimate of the costs of treating those problems, especially if those costs would be significantly higher than paying for the treatment.

After you send in your appeal to your insurer, don't give up. Most people don't win the first round, but the odds of winning increase as you reach higher levels of appeals. The change of winning is highest when your appeal reaches the final level, called an "independent review organization."

For more tips on appeals, including templates, sample letters and detailed pointers, please see the appeals section of our website or call our consumer advocates at 1-800-562-6900. (If you live in a state other than Washington, please contact your own state's insurance department.)

Friday, July 19, 2013

Free Video Player is the best audio and video player

Free Video Player is something which every computer user is searching for. So today, we re going to share one best and free Free Video Player which I am sure you will like. This Free Video Player has all the latest features and very simple and easy to use interface. This Free Video Player can also be called one best free audio player as well because you can also play your all audio clips with this best and Free Video Player.