Okay, take this with a grain of salt, but here is MOO:
This timestamp and intrusion is all smoke and mirrors.
http://www.bizforum.org/whitepapers/cisco-6.htm
Port 445 is for file sharing amongst. If you are trying to file share on a local network, away from Cisco, they may not be able to stop the actual intursion into the network, however, the Cisco Security Agent will prevent the actual file sharing over that port. So it is possible that BC took a home pc, or who knows what on his local connection, bc he would be unable to use the cisco connection without a cisco computer and the csa software, but because he allowed file sharing, and his computer COULD use the local network, there was still no way to share the files over the LAn becasue the CSA would prevent that. So it could appear that someone "hacked" into the system, yet were denied the file sharing over port 445. i would need more infor on the time stamp inconsistincies, and how it could relate to this, but it seems brad was trying to move that file to a different computer.
So, what are your thoughts techies?
The laptop was under police control at that time.