April 22 weekend of Sleuthiness

Status
Not open for further replies.
In computer science they teach about algorithms, languages, grammars, compilers, logic, data handling, etc.

You're not likely to find a computer science major sitting in a class where they tell you: "Now, this is how you clear the cache in IE. Here is how you fix a Windows 7 bootup problem. This is the software package you want to buy to do your taxes. Here is how iTunes works. Etc." The high school kid working for the Geek Squad is likely to know more about that kind of stuff.

Kind of like an excellent mechanic may be an awful race car driver.

Right. Data handling. He would know all about it.

This is what he knew: http://www.cpsc.ucalgary.ca/cpsc_research/groups
 
But doesn't that seem a little crazy? That suggests that some investigator is framing people. It's not entirely impossible, but seems very unusual.

INCONCEIVABLE!
- Vazzini, "The Princess Bride"
 
Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?
 
I didn't see anything on that list about Windows Vista implementation and maintenance. I must have missed it.

I asked this question awhile back but I'm not sure anybody has the answer: did Brad have complete administrative access to his computer?
 
Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?

It does not require sophisticated extraction techniques to see the information. Like I said in a previous post it is possible whoever did the tampering did not know the timestamps were not correct.

Also, the FBI was looking for things on the PC that might indicate things like pre-meditation, things leading to motive, things being wiped, etc. JW is a security expert, he specializes in looking for things that have been done to computers in addition to things that are simply on computers. I think they were given different tasks and as such the analysis of the data they looked at in relation to those tasks led to different conclusions.
 
I didn't see anything on that list about Windows Vista implementation and maintenance. I must have missed it.

I'm not sure I understand what you're saying. Are you saying that even though he had a degree in computer science, he didn't know how to do computer basics? I suspect he had built a computer if only for the challenge. I suspect that he was quite capable in managing vista (which is a dud operating system IMO). He would know about information security, software engineering and pretty much everything about computers.
 
Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?

Well, Johnson/Chapell didn't think anything was out of the ordinary about the time stamps being off. They didn't even mention it in their report so I don't think it's something easily noticed. JW noticed it because he does this for a living. I believe his skill level is higher.
 
I asked this question awhile back but I'm not sure anybody has the answer: did Brad have complete administrative access to his computer?

If I remember the testimony from CF he said users have administrator privileges but not access to the administrator account. But he was running Vista so if it was an unsupported platform who knows.
 
Well, Johnson/Chapell didn't think anything was out of the ordinary about the time stamps being off. They didn't even mention it in their report so I don't think it's something easily noticed. JW noticed it because he does this for a living. I believe his skill level is higher.

My opinion is that the state experts were well aware of the invalid timestamps. I think they were asked about it not being in their report and they answered that they did not see that it was relevant.
 
If I remember the testimony from CF he said users have administrator privileges but not access to the administrator account. But he was running Vista so if it was an unsupported platform who knows.

I'm just wondering if he would have had access to edit the registry.
 
My honest take on it is that prosecution didn't want to have information presented to the jury that was not accurate. I could go in and testify about these computer files but I wouldn't get it right because I'm not an expert. I might be able to make it sound good though. You can't have somebody testifying as an expert when he hasn't been accepted as an expert by the court. JW, through the questions posed by Kurtz, was trying to give an expert opinion. Zellinger was right to object.

But he is an expert at identifying tampering on a computer. He's not an expert at doing a forensic analysis...but that doesn't mean he knows nothing about computers or files. He knows what files should look like and what it looks like when things aren't right. That is the crazy part of Gessner's ruling. I agree that his MFT version shouldn't have been introduced. But he was simply using what was introduced by the prosecution and saying what was wrong. That wasn't the forensic analysis part...the report that was introduced was the forensic analysis part. And that "expert" said he didn't know why or how the files were modified.
 
But he is an expert at identifying tampering on a computer. He's not an expert at doing a forensic analysis...but that doesn't mean he knows nothing about computers or files. He knows what files should look like and what it looks like when things aren't right. That is the crazy part of Gessner's ruling. I agree that his MFT version shouldn't have been introduced. But he was simply using what was introduced by the prosecution and saying what was wrong. That wasn't the forensic analysis part...the report that was introduced was the forensic analysis part. And that "expert" said he didn't know why or how the files were modified.

What files were modified?
 
I'm not sure I understand what you're saying. Are you saying that even though he had a degree in computer science, he didn't know how to do computer basics? I suspect he had built a computer if only for the challenge. I suspect that he was quite capable in managing vista (which is a dud operating system IMO). He would know about information security, software engineering and pretty much everything about computers.
OK, truce. I'm not going to argue the point.
 
I can't say that I think that definitely means he did it. I'm looking forward to the other expert that the defense team wants to call. I would love to look forward to the prosecution expert but I know we won't get to see and hear him from home. I would go to court but if I bought a plane ticket to fly to Raleigh, got a hotel room and left my husband home to take care of the zoo, I might just find myself on a very strict allowance when I got home. :)

Certainly no more that $300/week.
 
If CPD tampered with the files, why the heck did they then have the FBI look at them? Wouldn't they be concerned about advanced techniques/technologies that could detect tampering? That would just be idiotic to drag the FBI into it, if they'd planted files.

Because it is "the smoking gun". They had to have that PC searched (even if they didn't tamper with it).
 
And so the FBI comes across odd timestamps. Yet they're still testifying for the prosecution? Collusion?

I believe he is a Durham police detective, not FBI. And he testified he couldn't explain why those files had invalid timestamps, but he didn't think there was tampering.
 
Status
Not open for further replies.

Members online

Online statistics

Members online
203
Guests online
2,283
Total visitors
2,486

Forum statistics

Threads
589,955
Messages
17,928,238
Members
228,016
Latest member
ignoreme123
Back
Top