April 22 weekend of Sleuthiness - Page 40

cody100 · #**976** 04-23-2011, 08:50 PM

Quote:

Originally Posted by SleuthinNC

What if CPD did not do it?

I have thought about that possibility and believe(if it did happen and wasn't CPD), it would have to be someone close enough to want to know when the computer would be unattended and smart enough to get into the system. Perhaps it would be for revenge or someone that felt the evidence so far was not compelling enough. IMO only and purely speculation.

WolfpackWoman · #**977** 04-23-2011, 08:50 PM

Quote:

Originally Posted by unc70

I need to rewatch the Cisco employee's testimony about when they left for lunch. If one of them had documented leaving earlier, say before 1:15, then the entire Google search evidence would be in question. Anyone remember his name or which day that was?

If we are allowed to post his name, it's G. Miglucci. If we aren't (because he's a third party to the case), please let me know, and I will take it down. I don't remember the date he testified on. I know that he first stated 1:00. Then later stated 1:15 to leave. By the end of the discussion, he said he could have been anywhere between 1:00 and 1:30.

Cheyenne130 · #**978** 04-23-2011, 08:50 PM

Quote:

Originally Posted by unc70

I need to rewatch the Cisco employee's testimony about when they left for lunch. If one of them had documented leaving earlier, say before 1:15, then the entire Google search evidence would be in question. Anyone remember his name or which day that was?

I remember his testimony (not his name). Initially he said they left at 1 o'clock. He said they were gone for an hour and a half. When he continued and said that they got back to the office at 3, he realized it was closer to 1:30 when they left for lunch.

SleuthSayer · #**979** 04-23-2011, 08:51 PM

Quote:

Originally Posted by otto

Are you saying that even though he had a BSc in comp sc he didn't know what he was doing with computers?

In computer science they teach about algorithms, languages, grammars, compilers, logic, data handling, etc.

You're not likely to find a computer science major sitting in a class where they tell you: "Now, this is how you clear the cache in IE. Here is how you fix a Windows 7 bootup problem. This is the software package you want to buy to do your taxes. Here is how iTunes works. Etc." The high school kid working for the Geek Squad is likely to know more about that kind of stuff.

Kind of like an excellent mechanic may be an awful race car driver.

unc70 · #**980** 04-23-2011, 08:51 PM

Quote:

Originally Posted by Cheyenne130

I have a feeling there are a lot of people that are well trained in computers and think that they have left nothing of evidentiary value on their computers but the FBI still catches them. MOO

You realize that CC isn't really FBI. He is a Durham PD investigator.

Cheyenne130 · #**981** 04-23-2011, 08:52 PM

Quote:

Originally Posted by unc70

You realize that CC isn't really FBI. He is a Durham PD investigator.

Yes, I understand his position and his assignment to the special task force.

otto · #**982** 04-23-2011, 08:56 PM

Quote:

Originally Posted by SleuthSayer

In computer science they teach about algorithms, languages, grammars, compilers, logic, data handling, etc.

You're not likely to find a computer science major sitting in a class where they tell you: "Now, this is how you clear the cache in IE. Here is how you fix a Windows 7 bootup problem. This is the software package you want to buy to do your taxes. Here is how iTunes works. Etc." The high school kid working for the Geek Squad is likely to know more about that kind of stuff.

Kind of like an excellent mechanic may be an awful race car driver.

Right. Data handling. He would know all about it.

This is what he knew: http://www.cpsc.ucalgary.ca/cpsc_research/groups

unc70 · #**983** 04-23-2011, 09:00 PM

Quote:

Originally Posted by otto

But doesn't that seem a little crazy? That suggests that some investigator is framing people. It's not entirely impossible, but seems very unusual.

INCONCEIVABLE!
- Vazzini, "The Princess Bride"

Bottle Cap · #**984** 04-23-2011, 09:01 PM

Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?

SleuthSayer · #**985** 04-23-2011, 09:09 PM

Quote:

Originally Posted by otto

Right. Data handling. He would know all about it.

This is what he knew: http://www.cpsc.ucalgary.ca/cpsc_research/groups

I didn't see anything on that list about Windows Vista implementation and maintenance. I must have missed it.

Cheyenne130 · #**986** 04-23-2011, 09:12 PM

Quote:

Originally Posted by SleuthSayer

I didn't see anything on that list about Windows Vista implementation and maintenance. I must have missed it.

I asked this question awhile back but I'm not sure anybody has the answer: did Brad have complete administrative access to his computer?

FullDisclosure · #**987** 04-23-2011, 09:13 PM

Quote:

Originally Posted by unc70

I need to rewatch the Cisco employee's testimony about when they left for lunch. If one of them had documented leaving earlier, say before 1:15, then the entire Google search evidence would be in question. Anyone remember his name or which day that was?

Here ya go!
http://www.wral.com/specialreports/n...2/#/vid9404332

SleuthinNC · #**988** 04-23-2011, 09:16 PM

Quote:

Originally Posted by Bottle Cap

Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?

It does not require sophisticated extraction techniques to see the information. Like I said in a previous post it is possible whoever did the tampering did not know the timestamps were not correct.

Also, the FBI was looking for things on the PC that might indicate things like pre-meditation, things leading to motive, things being wiped, etc. JW is a security expert, he specializes in looking for things that have been done to computers in addition to things that are simply on computers. I think they were given different tasks and as such the analysis of the data they looked at in relation to those tasks led to different conclusions.

otto · #**989** 04-23-2011, 09:17 PM

Quote:

Originally Posted by SleuthSayer

I didn't see anything on that list about Windows Vista implementation and maintenance. I must have missed it.

I'm not sure I understand what you're saying. Are you saying that even though he had a degree in computer science, he didn't know how to do computer basics? I suspect he had built a computer if only for the challenge. I suspect that he was quite capable in managing vista (which is a dud operating system IMO). He would know about information security, software engineering and pretty much everything about computers.

sunshine05 · #**990** 04-23-2011, 09:18 PM

Quote:

Originally Posted by Bottle Cap

Ok, say CPD didn't do it. Whoever did, we agree that they're smart enough to get in there without detection. They're smart enough to plant the stuff so that it requires sophisticated extraction techniques to access.

And this person committing such a crime, with all this tech savvy, isn't smart enough to make sure the timestamps add up? Wouldn't that be the FIRST thing you'd be concerned about, in order to make him look guilty and in order to cover your own tracks?

Well, Johnson/Chapell didn't think anything was out of the ordinary about the time stamps being off. They didn't even mention it in their report so I don't think it's something easily noticed. JW noticed it because he does this for a living. I believe his skill level is higher.

SleuthinNC · #**991** 04-23-2011, 09:22 PM

Quote:

Originally Posted by Cheyenne130

I asked this question awhile back but I'm not sure anybody has the answer: did Brad have complete administrative access to his computer?

If I remember the testimony from CF he said users have administrator privileges but not access to the administrator account. But he was running Vista so if it was an unsupported platform who knows.

Cheyenne130 · #**992** 04-23-2011, 09:23 PM

Quote:

Originally Posted by sunshine05

Well, Johnson/Chapell didn't think anything was out of the ordinary about the time stamps being off. They didn't even mention it in their report so I don't think it's something easily noticed. JW noticed it because he does this for a living. I believe his skill level is higher.

My opinion is that the state experts were well aware of the invalid timestamps. I think they were asked about it not being in their report and they answered that they did not see that it was relevant.

Cheyenne130 · #**993** 04-23-2011, 09:24 PM

Quote:

Originally Posted by SleuthinNC

If I remember the testimony from CF he said users have administrator privileges but not access to the administrator account. But he was running Vista so if it was an unsupported platform who knows.

I'm just wondering if he would have had access to edit the registry.

otto · #**994** 04-23-2011, 09:26 PM

Quote:

Originally Posted by Cheyenne130

I'm just wondering if he would have had access to edit the registry.

I would think so. When I've had admin privileges to a work computer, I have full run of the machine.

ncsu95 · #**995** 04-23-2011, 09:35 PM

Quote:

Originally Posted by Cheyenne130

My honest take on it is that prosecution didn't want to have information presented to the jury that was not accurate. I could go in and testify about these computer files but I wouldn't get it right because I'm not an expert. I might be able to make it sound good though. You can't have somebody testifying as an expert when he hasn't been accepted as an expert by the court. JW, through the questions posed by Kurtz, was trying to give an expert opinion. Zellinger was right to object.

But he is an expert at identifying tampering on a computer. He's not an expert at doing a forensic analysis...but that doesn't mean he knows nothing about computers or files. He knows what files should look like and what it looks like when things aren't right. That is the crazy part of Gessner's ruling. I agree that his MFT version shouldn't have been introduced. But he was simply using what was introduced by the prosecution and saying what was wrong. That wasn't the forensic analysis part...the report that was introduced was the forensic analysis part. And that "expert" said he didn't know why or how the files were modified.

Cheyenne130 · #**996** 04-23-2011, 09:40 PM

Quote:

Originally Posted by ncsu95

But he is an expert at identifying tampering on a computer. He's not an expert at doing a forensic analysis...but that doesn't mean he knows nothing about computers or files. He knows what files should look like and what it looks like when things aren't right. That is the crazy part of Gessner's ruling. I agree that his MFT version shouldn't have been introduced. But he was simply using what was introduced by the prosecution and saying what was wrong. That wasn't the forensic analysis part...the report that was introduced was the forensic analysis part. And that "expert" said he didn't know why or how the files were modified.

What files were modified?

SleuthSayer · #**997** 04-23-2011, 09:48 PM

Quote:

Originally Posted by otto

I'm not sure I understand what you're saying. Are you saying that even though he had a degree in computer science, he didn't know how to do computer basics? I suspect he had built a computer if only for the challenge. I suspect that he was quite capable in managing vista (which is a dud operating system IMO). He would know about information security, software engineering and pretty much everything about computers.

OK, truce. I'm not going to argue the point.

unc70 · #**998** 04-23-2011, 09:55 PM

Quote:

Originally Posted by Cheyenne130

I can't say that I think that definitely means he did it. I'm looking forward to the other expert that the defense team wants to call. I would love to look forward to the prosecution expert but I know we won't get to see and hear him from home. I would go to court but if I bought a plane ticket to fly to Raleigh, got a hotel room and left my husband home to take care of the zoo, I might just find myself on a very strict allowance when I got home.

Certainly no more that $300/week.

ncsu95 · #**999** 04-23-2011, 09:58 PM

Quote:

Originally Posted by Bottle Cap

If CPD tampered with the files, why the heck did they then have the FBI look at them? Wouldn't they be concerned about advanced techniques/technologies that could detect tampering? That would just be idiotic to drag the FBI into it, if they'd planted files.

Because it is "the smoking gun". They had to have that PC searched (even if they didn't tamper with it).

ncsu95 · #**1000** 04-23-2011, 10:00 PM

Quote:

Originally Posted by Bottle Cap

And so the FBI comes across odd timestamps. Yet they're still testifying for the prosecution? Collusion?

I believe he is a Durham police detective, not FBI. And he testified he couldn't explain why those files had invalid timestamps, but he didn't think there was tampering.