Posted something similar on Val's blog and thought it would be worth putting out here. Of course, what I think might have value could very well differ from everyone else's opinion. :bang:
Val's blog post dealt with the question as to when the "zenaida" searches were done on the Anthony home computer. I think there is enough evidence (to convince a simpleton like me, anyways) to implicate George as conducting the searches on July 16.
In the process of looking at this issue once again, I gleaned some insight into the online behavior of the Anthony's and drew some conclusions that might - just might :crossfingers: - be interesting to others looking through this thread.
First, it is important to realize that on the desktop computer there are two Windows accounts in use: "casey" and "owner". Contrary to common logic, "casey" was used by George and Cindy, while "owner" was used by KC. I won't go into it here but there is plenty of evidence out there to prove the above. :thumb:
The internet history files containing "zenaida" searches belonged to the "casey" account. Time stamps show the searches were done on the 16th of July. It makes sense that if Casey were searching for ZFG with one of her parents the day of the 16th that she would NOT use her private account so as to prevent her parents from seeing what was there. IIRC, BTW, George said in either an early OCSO or FBI interview that he conducted those searches that day. With KC's help? Not clear. :waitasec:
KC was using the owner account at least as far back as 5/14 (when the password was changed), but who knows prior to that. Im guessing she used it for quite some time.
Why do I believe that? :waitasec:
If you look back at the unfiltered internet history files released in September 2009, :sleuth: two files are from the laptop (the ones with bobby in the file name) and
two are from the desktop ("Unfiltered Temporary Internet History for Casey Profile.csv", and "Internet History unfiltered.csv"). The internals of the last two files indicate that the information was pulled from the
"casey" account. No information was pulled from the "owner" account. (This means there is a potential wealth of information that we have not seen. :applause
If you
then look at the history
before Cindy grabbed Casey on the 15th, you will notice the desktop activity does not reflect the websites Casey is likely to visit, such as Myspace, Facebook, Photobucket, etc. Instead, it reflects
mostly George activity with a little Cindy sprinkled in. Also, all of the history reflects the use of the Internet Explorer browser.
One can selectively delete history from a browser, but it is a pain and a whole lot easier to just delete all of it. So thinking of Casey taking the simple approach :idea:, if she surfed the web using IE on the casey account and deleted her history, the surfing history of George and Cindy would be gone as well. So in a round-about way I can bolster my conclusion that Casey was not using that account. (Missing KC websites but lots of GA / CA websites).
Now let's look further at the Google searches :sleuth:. Melich said in his report that he asked Sandra Cawn to look for the keyword chloroform, and a
few days later she came back with the results. Because it took "a few days", she probably found the information in
deleted history files. And sure enough, the file name used by Ms. Cawn to record the searches is Firefox from Unallocated Space HP Desktop Google Searches.xls. If the file name Ms. Cawn used has meaning, she found deleted history from the Firefox browser. :thumb:
Now, what about the search for a flea remedy? :waitasec: Looking back at the IE history you will notice an absence of the use of Google to perform searches (prior to the evening of the 15th).
It would seem George and Cindy were not hip to using Google. I therefore speculate that Casey is the one who searched for the flea remedy, and she did it on behalf of her mother. Im pretty convinced that is the case, because
from 8:33 AM to 8:40 AM on 3/8 we see Google searches from the Firefox browser, and then starting at
9:18 AM to 9:45 AM we see a whole slew of activity on IE from the casey account.
I believe there was not just a switch of browsers going on, but also a switch of user accounts.
So, I believe Casey was on the computer and Cindy asked her for some help looking for a flea solution, they did some searching together, and shortly after Casey finished, she logged off her owner account and Cindy hopped on the casey account and used the
Yahoo and MSN search capabilities to continue looking for a flea remedy. After a while Caylee came by and she and Cindy looked at the cute pictures on
http://www.babyanimalz.com.
Now, there is nothing about the computer forensics showing the chloroform, etc. searches being tied to the "owner" account and not the "casey" account. They were found in unallocated space. So they MAY have been done from the casey account using Firefox, but I find it more likely they were done from owner using Firefox. I conclude this by looking at the standard operating procedure of GA / CA versus KC. GA / CA used MSN and Yahoo to search with Internet Explorer while logged into the casey account. KC used Google to search with Firefox while logged into the owner account.
Also, note that Firefox does not use index.dat.
It is much easier to erase surfing history with Firefox than with IE. Cawns forensic report stated that the last logon to the owner account was 07/16/08 04:57:56 AM. Roughly five minutes later we see activity coming from the casey account and IE.
I speculate that Casey hopped onto the owner account quickly in an attempt to cover her tracks deleting the Firefox history at that time.
