Bosma Murder Trial 03.01.16 - Day 17

DNA Solves
DNA Solves
DNA Solves

New Posts

Status
Not open for further replies.
On July 10, judicial authorization was given for investigators to go through the devices that had been seized.
by Adam Carter 3:21 PM

"There was an assortment of different devices, including computers and mobile devices," Falconer says.
by Adam Carter 3:23 PM

He was to look for "pictures, movies, internet browsing and electronic communications."
by Adam Carter 3:24 PM

The computers included towers, laptops, hard drives, and smaller electronic storage units.
by Adam Carter 3:25 PM

 
Kamille said:
On July 10, judicial authorization was given for investigators to go through the devices that had been seized.
by Adam Carter 3:21 PM
Click to expand...

This evidence will produce some very interesting facts, I believe - at least I hope it will!

All MOO.
 
They didn't mention if any laptops or computers were found at Dellen's house? or did i miss that? 2 laptops found at Mark's Residence. Perhaps he was holding on to Dellens?
 
iknowhim2 said:
Is anyone else's brain thinking "the iPad LB's bf lent her"?!
Click to expand...

So who do you suggest the two Apple laptops belong to? Any guess on them? ;) MOO.

Susan Clairmont ‏@susanclairmont 31m31 minutes ago
Two Apple laptops seized from Bedroom 1. At 5:45 pm did team ground search of yards, "deep into the shrubs." 10-15 officers involved.
 
The hard drives were removed, and copies were made in a way that leaves the data on the original intact. "The goal is to ensure nothing has changed on the original exhibit," Falconer says.
by Adam Carter 3:26 PM

Investigators never examine the original hard drive as that can modify date and time settings, as well as alter or overwrite data.
by Adam Carter 3:28 PM

Falconer says he was looking for things like if there was an operating system on a drive or if it was just for storage. He also took note of user accounts, and sorted all files chronologically.
by Adam Carter 3:32 PM


 
sab_bri said:
They didn't mention if any laptops or computers were found at Dellen's house? or did i miss that? 2 laptops found at Mark's Residence. Perhaps he was holding on to Dellens?
Click to expand...

They haven't discussed the search at DM's residence but I'm sure that this computer forensics person is also talking about computers and devices seized from there.

MOO
 
swedie said:
So who do you suggest the two Apple laptops belong to? Any guess on them? ;) MOO.

Susan Clairmont ‏@susanclairmont 31m31 minutes ago
Two Apple laptops seized from Bedroom 1. At 5:45 pm did team ground search of yards, "deep into the shrubs." 10-15 officers involved.
Click to expand...

I wasn't saying it is. It's just where mind jumped to. Goodness MOO
 
inbetweendoors said:
But wasn't she placed under arrest at the same time?
Click to expand...

That's what was testified to....MOO is that LE found MS from DM's cell phone pings (showing they were together the night of the murder) and then IT picked him out of a line up.....I don't believe MM went to the police when DM was arrested. JMO
 
Susan Clairmont ‏@susanclairmont 25s26 seconds ago
He is qualified as expert. Was in OPP tech crime unit. It examines seized electronic devices. Work out of OPP HQ. Assist municipal services.

Susan Clairmont ‏@susanclairmont 12m12 minutes ago
He was in charge of major cases. Mid-May, @HamiltonPolice asked for assistance with this case. Helped write search warrants. #Bosma

Susan Clairmont ‏@susanclairmont 10m10 minutes ago
Large volume of evidence seized, @HamiltonPolice may not have had enough resources to process it all. July 8, 2013 devices came to OPP HQ.

Susan Clairmont ‏@susanclairmont 10m10 minutes ago
Catalogued all exhibits, then exhibits secured in a property vault.

Susan Clairmont ‏@susanclairmont 8m8 minutes ago
His expertise is computers. Also have a mobile device team. Looking for pics, files, browser history, communications.

Susan Clairmont ‏@susanclairmont 7m7 minutes ago
They had cell phones and computers and storage devices. #Bosma
 
Colin Butler ‏@ColinButlerCBC 8m8 minutes ago
Falconer is a forensic computer expert with the OPP's electronic crime unit.

Colin Butler ‏@ColinButlerCBC 7m7 minutes ago
He received a number of electronic devices that police believed were involved in the #TimBosma murder investigation on July 10 2013

Susan Clairmont ‏@susanclairmont 6m6 minutes ago
Police make copies of every bit of data on devices.

Colin Butler ‏@ColinButlerCBC 6m6 minutes ago
Now he's explaining to jurors how police recover data without disturbing the device using special forensic software that copies data

Colin Butler ‏@ColinButlerCBC 6m6 minutes ago
Falconer says police don't use the originals so that they don't alter any files on the computer or overwrite data

Susan Clairmont ‏@susanclairmont 5m5 minutes ago
Original exhibit is never directly examined. Can modify date/time settings or overwrite data.

Colin Butler ‏@ColinButlerCBC 5m5 minutes ago
Instead they use something called a write block device that allows them to access the computer and copy relevant files without changing them

Susan Clairmont ‏@susanclairmont 5m5 minutes ago
Special forensic software/hardware used to copy all data.

Susan Clairmont ‏@susanclairmont 3m3 minutes ago
We're doing a deep dive into computer forensics now. Will do my best here...
 
Susan Clairmont ‏@susanclairmont 1m1 minute ago
Did a preliminary triage of exhibits noting user names, passwords and determining what forensic software to use.

molly hayes ‏@mollyhayes 40s41 seconds ago
He led the examination of computer related exhibits. OPP also has a mobile device team who were called in to assist with those. #Bosma

molly hayes ‏@mollyhayes 18s18 seconds ago
They were looking for pics/videos, browser history and electronic communication. #Bosma
 
sab_bri said:
They didn't mention if any laptops or computers were found at Dellen's house? or did i miss that? 2 laptops found at Mark's Residence. Perhaps he was holding on to Dellens?
Click to expand...

Have they even really presented evidence yet from his house? You would think they would have done that first?
 
iknowhim2: I think it's a very reasonable thing to think, and to hope for.

Fingers crossed that one of the 2 ipads is LB's. :)

All MOO.
 
brightii said:
Yes, that's a possibility and maybe MM tipped off LE where MS would be the day of his arrest, IMO.

All MOO.
Click to expand...

Very possible. They were looking at MS as early as May 14th. Stands to reason they had interviewed MM before his arrest. She is not charged with anything and has moved on so I'd say she was quite willing to do whatever it took to stay out of this mess.

MOO
 
molly hayes ‏@mollyhayes 22s23 seconds ago
First step of computer forensics (I am really nutshelling this here) is "imaging." Involves making perfect copies of seized hard drives etc.

Susan Clairmont ‏@susanclairmont 8s8 seconds ago
Brought in @PeelPoliceMedia for some help as well with "preprocessing" of data. #Bosma
 
brightii said:
iknowhim2: Thank you! That is precisely what my first thought was!
Click to expand...

I thought the same thing!! If it was LB's iPad then surely we will hear about it at some point.

Thanks to everyone again for posting the tweets today.
 
Falconer is running through some very technical programming terms and telling the jury about the different software that is used to forensically examine what was seized.
by Adam Carter 3:37 PM

Two types of software were used. One is "Internet Evidence Finder": which was used to look for communication and browser history. When anyone uses most internet browser, websites "cache" portions of data. That leaves traces of where people have visited.
by Adam Carter 3:39 PM

IEF also searches for backups of phones or other mobile devices.
by Adam Carter 3:39 PM

The second software, See For All, looks for pictures and movies.
by Adam Carter 3:39 PM

Websites tend to leave the address of the website that has been accessed in an index file, along with the date and time it was accessed. It also leaves the composite of the website's images. That also helps with the speed in which pages load.
by Adam Carter 3:43 PM

"You're looking at a snapshot of something - you have to look at something and determine if it's relevant," Falconer says. There were five "data reviewers" assigned to the case to filter, sort and search through the data.
by Adam Carter 3:44 PM



 
molly hayes ‏@mollyhayes 39s39 seconds ago
Falconer's testimony is very technical. Lots of references to software and computer terms. #Bosma

Susan Clairmont ‏@susanclairmont 22s23 seconds ago
Now talking about the forensic software used. Some of it developed "in house" by @OPP_News. Also hearing about cached searches.

Adam Carter ‏@AdamCarterCBC 10s11 seconds ago
Two types of software were used. One is "Internet Evidence Finder": which was used to look for communication and browser history. #TimBosma

Colin Butler ‏@ColinButlerCBC 20s20 seconds ago
Falconer telling jury about "Internet evidence finder" software by @MagnetForensics that helps police track what you looked up #TimBosma

Susan Clairmont ‏@susanclairmont 23s24 seconds ago
Can extract messaging from devices that have been backed up on computer.
 
.

Adam Carter CBC
Mar 1 2016
2:10 PM

Now back in court. The next witness is Jim Falconer.
Click to expand...
He's a retired OPP officer who worked in computer forensics in their electronic crime unit.
Click to expand...
Assistant Crown Brett Moodie is going through Falconer's CV to have him qualified as an expert.

He was an expert witness in the Tori Stafford case.

The court qualifies Falconer is qualified as an expert in computer forensics and data recovery
Click to expand...
He was the lead of the major investigations unit within electronic crimes for 8 years.

In mid May, Hamilton police asked for assistance with the Bosma investigation.
Click to expand...
Falconer says he helped the team prepare search warrants for the property that was eventually seized.

On July 10, judicial authorization was given for investigators to go through the devices that had been seized.
Click to expand...

"There was an assortment of different devices, including computers and mobile devices," Falconer says.

He was to look for "pictures, movies, internet browsing and electronic communications."

The computers included towers, laptops, hard drives, and smaller electronic storage units
Click to expand...
The hard drives were removed, and copies were made in a way that leaves the data on the original intact. "The goal is to ensure nothing has changed on the original exhibit," Falconer says

Investigators never examine the original hard drive as that can modify date and time settings, as well as alter or overwrite data.
Click to expand...
Falconer says he was looking for things like if there was an operating system on a drive or if it was just for storage. He also took note of user accounts, and sorted all files chronologically.
Click to expand...

Falconer is running through some very technical programming terms and telling the jury about the different software that is used to forensically examine what was seized.
Click to expand...
 
Status
Not open for further replies.

DNASolves

Who is Escambia County John Doe (1989)?

Members online

... and 74 more.
Total: 2,203 (members: 75, guests: 2,128)

Online statistics

Members online
75
Guests online
2,128
Total visitors
2,203
Totals may include hidden visitors.

Forum statistics

Threads
599,734
Messages
18,098,833
Members
230,917
Latest member
CP95
Back
Top