Retrial for Sentencing of Jodi Arias - 11/14/14

[daisydomino]

He probably means they altered it by booting it, and thus kicking off the AV software, before making a backup.

The AV deletion of files is still a theory among trial watchers, isn't it? Let me know if there's any news on this. I'm fascinated.

Booting from an evidence drive is against the Geneva Conventions & Protocols of Computer Forensics and Handling of Evidence* or something. All kinds of things are altered on a drive when a computer boots from it: chkdsk runs and repairs any problems it can fix on the disk, log files are written, drivers start up and write log files, auto run tasks (like malware and anti-malware) start... If the disk was damaged by an expert by booting from it, I'll be really amazed.

*I made that up, but there must be some kind of standard procedures that the professionals follow

 

[fifteen89]

My guess is because they are writing a book and will profit from TA's death and JM knows KN will bring this up. Timing of book is still irritating to me. They could have waited but timing is always about selling the most copies.

If a mod says it's ok, I'd be happy to copy and paste the email I received when I signed up to be notified when the book is available. Or people could sign up to be notified and not be obligated to purchase the book.

imo they will not "profit from TA's death" or the book.

 

[fifteen89]

Trial in numbers :

1. Length of "relationship": 5 months
2. Number of times Travis was stabbed: 29
3. Number of emails and texts exchanged: 82,000 odd
4. Number of "degrading" texts/emails sent by TA: 1 (one).
5. Number of times CMJA has said I'm sorry to TA family: zero.

Might I add:
6. Hearing the jury say she deserves the death penalty: priceless.

 

[fifteen89]

Again, I think a great strategy on cross would be to show this email to Dr. F and have her agonizingly read through it line by line and mind-read about JA's intentions and how this email shows JA's appeasement of Travis's unreasonable behavior, etc. etc.:

"Hey You…
I haven’t heard back from you. I hope you’re not still upset that I didn’t come to see you, I just didn’t have enough time off. It’s ok, sweetie, you’re going to be here in less than two weeks – we’re going to see the sights, check things off “The List,” and all kinds of fun things. Oregon is BEAUTIFUL this time of the year. Yaaay!..... be happy!
Anyway I wanted to let you know that I’m thinking about pushing my visit up to next week, but it depends on my budget, so I’m not for sure yet. I know you’ll be in Cancun, but I’ll probably crash at your house in your cozy bed anyway… eat some of your oatmeal and frozen dinners you know, the usual – jk I know you said the door is always open, but I wanted to give you a heads up. If for any reason that won’t work, let me know and I’ll make arrangements. Your house has always been my second home, although it’s a bit more lonely without Naps around. You’re probably in California right now, but wherever you are, get a hold of me, at least before you get to Mexico.
Thanks hon, -Jodi "

...

and then spring it on her that it was written after Jodi had KILLED Travis and therefore maybe, just maybe, this practice of email analysis with no context is risky business.

I'd be willing to bet the defense hasn't shown the email to Dr. F--it isn't relevant to their theme. And if they have, JM could still make a big deal out of the fact that Dr. F wants to consider the context for THIS email but doesn't seem to care about that for any other email.

PERFECT!!!
:clap::clap::clap::clap::clap::clap::clap::clap:

 

[daisydomino]

How in the world did I miss those tweets? You mean she diagnosed Travis as a sociopath and she has never even set eyes on him? What professional would do something like that? I am floored. Based on these emails? And how does a professional diagnose someone they have never examined?

I'm not 100% sure she offered that as testimony, it's really hard to tell by Twitter. If it was, I am seriously wondering about what it takes to qualify as a defense expert right now.

 

[LinTX]

I'm really curious to find out what really happened here. Either there was *advertiser censored*, or there was not *advertiser censored*. It can't have had no *advertiser censored* and no malware when Melendez examined it (or examined its cloned image, hopefully) in 2008, had malware that downloaded and deleted *advertiser censored* in 2009, then had no *advertiser censored* or malware when Lonnie Dworkin examined it for the defense in 2012, then suddenly have thousands of deleted *advertiser censored* files in 2014. Unpossible.

FWIW, Dworkin examined the image copy made in 2008, he didn't have the laptop itself but I have yet to find the date that he examined it. That is accepted protocol, btw, to never access the HD itself - they should always used image copies, but if the court orders them to do something they have to comply. He did get JA's HD in 2012 per court order, after it was returned from the TX lab but could have examined TA's image copy much earlier. Yes, both Dworkin & Melendez testified there was no *advertiser censored* or viruses, but in JM's motion he now says they did find viruses and malware. No reason for the State's copy to have disappeared, so maybe they recently ran current AV software on their master and found what they couldn't/didn't see in 2008?

But in order to find out how/what happened and when, they'd need a recent image to compare w/2008 and also to verify what Nurmi is claiming was there. Another question I have is if the forensic team even knew the defense were going to power up that laptop in 2009 because you would think they would have protected it in some way and would have made another image copy once they'd finished. If they didn't realize it was powered up, there would be no reason for them to make another image copy before they turned it over to this defense team. Interested in all of this, but I'm not looking forward to trying to figure out what twitter reports of this hearing are supposed to mean (if the media is allowed in.) Some of those guys probably have very little understanding of the terms that will be used, and what might be important. So loving this trial by twitter!:maddening:

 

[DebinGA]

So I am watching these hearings, refreshing my memory. Seems Juan never intended to call the Hughes' even before this hearing. So I'm still baffled as to why he won't call them.

In my opinion, because Pre Paid Legal was a dubious business at the time, and Nurmi would have focused on that and portrayed both Chris Hughes and Travis as scam artists knowingly recruiting, then ripping off misguided sales newbies like JA:

http://www.nytimes.com/2006/11/13/business/13short.html

 

[Ransom]

snipped
Of course, I know that things may take weird shapes with stuff like that, but I'm telling you guys there's something off about the crime scene and it's starting to drive my freakin' nuts...[/QUOTE]

Holy moly. Jodi already confessed she killed Travis. Did you miss that? No ninja's. De nada. Just Jodi. WOW.

 

[Shadowboy]

FWIW, Dworkin examined the image copy made in 2008, he didn't have the laptop itself but I have yet to find the date that he examined it. That is accepted protocol, btw, to never access the HD itself - they should always used image copies, but if the court orders them to do something they have to comply. He did get JA's HD in 2012 per court order, after it was returned from the TX lab but could have examined TA's image copy much earlier. Yes, both Dworkin & Melendez testified there was no *advertiser censored* or viruses, but in JM's motion he now says they did find viruses and malware. No reason for the State's copy to have disappeared, so maybe they recently ran current AV software on their master and found what they couldn't/didn't see in 2008?

But in order to find out how/what happened and when, they'd need a recent image to compare w/2008 and also to verify what Nurmi is claiming was there. Another question I have is if the forensic team even knew the defense were going to power up that laptop in 2009 because you would think they would have protected it in some way and would have made another image copy once they'd finished. If they didn't realize it was powered up, there would be no reason for them to make another image copy before they turned it over to this defense team. Interested in all of this, but I'm not looking forward to trying to figure out what twitter reports of this hearing are supposed to mean (if the media is allowed in.) Some of those guys probably have very little understanding of the terms that will be used, and what might be important. So loving this trial by twitter!:maddening:

Been combing "quick paths" to the hard drive mystery. If allowed:

Here is a summary (from a non-MSM source) of Lonnie Dworkin’s (DT) testimony re: the computers and JA’s camera:
http://callsforjustice.wordpress.com/2013/02/04/jodi-arias-murder-trial-day-fourteen/

Martinez on cross:
On Thursday, you gave the impression the Presario was Travis’? Correct.

The damaged hard drive belonged to Ms. Arias’? Yes.”
****
(Now talking about TA’s computer)
“Where there any images of women’s breasts on the computer? I didn’t look.

Do you have any knowledge of *advertiser censored* on the computer? I remember some was on it.

Do you remember our interview? Yes.

You said there was no *advertiser censored*. If that’s what I said, I stand by my statement.”

Huh. That's a DT witness. Even at this date, this witness tried to testify there was *advertiser censored* on TA's computer ... Then, when JM said, "Do remember what you told me?" Dworkin had to back track to his previously sworn testimony.

Does anyone have a link to both the State and Defense testimonies re: the computer forensics? I'm lost in WB's search function.

 

[AlwaysShocked]

What I don't understand is Juan Martinez is saying that the Defense Team powered up the TA computer IN FRONT OF Martinez and Flores. Says they even had to go and find a power cord for this. WTH? Why would anybody ever be powering up that computer?

The protocol for forensic examination as taught in certified courses is to physically remove the hard disk from the computer, insert it into the Encase (or other company) copying device. The Encase copying device then makes a mirror image of the hard disk, using a special encryption process. It is this encryption process that is at the heart of the Encase software program. It creates digital encrypted "signatures" all along the way as it is copying the files. If a file gets changed, the encrypted signature - which is an encoded numerical system - can NOT be duplicated. Thus, any change to a file would show up.

Was the Defense Team at the Evidence Room that day in order to make a "fresh" mirror copy from the hard disk? If so, they would have had to have their Encase copying device with them. Did they power up the TA computer PRIOR to removing the hard disk? If they did, they screwed up. And yes, an anti-virus program could have started up and run automatically when the laptop with hard disk in it was powered on.

BUT, to me, even with some viruses on board, that computer would not have had THOUSANDS of files erased. An anti-virus scan is just that. It looks for malware files and acts on them. Usually it "quarantines" the Trojans, viruses, and other crap and then asks you, the user, how you want to handle these quarantined files. You can look through them and delete files individually or you can delete them all at one. Then you must restart the computer.

Somewhere along the way in the not too distant future, each and every person who went near that computer will need to give a sworn statement as to what they actually did with it.

Also, there would be a pristine copy of the original mirror image in the evidence room along with the computer. Nobody works from the original mirror image. They work from copies of the original mirror image.

I see that the Encase company is now offering "cloud storage" for these original mirror images. As part of this service they will provide a mirror disk to whomever the Prosecutors direct them to. It says they will also perform a comparative scan of the original mirror image once per month to make sure nothing on it has changed.

Another service they are offering is to businesses. Encase enters into a contract with a company to have remote viewing capabilities for ALL of their computers. They set up the hardware so it works on the company network. No one who is using the company network would know this is on there. Encase can then go into any computer on the company network at any time, as per the directions of the company that hired them.

So unlike having to download a software program onto your actual computer for someone to have remote access, this is all contained within the company network itself. Oh, and Encase will send regular reports to the employer, based on whatever the employer wants to know. Internet usage? How much time on the Internet? Emails? Photos?

Oh I am so glad I am retired!

 

[Ransom]

In my opinion, because Pre Paid Legal was a dubious business at the time, and Nurmi would have focused on that and portrayed both Chris Hughes and Travis as scam artists knowingly recruiting, then ripping off misguided sales newbies like JA:

http://www.nytimes.com/2006/11/13/business/13short.html

'Prepaid legal aka Legal Sheild is a MLM scheme... all perfectly legal such as: Shaklee, Amway, Mary Kay, Scentsy, Avon, NuSkin, Juice Plus, etc. Buyer beware and do your own homework before you invest/get involved in ANY MLM plan.

 

[NashBridges2]

snipped
Of course, I know that things may take weird shapes with stuff like that, but I'm telling you guys there's something off about the crime scene and it's starting to drive my freakin' nuts...

You're far kinder than I am, which is why I didn't even reply

Holy moly. Jodi already confessed she killed Travis. Did you miss that? No ninja's. De nada. Just Jodi. WOW.[/QUOTE]

 

[Shadowboy]

You're far kinder than I am, which is why I didn't even reply

Holy moly. Jodi already confessed she killed Travis. Did you miss that? No ninja's. De nada. Just Jodi. WOW.

[/QUOTE]

I thought all opinions were to be respected on WS. YES, she's guilty. All by her lonesome. But discuss other ideas without becoming a school-yard bully? Just sayin'.

 

[MeeBee]

What I don't understand is Juan Martinez is saying that the Defense Team powered up the TA computer IN FRONT OF Martinez and Flores. Says they even had to go and find a power cord for this. WTH? Why would anybody ever be powering up that computer?

The protocol for forensic examination as taught in certified courses is to physically remove the hard disk from the computer, insert it into the Encase (or other company) copying device. The Encase copying device then makes a mirror image of the hard disk, using a special encryption process. It is this encryption process that is at the heart of the Encase software program. It creates digital encrypted "signatures" all along the way as it is copying the files. If a file gets changed, the encrypted signature - which is an encoded numerical system - can NOT be duplicated. Thus, any change to a file would show up.

Was the Defense Team at the Evidence Room that day in order to make a "fresh" mirror copy from the hard disk? If so, they would have had to have their Encase copying device with them. Did they power up the TA computer PRIOR to removing the hard disk? If they did, they screwed up. And yes, an anti-virus program could have started up and run automatically when the laptop with hard disk in it was powered on.

BUT, to me, even with some viruses on board, that computer would not have had THOUSANDS of files erased. An anti-virus scan is just that. It looks for malware files and acts on them. Usually it "quarantines" the Trojans, viruses, and other crap and then asks you, the user, how you want to handle these quarantined files. You can look through them and delete files individually or you can delete them all at one. Then you must restart the computer.

Somewhere along the way in the not too distant future, each and every person who went near that computer will need to give a sworn statement as to what they actually did with it.

Also, there would be a pristine copy of the original mirror image in the evidence room along with the computer. Nobody works from the original mirror image. They work from copies of the original mirror image.

I see that the Encase company is now offering "cloud storage" for these original mirror images. As part of this service they will provide a mirror disk to whomever the Prosecutors direct them to. It says they will also perform a comparative scan of the original mirror image once per month to make sure nothing on it has changed.

Another service they are offering is to businesses. Encase enters into a contract with a company to have remote viewing capabilities for ALL of their computers. They set up the hardware so it works on the company network. No one who is using the company network would know this is on there. Encase can then go into any computer on the company network at any time, as per the directions of the company that hired them.

So unlike having to download a software program onto your actual computer for someone to have remote access, this is all contained within the company network itself. Oh, and Encase will send regular reports to the employer, based on whatever the employer wants to know. Internet usage? How much time on the Internet? Emails? Photos?

Oh I am so glad I am retired!

I don't think the computer was booted up for forensic purposes. From what I can tell, it was only the lawyers and Det. Flores present and it sounds like the DT had requested to look at Travis' electronic devices themselves, in person. For what purpose, I'm sure we'll find out but I don't think it was for forensic analysis purposes. And if the DT asks for it and a judge orders it, then they have to do it. Now, Flores and Martinez are not computer experts. Neither is Maria Schaffer. If they had run this by a computer forensics person, he probably would have advised against powering up the computer at all. What a mess this is.

 

[DebinGA]

'Prepaid legal aka Legal Sheild is a MLM scheme... all perfectly legal such as: Shaklee, Amway, Mary Kay, Scentsy, Avon, NuSkin, Juice Plus, etc. Buyer beware and do your own homework before you invest/get involved in ANY MLM plan.

Right, but Nurmi would exaggerate the "scheme" part, and ignore the "perfectly legal" part.

Didn't JM have the female "making macaroni in the kitchen for her kids when JA came in, just after being kicked out by Skye Hughes and told never to return, to ask why Skye hated her" testify in trial 1? Maybe JM will call her again so the jury will know the blinders were off the Hughes' eyes even before JA moved to Mesa a year before she killed Travis.

 

[Ransom]

I thought all opinions were to be respected on WS. YES, she's guilty. All by her lonesome. But discuss other ideas without becoming a school-yard bully? Just sayin'.

Quotes are messed up (just saying)

YES ... all ideas are welcome here ... but JODI admitted to Killing Travis. Do we just "forget that"?

 

[Ransom]

Right, but Nurmi would exaggerate the "scheme" part, and ignore the "perfectly legal" part.

Didn't JM have the female "making macaroni in the kitchen for her kids when JA came in, just after being kicked out by Skye Hughes and told never to return, to ask why Skye hated her" testify in trial 1? Maybe JM will call her again so the jury will know the blinders were off the Hughes' eyes even before JA moved to Mesa a year before she killed Travis.

What? Your 'initials' are throwing me off. Could you correct or explain further? TIA

BTW: "scheme" was MY word. NO where ever is MLM considered a "scheme" except by ME. Not my culpa, but each to their own.

 

[grammamia]

I'm new to posting here but have followed this trial.
My comment is in regard to the supposed *advertiser censored* found by Nurmis expert?
I had the same virus around that time and this virus is well documented on the net.
The *advertiser censored* sites are "pop ups" that start off slowly and after a few days (week) will multiply so much that your computer will freeze.
I believe that is what happened in this case.
Nurmi is throwing out a red herring with an eye to delay delay delay.
Thankyou.

 

[Colie]

I love JM! So succinct!

Something is a foot Watson:websleuther:

 

[Ransom]

I'm new to posting here but have followed this trial.
My comment is in regard to the supposed *advertiser censored* found by Nurmis expert?
I had the same virus around that time and this virus is well documented on the net.
The *advertiser censored* sites are "pop ups" that start off slowly and after a few days (week) will multiply so much that your computer will freeze.
I believe that is what happened in this case.
Nurmi is throwing out a red herring with an eye to delay delay delay.
Thankyou.

Welcome. Thanks for joining.

I'm a MAC user and have no clue about all this virus stuff PC users get. I'm sitting here going OMG ... how does that happen?????? ... with mouth open and flies are getting in!