Out of pure curiosity, what difference would it make what write blocker was used?
Retrial for Sentencing of Jodi Arias - 12/05-08 In recess
- Thread starter LambChop
- Start date
- Status
Out of pure curiosity, what difference would it make what write blocker was used?
atthelake
Former Member
- Joined
- Apr 18, 2011
- Messages
- 9,979
- Reaction score
- 25
Our AZL did so after the FCA case...and well, the rest is history as to what she and another WS'er found. I don't know if this can be done even after the trial in AZ, but I do think there are many here who would expend hours and experience to do such at any time if folks could get their hands on it :banghead:
P.S. By updates I mean the updates done in 2008 and 2009 to QuickTime and iTunes that BN claims was done intentionally by clicking on a command. Juan may be setting up to prove that they were done automatically.
Then I would know (to myself) for sure if the forensics expert could possibly miss those files. Some old HWB didn't flag all the files (especially hidden ones) on the first go around and required additional effort to "decrypt" them, however modern HWB evolved over the past years and they don't require additional effort for such files to be dis(re)covered...
daisydomino
Active Member
- Joined
- Apr 23, 2014
- Messages
- 1,355
- Reaction score
- 2
The Mesa PD EnCase bitstream image of the drive was made after these updates occurred in 2009?
If they have an image that was taken before the updates occurred, couldn't they make a bootable clone, boot from it and watch what it does in real time? That would definitely prove whether there were OK button clicks or if the software installed automatically.
I can testify, all similar software is not equal. I've spent a lot of time researching and testing software for companies, I've worked for. It's a lot of research. It's not skimming it either. You have to dig deeper & deeper for some companies. Some just flat out don't know. oy They come around with education. I worked on many modifications for software to run for different businesses. BN isn't savvy. Just the itunes won't update or apple programs is stupid. jmo
Two experts, one for the state and one for the defense missed the *advertiser censored*. But the first copy of the HD made in 2008 did have all the *advertiser censored* and viruses on it so the write blocker didn't miss them or not flag them. They simply didn't see it. They may not have looked in the right places?
But how could a write blocker be responsible for such a thing anyway? My understanding is that their only use is to prevent data from being changed on a hard drive while viewing it. Perhaps you're thinking of the forensic software they used? They used EnCase.
I think BN is saying the state did make a new copy from which he made his copy that he's using now. It's hard to tell, the tweets the other day weren't clear.
Here’s a little pat on the back for all of our weekend sleuthing. I thought I’d put together a list of “stuff” we found that debunks much of what BN asserted or implied.
1) SIM cards missing: Not. They didn’t exist for the phones/service used by TA and JA
2) ActiveX is a video codec needed to view *advertiser censored* and is strictly for *advertiser censored* sites: Not. Soooooo. Not.
It’s not even a video codec:
“ActiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly in the context of the World Wide Web.” (Wikipedia)
3) Zblog can only be picked up by visiting *advertiser censored* sites: Not. Blatantly not.
4) Spybot only runs if triggered by human intervention: Not.
5) The downloads/modifications that happened on June 19, 2009, had to be “okayed” by human intervention: Not.
Several were likely initially downloaded on 6/10/2008, but not installed/configured until the computer was booted up on 6/19/2009.
6) BN can prove certain *advertiser censored* URLs were accessed via “typing in” the site address: Not. No way.
And if he can, Mr. Tyler Mount expert (that’s a helicopter mount; read his CV) is the first in the nation to be able to prove this.
What else? Let’s see:
7) The modifications that happened on June 10, 2008, and on June 19, 2009, constitute prosecutorial misconduct: Likely not.
The 6/10 goof up of bringing the laptop out of sleep is easily attributable to the exigent circumstance of discovering a badly decomposed murder victim and needing to determine time of death.
Also: The time the laptop “awakening” and the time the Mesa PD officially initiated/served the search warrant? That’s about a half hour gap. Seriously? I think some “just plain cop” on the scene screwed up by moving the mouse/stirring the laptop out of sleep.
The boot-up a year later? The Mesa PD had already made a mirror of the drive. It was poor procedure to fire it up on June 19, 2009, but the DT – apparently – insisted on it. Changes made on that date were (in spite of BN’s insistence) likely automatic, resulting from the completion of installs/configurations initially downloaded on June 10, 2008, via auto-updates and from –possibly – anti-virus software doing its ‘thang’ upon boot-up.
8) Inability to find the *advertiser censored* is sheer incompetence: Likely not.
Neither the DT nor the State looked for *advertiser censored* “files” when the initial analyses were done.
9) No one looked for *advertiser censored* until JA changed her defense strategy
Two experts, one from the State and one from the DT said they didn’t find any *advertiser censored* (although Dworkin tried to change his tune when the DT changed THEIRS, then got called out by JM).
10) *advertiser censored* “hits” found now: Likely due to advancements in registry investigation tools.
*advertiser censored* site “hits” are far different than downloaded and saved photographic files.
1) SIM cards missing: Not. They didn’t exist for the phones/service used by TA and JA
2) ActiveX is a video codec needed to view *advertiser censored* and is strictly for *advertiser censored* sites: Not. Soooooo. Not.
It’s not even a video codec:
“ActiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly in the context of the World Wide Web.” (Wikipedia)
3) Zblog can only be picked up by visiting *advertiser censored* sites: Not. Blatantly not.
4) Spybot only runs if triggered by human intervention: Not.
5) The downloads/modifications that happened on June 19, 2009, had to be “okayed” by human intervention: Not.
Several were likely initially downloaded on 6/10/2008, but not installed/configured until the computer was booted up on 6/19/2009.
6) BN can prove certain *advertiser censored* URLs were accessed via “typing in” the site address: Not. No way.
And if he can, Mr. Tyler Mount expert (that’s a helicopter mount; read his CV) is the first in the nation to be able to prove this.
What else? Let’s see:
7) The modifications that happened on June 10, 2008, and on June 19, 2009, constitute prosecutorial misconduct: Likely not.
The 6/10 goof up of bringing the laptop out of sleep is easily attributable to the exigent circumstance of discovering a badly decomposed murder victim and needing to determine time of death.
Also: The time the laptop “awakening” and the time the Mesa PD officially initiated/served the search warrant? That’s about a half hour gap. Seriously? I think some “just plain cop” on the scene screwed up by moving the mouse/stirring the laptop out of sleep.
The boot-up a year later? The Mesa PD had already made a mirror of the drive. It was poor procedure to fire it up on June 19, 2009, but the DT – apparently – insisted on it. Changes made on that date were (in spite of BN’s insistence) likely automatic, resulting from the completion of installs/configurations initially downloaded on June 10, 2008, via auto-updates and from –possibly – anti-virus software doing its ‘thang’ upon boot-up.
8) Inability to find the *advertiser censored* is sheer incompetence: Likely not.
Neither the DT nor the State looked for *advertiser censored* “files” when the initial analyses were done.
9) No one looked for *advertiser censored* until JA changed her defense strategy
Two experts, one from the State and one from the DT said they didn’t find any *advertiser censored* (although Dworkin tried to change his tune when the DT changed THEIRS, then got called out by JM).
10) *advertiser censored* “hits” found now: Likely due to advancements in registry investigation tools.
*advertiser censored* site “hits” are far different than downloaded and saved photographic files.
daisydomino
Active Member
- Joined
- Apr 23, 2014
- Messages
- 1,355
- Reaction score
- 2
The more I think about the scene of a bunch of lawyers and a detective booting up that laptop and clicking OK at the Apple EULA screens, and thinking nothing of it, the more ridiculous that is. LOL maybe it did happen like that, as BN testified, but I'm skeptical.
Myvice
Well-Known Member
- Joined
- Feb 21, 2013
- Messages
- 1,533
- Reaction score
- 3,632
Also, if it's true that everyone around the courthouse says Juan doesn't know much about computers I would doubt he'd be the one pushing buttons.
Wait...AZL is the one who found "full proof suffication(sic)"?
Yes and entirely possible I've read.
I have no idea. Methinks if one swears under oath to the "BN truth" of #1 through #3 on my list? BN is a bald-faced liar. #3+? Pants are smoldering.
IMO, he's trying to "dee-ack" with JM.
As an Addendum: The list I made is based on research by fellow Sleuthers, from posts on this thread. All "allegations" are backed by WSers
By the way, about the memory Stick. Do you guys remember that the forensics guy didn't use the write blocker on the flash card because his write-blocker didn't recognize it. The same thing here with "*advertiser censored*" some HWBs just might not recognize it and stuff...
Predator, you always seem to underestimate others' ability to understand you. We're all pretty smart people around here. I've been digging around forensics and may not get the super technical jargon, but I get the gist. I also have a software engineer husband at my beck and call. Anything you shoot at me, I'm sure he'll understand if I don't. We're all bouncing ideas off each other. I've been posting about this for days now. It's not impossible for me to understand things. Just explain it.
In any case, shadowboy has already pointed out that advancements in technology may have something to do with BN picking up what the other two experts didn't. It makes sense.
I don't know MB. I kind of think they didn't think about modern tech in computers. Antiquated tech from BN's group (google, google dudes). Jodi talent from 6 years ago. jmo
It would be 1 through 3 for me possibly, Shadowboy. Thanks!
It would be 1 through 3 for me possibly, Shadowboy. Thanks!
- Status