State v Bradley Cooper 04-20-2011

[jrb0124]

I'm still reviewing the video from today, but thought I would share my initial "take-away", pretending I'm a juror and taking notes. I am female, no computer background at all, background is in science.

1) While first viewing the CSA logs:
They were looking for evidence of tampering/penetration and found an example of it, a TCP port 445 attempted connection that occurred on 7/15. It was denied.

Is time on a local machine alterable? JW: Yes.

Same event occurs several times within milliseconds. What would cause that? JW: It seems to be an automatic program.

CSA marks this resource as untrusted and shuts off any further connections.

My take-away : Someone was trying to run a program on the Cooper network on the 15th, while BC was out of the house.

Another indication of penetration/tampering: packet w/ICMP channel detected. (operation denied)

Another indication of penetration/tampering: malicious content detected on wireless interface IGMP

Take-away: These are the unexplained occurrences that even the FBI had no explanation for as they were not simply updates.

2) Registry Updates: Can indicate when a file was installed/de-installed or when someone logs on/off, programs installed and times.

Take-away: Could anything change the time settings? JW Yes, an external piece of equipment could do that. (Zellinger wouldn't let him ask much more about the registry entries.)

3) *Most Important*
Cursor files: Cursor files were shown that included creation, moderated, access and entry times/dates. The time was 1:15 on 7/11

ALL times/dates were indentical!

What could this mean? If one went to a site and nothing changed, meaning no movement, nothing done with the cursor, no activity.

Dynamic content is, if you went to a site and things were changing, like a banner or (my guess) zooming in on a map on google maps! But nothing changed. What does this mean? Since all dates/times were identical - either the person was on static content OR it is an invalid file. What is an invalid file? JW: Could be a file that has been manufactured. My takeaway: I believe Kurtz and JW showed that BC could not have been zooming in on a dynamic (movement) type of page. This shows (to me) that it appears someone DID insert that file OR BC went to the page and did not even move the cursor because the date/time stamps are identical/unchanged.

You guys can probably pick my interpretation apart because I am not a computer specialist but thought it might be interesting to hear from an average person with little computer knowledge.

That's a good summary and demonstrates the reasonable doubt create by JW's testimony, although he was not allowed to testify directly to it.

This is why I believe it is significant that the pros did not ask him a single question about any of this - and there are 2 reasons IMO:

1) they could not impeach his testimony

2) they were afriad to open doors they preferred to keep shut, yet did so at the expense of compromising the integrity of their prize evidence.

 

[Danielle59]

We really don't know what effect FB has had on hiring in his particular case, but he seemed to have no prior experience testifying on the stand, so he wasn't in great demand as an expert witness. And I'll bet he won't be in the future, either, because companies don't want someone representing them that looks as foolish as he did when his FB page came to light today.

Every Expert had to have a first time testifying. I don't think his FB page hurt him at all, I think more people thought it was petty that the State looked foolish even trying to make it an issue without rebutting any of his actual testimony. The State was personally attacking the man over nothing, and they did it in a hostile and agressive manner which was not needed.

 

[Cheyenne130]

My husband is quite techy geek & he shops for his shoes at Walmart/Kmart/Target. I try hard to lead him to a better quality shoe. I think he is wearing New Balances that are falling apart at the moment. I don't think shoes always tell the story.

I'm a psuedo techy/geek and I prefer the footwear that the good Lord gave me. If I have to wear shoes, sandals are preferred. I don't think anyone would guess my profession based on footwear. Heck, Brad was a geek and he wore sneakers and sandals. (We saw that in the videos.)

 

[otto]

My husband is quite techy geek & he shops for his shoes at Walmart/Kmart/Target. I try hard to lead him to a better quality shoe. I think he is wearing New Balances that are falling apart at the moment. I don't think shoes always tell the story.

There's techy, and then there are wives of men with computer science degrees or men with computer science degrees. Have a look at Cooper's shoes ... I don't think you'll find them falling apart. Quality of shoes is something to look at if you want to know what people do for a living ... in my opinion.

 

[jrb0124]

5-7 times in ten years is a little too often. That actually looks like an unstable career history. We also had the question of whether he was really a consultant for IBM, or whether he worked for them for a short time.

The pros tried to make the number 7, its actually 5 and they finally conceded that point. You can characterize that as unstable - in the IT sector its not unusual. He was a part-time irregular freelance consultant for IBM while in college. Its all pretty much in the first 10 minutes of the cross.

 

[less0305]

I don't even use facebook (anymore) and I'm scared after today!

There have been some serious lessons/reminders on computer security handed out the last few days.

I've had facebook for quite some time now and I've never had a privacy setting issue. I set it to the most extreme privacy setting in the beginning - only people I allow see my wall, info, pictures, and video - no one else can. I've never had "facebook change" my security privacy settings - never once. I don't have to keep going back and double-checking. It is set the way I want it and it never changes. Mr. Ward embellished on that today when asked, I believe. He got caught in a booger-boo and he was just trying to scrape the poo off his shoes. But that's just my opinion. I don't know the guy. I'm not on any legal teams. And I'm nobody's relative.

 

[Cheyenne130]

I was doing some reading on timestamp syncing system-wide on a computer last night, and I am by no means any expert, but it seemed that the consensus was with all the focus on computer forensics now, it needed to be a higher priority with software developers. From what I understand, sometimes when automatic updates are done, not every file is necessarily updated as syncing with the update as it relates to specific software and processes, etc.

I also found an interesting article regarding timestamp tampering, and how to detect.

http://www.forensickb.com/2009/02/detecting-timestamp-changing-utlities.html

Again, I am no expert, but I know how to get around pretty well, including the registry, which was discussed today. I find myself needing to research online the questioning, as I feel i don't get enough information. It seems like the prosecution could put this tampering issue to rest if they just answered some of the unanswered questions that confuse the non-techies like me, who are unable to draw any inferences from the testimony alone.

I think they will do that with an expert rebuttal witness. I don't think they wanted to ask technical questions of someone that they were promoting as being a non-expert. MOO

 

[CrimeAddict]

We really don't know what effect FB has had on hiring in his particular case, but he seemed to have no prior experience testifying on the stand, so he wasn't in great demand as an expert witness. And I'll bet he won't be in the future, either, because companies don't want someone representing them that looks as foolish as he did when his FB page came to light today.

jmflu.. do you happen to remember around what time they talked about the FB page today? I didn't see any testimony today..

 

[jmflu]

Every Expert had to have a first time testifying. I don't think his FB page hurt him at all, I think more people thought it was petty that the State looked foolish even trying to make it an issue without rebutting any of his actual testimony. The State was personally attacking the man over nothing, and they did it in a hostile and agressive manner which was not needed.

I don't think anyone who posts foolish things on their FB thinks it will harm them. They see nothing wrong with it or they wouldn't do it. Perhaps you think that way. However, there are others, perhaps even on this very thread, who could be in a position to hire him in the future but would not do so now, given the look they have gotten into his personality and judgement through his FB page.

 

[jmflu]

There's techy, and then there are wives of men with computer science degrees or men with computer science degrees. Have a look at Cooper's shoes ... I don't think you'll find them falling apart. Quality of shoes is something to look at if you want to know what people do for a living ... in my opinion.

And in my SO's opinion, as well!

 

[borndem]

I think the point Mr Z is trying to make is that an internet security "expert" has allowed compromising information about himself to become public VIA THE INTERNET.

I agree -- this guy is a computer professional who specializes in security. His FB pictures and remarks look sloppy, childish, and snobby. If I were looking at him to hire for a project or to do some security work for me, his FB info, as it was presented in court, would make me go to the next name on my list.

And, he did back off of the high-bucks remarks for some of the companies where he was employed in that he wasn't directly involved in keeping all that dough from risk by his actions.

A bit of a blowhard, IMHO, and he needs to get rid of the smirk.

 

[otto]

He did not lack credentials for what he was qualified by the judge to testify to, just the opposite.

For what the judge did not qualify him to testify to - he had more experience than the state witness.

Unstable work history? I wouldn't characterize it as such - more like finding his niche. It's VERY common in the IT sector, and he has his own company now.

So, because he left a Facebook page unattended you believe this impeaches his expert technical credentials, and his uncontested testimony?

Did the pros question him about his credentials? no.
Did the pros question him about his expertise as a Network Security Expert? no?

He wanted to talk about things that he was not qualified to talk about. He did not have the requirements to speak as an expert in the subject area. I would say that his credibility was further put into question during cross-examination.

In addition, I couldn't follow the point. He can hack into a computer using linux or unix or whatever, he can use new software to easily modify the timestamp, and he had something to say about a .bmp but the files that were analysed were .tif or .png. The point?

 

[Cheyenne130]

I don't think anyone who posts foolish things on their FB thinks it will harm them. They see nothing wrong with it or they wouldn't do it. Perhaps you think that way. However, there are others, perhaps even on this very thread, who could be in a position to hire him in the future but would not do so now, given the look they have gotten into his personality and judgement through his FB page.

It's been all over the news websites in the past few years. There are students not getting accepted into college. There are job seekers not getting a job. There are people getting fired. All of it to do with activity on facebook. That is a reality.

 

[CrimeAddict]

He did not lack credentials for what he was qualified by the judge to testify to, just the opposite.

For what the judge did not qualify him to testify to - he had more experience than the state witness.

Unstable work history? I wouldn't characterize it as such - more like finding his niche. It's VERY common in the IT sector, and he has his own company now.

So, because he left a Facebook page unattended you believe this impeaches his expert technical credentials, and his uncontested testimony?

Did the pros question him about his credentials? no.
Did the pros question him about his expertise as a Network Security Expert? no?

He was qualified as a security expert but left his whole facebook page wide open? That is a no-brainer to me. It would appear to me that he is a joke. Everyone knows to keep the FB private and he didn't? I need to listen to that testimony. I can't comment on anything other than what you guys are saying and now I want to hear it.

 

[unc70]

Or it could have been done by the user of the computer ineffectively attempting to delete incriminating files. He did not go into ALL the ways the inaccuracies could have been generated. MOO

Attempting to delete evidence would not have generated those types of inaccuracies. Deleting incriminating files did not produce these files with timestamp errors.

 

[jmflu]

jmflu.. do you happen to remember around what time they talked about the FB page today? I didn't see any testimony today..

It was later in the afternoon, but by the time I go back and look I'll bet you'll have 2 or 3 people who remember!

 

[sunshine05]

The pros tried to make the number 7, its actually 5 and they finally conceded that point. You can characterize that as unstable - in the IT sector its not unusual. He was a part-time irregular freelance consultant for IBM while in college. Its all pretty much in the first 10 minutes of the cross.

Yes, job moves are no big deal these days. It does not show instability. I think it shows ambition. I made a lot of job changes in a 15 year span.
Lab technician - 6 months
Polymer Chemist - 2 years
Paint chemist (fortune 500 company) 4-5 years
Applications Chemist (a polymer company - one of the big 3) - 2 years
Technical Service chemist - another (smaller) polymer company - 2 years
Sales Rep of distribution (same company) - 6 months
Regional Sales Manager (small specialty additives company) - 4 years
Now : sahm

Every change was a step up and a considerable increase in salary. I was never accused of jumping around too much. Just giving an example....Zellinger shouldn't have gone there, IMO.

 

[KellyCrash]

There's techy, and then there are wives of men with computer science degrees or men with computer science degrees. Have a look at Cooper's shoes ... I don't think you'll find them falling apart. Quality of shoes is something to look at if you want to know what people do for a living ... in my opinion.

My husband has a computer science degree. He likes looking like a hobo. lol He can afford better, he's just cheap.

 

[otto]

The pros tried to make the number 7, its actually 5 and they finally conceded that point. You can characterize that as unstable - in the IT sector its not unusual. He was a part-time irregular freelance consultant for IBM while in college. Its all pretty much in the first 10 minutes of the cross.

His resume said he was a consultant for IBM, but the copy that he he said he gave to defense apparently had that line amended. Then, he combined two jobs into one. That reduced the numer of jobs from 7 to 5, but it still looks like his resume intended to give the impression that there were 7.

College? So his credentials were discussed. I take it he did not go to university?

 

[dramamama]

I think they will do that with an expert rebuttal witness. I don't think they wanted to ask technical questions of someone that they were promoting as being a non-expert. MOO

I hope they do. It seems like there should be a way to stop the inferences and just testify to the facts.