State v. Bradley Cooper 4-12-2011

[cody100]

That kind of doesn't make sense though because the software that does automated backups, software updates, etc. would be enterprise software residing on a server on the Cisco network. There is nothing to update or access if the computer is not attached to the network.

You are exactly right about that. If the battery were out of it, it wouldn't happen either. I think that is where Kurtz was going with it. That it didn't meet protocol.

 

[foltster]

I realize it's much more fun to speculate creatively on how all these things could have happened to Brad Cooper. How inept and yet at the same time brilliant law enforcement conspirators planned to frame him. It's the stuff of rich fantasies. Conspiracy theories are popular.

The truth is much more mundane and perhaps boring in this case. No one accessed Cooper's computer except for Brad Cooper and then the FBI. No one changed files on Cooper's computer, though automated software certainly was running and the software scripts updated files as would normally occur every day. No one snuck into Cooper's network and then gained accessed to his Cisco secure laptop and placed files on that computer incriminating him in his wife's murder.

It would be much more exciting to imagine all of these nefarious things happening, but it did not happen. If something incriminating exists on Cooper's laptop it's because he put it there and it was later found by the FBI.

Common sense.

Mundane or not, no files should be changed on the computer. Under no circumstances should CPD have booted any of the computers but the FBI expert testified files had been modified after seizure of the computers. While I am not directly saying that CPD did anything here, this opens up the possibility that they did.

Again, FBI / LE does not power up the computer, the hard drive is copied, preserved, and they work with the copy. CPD allowed the computer to modified at some point before giving it to the FBI. Files do not change on computers that are properly handled with regard to digital forensics.

A bonehead mistake along the line of deleting the information on NC's blackberry.

 

[cityslick]

Wow, now the FBI is inept.

These updates happened while in custody of CPD. This has nothing to do with the FBI.

 

[ncsu95]

Why did he lie about it in the deposition? (Said he never used adventuresofbrad.com email account. FBI said that's where he forwarded her emails)

Because he is a liar.

 

[cody100]

These updates happened while in custody of CPD. This has nothing to do with the FBI.

That is correct according to the FBI agent testifying.

 

[hotpinkstef]

WRAL
Detective Chris Chappell is the 63rd witness to take the stand for the prosecution. #coopertrial

 

[CyberPro]

That kind of doesn't make sense though because the software that does automated backups, software updates, etc. would be enterprise software residing on a server on the Cisco network. There is nothing to update or access if the computer is not attached to the network.

I fear you are mistaken, and I cannot correct you because we are not informed about what files were accessed, or had the access dates changed, if any. Yes, I know about the 960 files, but we don't know where they were, what happened to them or in what order. The computer does NOT need to be on a network for this to happen at all.

Take, as an example, a couple of fairly common programs. Anti-Virus, and Google Desktop. Google Desktop is a program which resides ON THE LOCAL COMPUTER, and maintains an index of files, and the CONTENT of the file so that you can do a keyword search on your system. Have a file that contains Grandma's famous chocolate cake, but can't remember what you named it, or where you put it? This is the trick for you! It will be able to find all files that have "Grandma" or "Chocolate" or "Cake", even if they are in e-mails, etc. To work this magic, the software runs in the background and searches the contents of those files to build the search index, and, you guessed it, in order to populate the index it has to read the file so it gets the contents of the file.

Anti-Virus software usually scans at regular intervals, but it depends on the settings. Some programs will realize that they have missed one or more scheduled scans and begin scanning as soon as the system is turned on, which again changes the access date of the file. Note it changes the access date, not the modified date.

 

[Madeleine74]

Not necessarily... if the computer was turned on by either accident, ignorance, or as the FBI has testified during the normal course of operation before it was permanently powered off then there is some software that will go and pull updates. I don't have anything specific to Cisco but I do know the company I work for performs regular disk scans (for unauthorised or malicious software), virus scans, and checks for updates on the enterprise servers. All of which could potentially modify a log file even with just an entry that it was unsuccessful in contacting the enterprise server.

Testimony from every CPD officer who came into direct and indirect contact with Cooper's computer testified they did not touch the computer, did not turn on the computer, its battery, and its power cord were all taped with that yellow police tape. No one accessed the computer before the FBI got the computer and copied the hard drive to make an image. The computer was in a locked and secure computer room at CPD. No one accidentally turned it on. Did not happen.

 

[WolfpackWoman]

Cooper's laptop was on and connected to the Cisco network until 5:09pm on July 15. That's when the laptop was seized and turned off. Whatever files were updated occurred before, or right at, that time. Once the power was off, no updates could be done to the laptop. A computer that is turned off completely does not receive and send info.

You do realize that this is not what was testified to, don't you? The HOME was seized on July 15 at 5:20. The computer itself was not disconnected from wireless, unplugged, or the battery removed until ~27 hours later.

 

[ncsu95]

And the sad part is, people condone that type behavior - they justify it, they accept it, they pass it off as no big deal. Is it any wonder why so many women and children are murdered and thrown out like trash in the U.S.??!!! It's that blase (sp?) attitude about the safety and welfare of our vulnerable that just slays me(poor choice of a pun, I know).

And then the total disdain for our law enforcement officers. These are the people are who are sworn to protect and serve and then the people from their own community degrade and denigrate them as if they are the enemy or the criminals. My goodness - hope you don't ever need a police officer's help for anything. Hope you aren't the victim of a violent crime there in Cary - because to hear you all tell it, they are the worst of the worst LEO. How many homicides occur in Cary anyway? Is it something that occurs once an hour, once a day - do they have murder investigations going on constantly? I think they've done a commendable job. They certainly investigated TONS of stuff that has been criticized for having no evidentiary value - but on the other hand the CPD jumped to the conclusion it was Brad. Wow - you want it both ways?

Nobody is condoning the behavior. We are discussing this and how it fits into a murder trial.

 

[LyndyLoo]

Hey Folks..You all have been GREAT updating..TY TY..I have been reading alot of criticisms of FBI..saying they should have done this or that...With that, I have to ask..Did their actual methods of retrieving information ever get outed??..I thought it was a guarded secret method...So how can you criticise an method, if ya dont know how they do it??

Just asking, as have no clue HOW they did it?? Obviously it wasnt the normal procedure, or would have said so, NO?

Okay, back to lurking :blushing:

 

[foltster]

Not necessarily... if the computer was turned on by either accident, ignorance, or as the FBI has testified during the normal course of operation before it was permanently powered off then there is some software that will go and pull updates. I don't have anything specific to Cisco but I do know the company I work for performs regular disk scans (for unauthorised or malicious software), virus scans, and checks for updates on the enterprise servers. All of which could potentially modify a log file even with just an entry that it was unsuccessful in contacting the enterprise server.

There is no "accidentally" turning on a computer here. Digital forensics have very specific rules and procedures which were definitely not followed in this case. This mistake will end up putting much more doubt into the case for sure.

 

[SleuthinNC]

Not necessarily... if the computer was turned on by either accident, ignorance, or as the FBI has testified during the normal course of operation before it was permanently powered off then there is some software that will go and pull updates. I don't have anything specific to Cisco but I do know the company I work for performs regular disk scans (for unauthorised or malicious software), virus scans, and checks for updates on the enterprise servers. All of which could potentially modify a log file even with just an entry that it was unsuccessful in contacting the enterprise server.

Correct it would say attempted but not successful. It would modify the log file not other files.

 

[grommet]

Forensic computer analysis is normally performed without modifying any files on the original hard drive by first taking an exact copy of the entire drive. Copying a hard drive in this manner does not modify the files in any way. No excuse should be accepted as to why 690 files were changed before the FBI even got the computer to begin analysis!

My friend who works for the NC SBI in digital forensics says this is a big no-no and he has seen evidence from computers that had files changed not being admitted due to this.

This is just as bad as CPD deleting Nancy's phone.

Index.dat for IE, which is where they get most of the history information from, was one of those files modified!

CPD...WTF?!!? Will you PLEASE hire technically competent people or at least admit your technical incompetence and get the hell out of the way? These mistakes make you look like a bunch of ignorant rednecks. I'm pissed.

 

[SleuthinNC]

The prosecution, for a short time, showed a log of activity from Cooper's IBM laptop. The FBI guy explained how they acquire such a log.

Within the log, I saw at least 2 separate instances of 'click to call' activity, which is a way of initiating a call by going to a website and clicking on a specific button. This was one of the ways the Cisco expert testified to last week in which a call can be initiated. The prosecution didn't talk about those items when they showed this log, but I saw them, plain as day. As for the date/time of the calls, not sure, but they were definitely in 2008 and sometime in the June - July timeframe.

So how to explain:

Defense: The state says Brad used computer to generate a call from his house. You found no such evidence. FBI agent: I did not.

 

[RobT]

Testimony from every CPD officer who came into direct and indirect contact with Cooper's computer testified they did not touch the computer, did not turn on the computer, its battery, and its power cord were all taped with that yellow police tape. No one accessed the computer before the FBI got the computer and copied the hard drive to make an image. The computer was in a locked and secure computer room at CPD. No one accidentally turned it on. Did not happen.

Well, files don't modify themselves with the power off so it truly is one way or the other. The fact is that some files were modified after the time of seizure. If it wasn't an accident then it is a conspiracy.

 

[Madeleine74]

Under no circumstances should CPD have booted any of the computers but the FBI expert testified files had been modified after seizure of the computers. While I am not directly saying that CPD did anything here, this opens up the possibility that they did.

There has been no such testimony. The FBI witness testified that he himself did not alter any files. CPD detectives who were part of the search and seizure of computer equipment also testified in detail about how they seized the equipment, exactly what they did. They did not access the Cooper laptop.

 

[cody100]

I fear you are mistaken, and I cannot correct you because we are not informed about what files were accessed, or had the access dates changed, if any. Yes, I know about the 960 files, but we don't know where they were, what happened to them or in what order. The computer does NOT need to be on a network for this to happen at all.

Take, as an example, a couple of fairly common programs. Anti-Virus, and Google Desktop. Google Desktop is a program which resides ON THE LOCAL COMPUTER, and maintains an index of files, and the CONTENT of the file so that you can do a keyword search on your system. Have a file that contains Grandma's famous chocolate cake, but can't remember what you named it, or where you put it? This is the trick for you! It will be able to find all files that have "Grandma" or "Chocolate" or "Cake", even if they are in e-mails, etc. To work this magic, the software runs in the background and searches the contents of those files to build the search index, and, you guessed it, in order to populate the index it has to read the file so it gets the contents of the file.

Anti-Virus software usually scans at regular intervals, but it depends on the settings. Some programs will realize that they have missed one or more scheduled scans and begin scanning as soon as the system is turned on, which again changes the access date of the file. Note it changes the access date, not the modified date.

That wouldn't occur if the computer were turned off and the battery removed would it?

 

[Madeleine74]

Well, files don't modify themselves with the power off so it truly is one way or the other. The fact is that some files were modified after the time of seizure. If it wasn't an accident then it is a conspiracy.

What dates and times were these files 'modified?'

 

[ncsu95]

Testimony from every CPD officer who came into direct and indirect contact with Cooper's computer testified they did not touch the computer, did not turn on the computer, its battery, and its power cord were all taped with that yellow police tape. No one accessed the computer before the FBI got the computer and copied the hard drive to make an image. The computer was in a locked and secure computer room at CPD. No one accidentally turned it on. Did not happen.

Then how did the files changes after it was seized?