State v. Bradley Cooper 4-29-2011

[macd]

That is not what I heard. He could not attribute the source of the tampering (this witness equates spoilation with tampering in this case). He mentioned several possible means but did not assert that the Cisco VPN connection was the means.

He said file updates did not come from Microsoft, but came via a connection through the Cisco VPN. To me that indicates normal updates pushed from Cisco IT, instead of the normal updates pushed from Microsoft.

The timestamp anomalies were a bunch of nothing. Since that symptom was widespread, and not limited to the incriminating files.

 

[sunshine05]

FBI expert said no tampering.
Defense expert said he saw evidence of spoilation, mostly updates sent from Cisco, because the computer was left on.

I didn't see or hear anything that led me to believe intentional tampering.

Even the expert saying, "this is clearly evidence of tampering?"

Did you catch the part when they discussed the FBI tampering letter/document and that nothing was mentioned about the strange cookie and watermark? The witness thought they redacted that part (he thought)? There has to be more to this. I don't believe these witnesses are wrong and everything can simply be explained away. If that's the case, they better find another line of work.

 

[jrb0124]

FBI expert said no tampering.

FBI expert did not even address the deleted Google cookie :waitasec:

FBI expert could not be crossed on the methods he used to asertain his claim of no tampering.

BOTH defense experts were more experienced with computer forensic analysis (as oppossed to the State/judges standard for 'qualified') than the State's FBI witness.

 

[macd]

Lead me to another question for the computer experts out there. Several companies, other than Cisco, use Cisco VPN. So was he talking specifically about Cisco, or just Cisco VPN?

He meant the connection to the Cisco corporate network via a VPN tunnel. Whether or not Cisco branded software and equipment was used is irrelevant to this case.

 

[sunshine05]

He said file updates did not come from Microsoft, but came via a connection through the Cisco VPN. To me that indicates normal updates pushed from Cisco IT, instead of the normal updates pushed from Microsoft.

The timestamp anomalies were a bunch of nothing. Since that symptom was widespread, and not limited to the incriminating files.

It was more than that. BC's email was accessed, files were oddly created and simultaneously deleted. Red flags. They did acknowledge the normal updates but there were various other things that were not right. Do you really think everyone should just simply dismiss everything this forensic witness testified about because someone posted on websleuths that he was wrong about everything? Even the state couldn't refute his evidence of tampering.

 

[johnfear]

Interesting. Unless they have gone on break it seems the jury is taking longer to review this evidence than estimated. I wonder what that means. Comments regarding the prosecution buffet seemed to indicate not very much interest on the part of the jury.

Probably that they have been sent off to the other buffet (GC) for lunch is what it indicates!

 

[jrb0124]

He said file updates did not come from Microsoft, but came via a connection through the Cisco VPN. To me that indicates normal updates pushed from Cisco IT, instead of the normal updates pushed from Microsoft.

The timestamp anomalies were a bunch of nothing. Since that symptom was widespread, and not limited to the incriminating files.

I could argue some of this with you, but the overriding point is that files on the computer were tampered with after the CPD took possession. Malware existed, human interface was evidenced, Who/What/How is irrelevant. This evidence was not preserved, its integrity is compromised.

 

[macd]

FBI expert did not even address the deleted Google cookie :waitasec:

FBI expert could not be crossed on the methods he used to asertain his claim of no tampering.

BOTH defense experts were more experienced with computer forensic analysis (as oppossed to the State/judges standard for 'qualified') than the State's FBI witness.

FBI expert examined the whole drive and the entire contents.
Defense expert said he only looked where he was told to look.

It's the blindfolded man touching an elephant. The defense expert said it was a tree, because he only touched the leg. The FBI expert looked at the entire elephant and saw it for what it was.

 

[ncsu95]

I'm still baffled by Coomings cross of Mrs. C. The prosecution knew about these ducks since April 6th, so that couldn't have been a surprise. I think what threw him was having Mrs. C be the one to introduce the ducks. Brilliant move by the defense (in my opinion) having her do it because of who she is (much like the defense choosing not to cross Mrs. R). I think it caught him completely off guard and he handled it poorly.

I know most of you on here can't stand to listen to Kurtz. But I think the defense has done an amazing job in this trial. They quickly refuted much of the State's witnesses, especially the technical one. For example, getting the ME to say he had no confidence in the TOD he presented during direct. Getting the soil expert to admit the chemical makeup of the dirt on the shoe was different from Fielding Dr. Even getting Det. Daniels to admit they have no evidence proving the phone call was faked. Then they quickly, and systematically introduced tons of reasonable doubt during their own case. They brought the ducks in. They showed a video from the 11th of NC not wearing a necklace (that's the evidence at this point despite the opinions in this forum). They showed that the CPD actions with the cell phone are worse than simply wiping the phone (since the sim card wasn't wiped until later). Just as important, they got a lot of the JW testimony in through round about ways after getting Chappelle to admit there are issues with the files and admitting he doesn't know why. Also, they've gotten the prosecution team to make themselves look almost desperate at times (the Boz cows over the expert testimony, the facebook cross examination, gangsta Howard on the tennis grip, the debacle with the cross of Mrs. C). And as much as people don't like his voice, Kurtz has respectfully examined each witness. He even talked to JP with respect while throwing knives at him with his questions. That's a stark contrast to the condescending tone that Zellinger has taken with a couple of witnesses....the same witnesses that he never challenged the testimony on (JW and cell phone guy). For a guy who has never done a murder trial, I think he has done an amazing job.

 

[unc70]

Even the expert saying, "this is clearly evidence of tampering?"

Did you catch the part when they discussed the FBI tampering letter/document and that nothing was mentioned about the strange cookie and watermark? The witness thought they redacted that part (he thought)? There has to be more to this. I don't believe these witnesses are wrong and everything can simply be explained away. If that's the case, they better find another line of work.

The redaction in the FBI report and the fact that someone accessed the original disk without using a writeblock and that caused some updates to the disk!

 

[SleuthinNC]

Ok so hopefully the jury is truly looking at evidence with interest and not just trying to stretch this process out so they don't have to do anything else today...

 

[ncsu95]

FBI expert said no tampering.
Defense expert said he saw evidence of spoilation, mostly updates sent from Cisco, because the computer was left on.

I didn't see or hear anything that led me to believe intentional tampering.

State's expert said he didn't have an explanation for the state of those files but he didn't believe there was tampering. That statement alone should make you go :waitasec:

 

[macd]

I could argue some of this with you, but the overriding point is that files on the computer were tampered with after the CPD took possession. Malware existed, human interface was evidenced, Who/What/How is irrelevant. This evidence was not preserved, its integrity is compromised.

I agree. That is the strongest point that can be argued with integrity.
The laptop was not handled perfectly, so you can argue that the whole thing should be thrown out.

Same point was argued on the cell phone. Since it wasn't powered down in a Faraday Bag, evidence could have been contaminated.

This is typical argument for DNA evidence. "Someone sneezed, so the DNA was contaminated, so even though it's a match, it should be thrown out."

Note that defense expert went to length to say when he said "tamper" he meant the same as "spoil".

 

[jrb0124]

It's the blindfolded man touching an elephant. The defense expert said it was a tree, because he only touched the leg. The FBI expert looked at the entire elephant and saw it for what it was.

Here's a better analogy:

defense expert had access to only part of the tree, saw it was diseased; therefore reported that the tree is diseased.

pros expert had access to the whole tree and could not arrive at the same conclusion.

 

[snowshuze]

Ok so hopefully the jury is truly looking at evidence with interest and not just trying to stretch this process out so they don't have to do anything else today...

They're only going through the table evidence one at a time. Sixteen jurors. Plus the hand passing of evidence through the jury box. Per Judge Gessner before blackout.

 

[Bottle Cap]

It was more than that. BC's email was accessed, files were oddly created and simultaneously deleted. Red flags. They did acknowledge the normal updates but there were various other things that were not right. Do you really think everyone should just simply dismiss everything this forensic witness testified about because someone posted on websleuths that he was wrong about everything? Even the state couldn't refute his evidence of tampering.

You're saying BC's email was accessed by someone besides him. Nobody else has said this. Where did you get this from?

 

[sunshine05]

Ok so hopefully the jury is truly looking at evidence with interest and not just trying to stretch this process out so they don't have to do anything else today...

They probably like being able to get up and walk around for a change.

 

[unknown403]

Here's a better analogy:

defense expert had access to only part of the tree, saw it was diseased; therefore reported that the tree is diseased.

pros expert had access to the whole tree and could not arrive at the same conclusion.

I think it's worth mentioning that this "pros Expert" is actually the FBI. If the FBI had gone and found no trace of anything improper he would be a defence expert. The FBI IMO has no vested interest in seeing BC found guilty.

I get the argument that the defence could not see how he derived this evidence, it's agood point but it seems like the documentation for the defence was lacking and incoherent as well, there was no pictures taken of how JW came to any conclusions was there?

 

[sunshine05]

You're saying BC's email was accessed by someone besides him. Nobody else has said this. Where did you get this from?

His email archives were accessed, among other things. It was part of yesterday's Proof testimony.

 

[SleuthinNC]

They're only going through the table evidence one at a time. Sixteen jurors. Plus the hand passing of evidence through the jury box. Per Judge Gessner before blackout.

Yes. Trenkle yesterday estimated this process to take between 45 minutes to 1 hour 15 minutes and the Judge commented "If that" since apparently jurors were getting up and walking out during the prosecution buffet.