2011.06.08 TRIAL Day Thirteen (Morning Session)
- Thread starter beach
- Start date
-
NJ NJ - Dulce Mariá Alavez, 5, abducted @ Bridgeton City Park, Cumberland Co, 16 Sep 2019 #7- Latest: Aegon_the_Conqueror
- Status
Clearly Confused
Oh my head!
- Joined
- Apr 4, 2005
- Messages
- 1,272
- Reaction score
- 0
Can't believe she didn't even look at the picture of her and Caylee...wow!
Chiquita71
New Member
- Joined
- Feb 3, 2009
- Messages
- 3,835
- Reaction score
- 3
LDB: using NK to look at different parts, what was it you were tasked to do initially?
a fishing expediton regarding ZFG and any info that would lead us to Caylee
LDB: what did you do to look for references of ZFG?
with an examination the first thing I do is look through user folders. I look at desk top, active files, start at desk top level what is stored. internet history where they visit, temp internet files to see where visit. any info re: who owns this computer and what person uses it. are they online a lot, business computer? Games, sometimes people only use for games.
LDB: able to locate references to ZFG
yes in temp internet files
LDB: determine date and time?
yes
LDB: how are you able to do that?
the temp files are a record. save on hard drive. it is about speed, every page you visit will save to hard drive. I can see what pages have been visited on there. If I go to www. nascar . com that URL will be stored on my hard drive and have a record that I visited that side and it will load from my hard drive. what I found on the 16th it records not only where I went but the date and time. That reference on the 16th is it being cashed to hard drive.
LDB: ?
several searches on internet: class reunion. searches for the name. on the morning of July 16th 2008. looking for a age range of 22 to 29 either in Orlando or Jacksonville.
LDB: any references to ZFG prior to the date of July 16th?
no
LDB: the process is trying to asses the general usage. any conclusions as to use this computer got?
on and running. not much office work. resumes of Mr. Anthony's. not a lot of business. no homework. a lot of internet history the temp files where four and a half years of internet history. they did not clear the history either.
LDB: how, browser?
click on it and clear
LDB: have to do it for each browser?
yes, if clear for Internet explorer will not clear fire fox
LDB: once you clear that cashe?
it gets saved on deleted space, but it resides on hard drive
LDB: how long can info stay in the allocated space/deleted space
depends, maybe for years.
LDB: if you have this free space on the computer and it is written over can you ever retrive the data that is underlying what writes over it?
no
LDB: what is a key word search?
NCase allows me to ask NCase: Nascar it will go through every bit of that hard drive looking for Nascar. I can ask for only one file or part if I like.
LDB: user accounts password protected?
one did
LDB: determine password?
rico23
LDB: able to determine when set?
yes(looking at report)(police sirens in back ground) sorry there is a lot of info in this report. (it is taking a while) set earlier in year in 2008 if I remember correctly. I am trying to verify that. Earlier in the year March of 2008, I believe.
LDB: the internet history on the HP. How evaluate that?
complicated question. internet files or history
LDB: two different things?
one is the page, difference. the history I would have copied those files out from Ncase using Net Analysis which puts cookies files, etc into spread sheet how I want to look at them: by date or however I wanted to look at them
LDB: is Net Analysis used in the computer forensic field?
yes
LDB: standard in the field
has been and yes
LDB: in files, cookies or internet history, can you tell which user is making the search?
yes, the internet history data base
JB: objection
HHJP: overruled
it records which user account is logged in and using account. not who is sitting there but which account is being used.
LDB: user account? internet history? cookies?
correct
LDB: once files are deleted, will the record associated with deleted files tell you who made search?
no, info no longer available
LDB: asked by YM to perform a key word search for chloroform?
yes
LDB: when?
late in Aug 2008
LDB: how was that performed?
the same as the ZFG key word was performed, put it into Ncase.
LDB: was there a location on the computer where you determined the key word hits occured.
in deleted space on hard drive
LDB: are you able to view the info associated with those hits?
yes
LDB: what can you see?
because it is in deleted space. hit or miss if get entire record. with chloroform we were able to recover the complete history. from the beginning to the end. complete history record.
LDB: you said that is sometimes difficult
sometimes when you delete there is a chance it gets covered but not in this case, we got entire record
LDB: how do you know?
I gave to sargent who is expert in that area, I am not
objection
sustained
LDB: you alerted another individual you reported a hit
chloroform: I was able to look at the language surrounding that and recogzied it as a data base internet file. I went to the beginning of the record because I did not know where it appeared, I found the search hit and turned it over to my sargent.
LDB: how does that happen?
he shoulder surfs, we are in a few feet of each other in the lab, he copied that out to another source and created report from there.
LDB: the HP was not only one through NCase?
yes
LDB: Ricardo Moralas?
yes, I did
LDB: what did you receive and from who?
I received a computer reportedly belonging to RM by John Allen
LDB: what did you do to preserve the data on RM computer?
the proceedure to document is the same as the other computers. removing hard drive and checking system clock. it was an apple, mac book, hard drive removed and copied using the Ncase software.
LDB: note date and time?
oct 28 2008 at 3:24 and system was oct 28 2008: London time or Grenwich mean time. difference of four hours.
LDB: if I may show the witness what was introduced as states 12. There is a monitor that looks like it has been turned. may I publish to jury since it has already been introduced?
HHJP: you may
LDB: can you see image?
I can
LDB: were you asked to deterime if that image was on his computer?
look for pictures of caylee with pink tee and info
LDB: able to locate states number 12?
yes
LDB: how?
searching the graphic files on the computer. I am sorry I don't know that I did, if I recognize that one. I do not have that report printed out, mine is on disk.
a fishing expediton regarding ZFG and any info that would lead us to Caylee
LDB: what did you do to look for references of ZFG?
with an examination the first thing I do is look through user folders. I look at desk top, active files, start at desk top level what is stored. internet history where they visit, temp internet files to see where visit. any info re: who owns this computer and what person uses it. are they online a lot, business computer? Games, sometimes people only use for games.
LDB: able to locate references to ZFG
yes in temp internet files
LDB: determine date and time?
yes
LDB: how are you able to do that?
the temp files are a record. save on hard drive. it is about speed, every page you visit will save to hard drive. I can see what pages have been visited on there. If I go to www. nascar . com that URL will be stored on my hard drive and have a record that I visited that side and it will load from my hard drive. what I found on the 16th it records not only where I went but the date and time. That reference on the 16th is it being cashed to hard drive.
LDB: ?
several searches on internet: class reunion. searches for the name. on the morning of July 16th 2008. looking for a age range of 22 to 29 either in Orlando or Jacksonville.
LDB: any references to ZFG prior to the date of July 16th?
no
LDB: the process is trying to asses the general usage. any conclusions as to use this computer got?
on and running. not much office work. resumes of Mr. Anthony's. not a lot of business. no homework. a lot of internet history the temp files where four and a half years of internet history. they did not clear the history either.
LDB: how, browser?
click on it and clear
LDB: have to do it for each browser?
yes, if clear for Internet explorer will not clear fire fox
LDB: once you clear that cashe?
it gets saved on deleted space, but it resides on hard drive
LDB: how long can info stay in the allocated space/deleted space
depends, maybe for years.
LDB: if you have this free space on the computer and it is written over can you ever retrive the data that is underlying what writes over it?
no
LDB: what is a key word search?
NCase allows me to ask NCase: Nascar it will go through every bit of that hard drive looking for Nascar. I can ask for only one file or part if I like.
LDB: user accounts password protected?
one did
LDB: determine password?
rico23
LDB: able to determine when set?
yes(looking at report)(police sirens in back ground) sorry there is a lot of info in this report. (it is taking a while) set earlier in year in 2008 if I remember correctly. I am trying to verify that. Earlier in the year March of 2008, I believe.
LDB: the internet history on the HP. How evaluate that?
complicated question. internet files or history
LDB: two different things?
one is the page, difference. the history I would have copied those files out from Ncase using Net Analysis which puts cookies files, etc into spread sheet how I want to look at them: by date or however I wanted to look at them
LDB: is Net Analysis used in the computer forensic field?
yes
LDB: standard in the field
has been and yes
LDB: in files, cookies or internet history, can you tell which user is making the search?
yes, the internet history data base
JB: objection
HHJP: overruled
it records which user account is logged in and using account. not who is sitting there but which account is being used.
LDB: user account? internet history? cookies?
correct
LDB: once files are deleted, will the record associated with deleted files tell you who made search?
no, info no longer available
LDB: asked by YM to perform a key word search for chloroform?
yes
LDB: when?
late in Aug 2008
LDB: how was that performed?
the same as the ZFG key word was performed, put it into Ncase.
LDB: was there a location on the computer where you determined the key word hits occured.
in deleted space on hard drive
LDB: are you able to view the info associated with those hits?
yes
LDB: what can you see?
because it is in deleted space. hit or miss if get entire record. with chloroform we were able to recover the complete history. from the beginning to the end. complete history record.
LDB: you said that is sometimes difficult
sometimes when you delete there is a chance it gets covered but not in this case, we got entire record
LDB: how do you know?
I gave to sargent who is expert in that area, I am not
objection
sustained
LDB: you alerted another individual you reported a hit
chloroform: I was able to look at the language surrounding that and recogzied it as a data base internet file. I went to the beginning of the record because I did not know where it appeared, I found the search hit and turned it over to my sargent.
LDB: how does that happen?
he shoulder surfs, we are in a few feet of each other in the lab, he copied that out to another source and created report from there.
LDB: the HP was not only one through NCase?
yes
LDB: Ricardo Moralas?
yes, I did
LDB: what did you receive and from who?
I received a computer reportedly belonging to RM by John Allen
LDB: what did you do to preserve the data on RM computer?
the proceedure to document is the same as the other computers. removing hard drive and checking system clock. it was an apple, mac book, hard drive removed and copied using the Ncase software.
LDB: note date and time?
oct 28 2008 at 3:24 and system was oct 28 2008: London time or Grenwich mean time. difference of four hours.
LDB: if I may show the witness what was introduced as states 12. There is a monitor that looks like it has been turned. may I publish to jury since it has already been introduced?
HHJP: you may
LDB: can you see image?
I can
LDB: were you asked to deterime if that image was on his computer?
look for pictures of caylee with pink tee and info
LDB: able to locate states number 12?
yes
LDB: how?
searching the graphic files on the computer. I am sorry I don't know that I did, if I recognize that one. I do not have that report printed out, mine is on disk.
BigFatMommyDog
Active Member
- Joined
- Aug 20, 2008
- Messages
- 4,932
- Reaction score
- -25
Big old head shake from ICA when the Witness said she looked for pink shirt with writing on it....and looked at the picture
nosytrish
New Member
- Joined
- Aug 28, 2008
- Messages
- 479
- Reaction score
- 0
I'm confused, LDB asked the witness if she searched chloroform on ICA's computer, she said yes and that she did get a "hit", did I miss the results? I'm scratching my head here on why she asked if she searched it, she said yes and that she got a hit but didn't go into the results and just moved on to Ricardo's computer? I'm sure that confused the jury also
chasing.halos
Verified Insider
- Joined
- Jun 18, 2010
- Messages
- 3,751
- Reaction score
- 399
A picture of her with her daughter wearing the shirt she was found in and no reaction at all... she doesn't even look up. Unbelievable.
waltzingmatilda
Verified Insider-Roy Moore
- Joined
- Sep 10, 2008
- Messages
- 6,718
- Reaction score
- 722
This witness has some physical characteristics that are similar to CA, IMO.
wm
wm
Ms.Heather
Active Member
- Joined
- Dec 19, 2008
- Messages
- 1,496
- Reaction score
- 8
Ooh ok, I can see now. ICA is doing her paralegal research. She is reading/comparing something...
Trying to find something to pounce on this witness with no doubt.
Trying to find something to pounce on this witness with no doubt.
- Joined
- Oct 28, 2008
- Messages
- 4,371
- Reaction score
- 3,695
oh boy the DT will jump on that
wenwe4
Well-Known Member
- Joined
- Oct 6, 2008
- Messages
- 9,500
- Reaction score
- 7,367
Picture of KC w/Caylee @ RM's bedroom w/bruise under eye.....
Osborne was asked to look for pics of Caylee w/pink shirt......graphics.....doesn't have a paper print out of her report has a disc......SA offers copies......
once photo found info imbedded info stays in the file of the pic - able to view that imbeded info.....
5 min recess
Mountain_Kat
Heca Firimar !
- Joined
- Oct 28, 2010
- Messages
- 13,966
- Reaction score
- 45,253
Pic of Caylee and ICA in RM's room taken when?
Argggg! Break NOW?! Before we get the answer?! WTH?!
Argggg! Break NOW?! Before we get the answer?! WTH?!
Chiquita71
New Member
- Joined
- Feb 3, 2009
- Messages
- 3,835
- Reaction score
- 3
LDB: can you tell the jury once an image is located in graphic files can you tell when pic was taken?
yes like with Nikon cool pics info is embedded. that info stays with file, and I can view that.
HHJP: taking a five minute
yes like with Nikon cool pics info is embedded. that info stays with file, and I can view that.
HHJP: taking a five minute
laniefi
Inactive
- Joined
- Oct 9, 2008
- Messages
- 1,630
- Reaction score
- 19
They may be setting the stage so to speak...
Yes thats the shirt! What was the date of this photo?
- Status
Similar threads
Online statistics
- Members online
- 87
- Guests online
- 540
- Total visitors
- 627