April 22 weekend of Sleuthiness

Status
Not open for further replies.
  • #501
I could be wrong, but I believe that Call Manager Express can run on the [possibly existent, possibly not] router itself.

It could. It would have left a trail in the form of a time and date stamp call log.

Especially if you were setting it up like an auto attendant to dial in from a phone that you were crossing through, then dialing back out. I think if he'd programmed some sort of timed call, it would have been found. I was thinking they were going to say he did some sort of "pager" call back through it. But they didn't come up with it. I actually came up with a couple of different pieces of Cisco equipment and software that would have done it that they mentioned, but never linked him to. That was what I was really waiting for from my fence post.
 
  • #502
Cross went on for a good while, because Chappell was stonewalling big time. I have pages of notes, but I'll try to hit some high points. (Perhaps some of you with more tech experience will show me that this all meant nothing, but it seemed compelling to me.)

K-When did you export the file table from FTK? (forensic tool kit)
C-About 3 weeks ago when I did the report.
K-When you did the extraction you became aware of invalid time stamps. You didn't note those on the report, did you?
C-Correct.
K-Is that something you omitted intentionally?
C-I omitted lots of things I didn't find relevant.
K-Did you note that all 500(?) files in this 41 seconds had invalid time stamps?
C-I was satisfied that the other 7 time stamps were correct.
K-Why didn't you put your name and the date on your report?
C-It was really just notes, not a report.

Kurtz then asks Chappell to take us step-by-step --show us what the State alleges BC did. This is not to demonstrate how long it takes. Just show us the exact steps.

K-You don't know how/when google updates.
C-No, but I'm satisfied that my results were the same. For the record, I want to say that 3 years later, it may be different.
Boz-objection-overruled--let Jury decide weight to give the testimony.
C-Level of zoom was 11/default. Went to almost maximum
K-Not my question. How many actual levels of zoom...
C-(Shut Kurtz down at this point.)

K-Went to 41 second question. asked if he thought BC found/decided where to dump his wife's body in 41 sec.
C-41 seconds is a long time.

K-presents Def. exhibit 84--Ward's report on tampering, appendix states "In fact, these files contain both the active and the deleted files..."
C-There is one missing --related to google ads
C-One google cookie can do different things.
K-Google cookies 1,2,3,5,6,7,8 are all there. Missing cookie 4.
K-Can you show us that cookie?
K-Would that cookie show intermediate access? Not just first and last activity?
K-Was any google cookie activity modified on July 11? Is it your testimony?
(shut down by C)
K-Not a single cookie that corresponds with this visit on the machine.
C-Not that we can see from this side.
K-In your "non report" you said there WAS a cookie.
C-That's what I believed at the time.
K-So it isn't true?
C-It was inaccurate.
K-If you'd had a cookie, it would have been a significant piece of evidence.
C-We found lots of cookies.
K-If you had found that PARTICULAR cookie.
C-It would have been nice.

Kurtz got C to say they did not get court order for google. C-"We sent a preservation letter." K-produced letter--You didn't ask to preserve cookies? C-(Read letter) K-Did you zero in on 1:14 in letter? C-No. That would have been a way to make sure it was preserved.
K-Is it your opinion that Mr. Cooper deleted the single cookie and shredded it? C-It is possible. K-You know BC has a degree in comp sci? You think he would go to time/trouble to clear that ONE cookie but fail to get rid of temporary internet files?
K-Did you evaluate routers? C-No. K-Any other hardware? An external hard drive, thumb drive...
Boz--OBJECTION! DUMB QUESTION...

More later....re:time stamps and CSA logs....

Thanks so much for this! The fact that all the files during that 41 second time period had invalid timestamps definitely stands out for me.
 
  • #503
I respectfully request that you purchase a sports bra and put it on, and have someone drag you.

Bottlecap, you joined the party late. Let me just say that we have some dedicated sleuthers on the board. ;) It has been done. I can report, without reservation, that a person can be dragged by a sports bra. And the bra rolls either under or up, depending on how it's grabbed.
 
  • #504
It is interesting you should repost my post at this particular moment, just as unc has forecast that something is about to be revealed that will shock us.

Now, he can recant if he likes. But as I have been saying, people know people and they know things, that eventually come out as their being biased on this board.
Or it could be that an anonymous person sitting behind a keyboard is jerking some folks' chains by acting like he/she has "inside info" since it provides cheap entertainment and really costs him/her nothing to jerk said chains. Just sayin.
 
  • #505
Cross went on for a good while, because Chappell was stonewalling big time. I have pages of notes, but I'll try to hit some high points. (Perhaps some of you with more tech experience will show me that this all meant nothing, but it seemed compelling to me.)

<snipped for space>

More later....re:time stamps and CSA logs....

Interesting. So a missing cookie related to google ads, but it may not be missing, and if it was missing it may not have been found. Confusing.

The zoom level can be as high as 21 (building detail), but not all maps have that level of zoom. The map that Brad looked at was probably set to 12, so 11 would have been almost full zoom. Again, in this google map type, there is still no bmp file extension.

http://code.google.com/apis/maps/documentation/staticmaps/

When Kurtz asked if 41 seconds was long enough to decide on a body location, the response was that 41 seconds is a long time. That's not a very good answer.

It sounds like the expert was not as confident as he could have been.
 
  • #506
:takeabow::slap::slap:I think if there is to be a vote, it should be this weekend. Any and all defense and/or prosecution moles should come forward, and then they will be allowed to bid for the sleuthiest web sleuther for their side to use as a consultant. As a collective community, we can vote for the most persuasive for either side, and send them off to duty....

:pillowfight:
 
  • #507
I believe most likely BC...if not him, then #1.

Why didn't the random attacker take out her diamond earrings? Earrings, the most common souvineer (sp?) taken by criminals. When they finally nab a serial rapist, he's always got jewelry trophy's. Especially earrings. And we all know a robber isn't going to leave a pair of diamond studs. And why didn't nancy try to fight to get away?
 
  • #508
11/default would not be a very significant zoom on google maps, fyi.

C said that it started at 11(default) and went almost to maximum. Sorry if that wasn't clear.
 
  • #509
Cross went on for a good while, because Chappell was stonewalling big time. I have pages of notes, but I'll try to hit some high points. (Perhaps some of you with more tech experience will show me that this all meant nothing, but it seemed compelling to me.)

K-When did you export the file table from FTK? (forensic tool kit)
C-About 3 weeks ago when I did the report.
K-When you did the extraction you became aware of invalid time stamps. You didn't note those on the report, did you?
C-Correct.
K-Is that something you omitted intentionally?
C-I omitted lots of things I didn't find relevant.
K-Did you note that all 500(?) files in this 41 seconds had invalid time stamps?
C-I was satisfied that the other 7 time stamps were correct.
K-Why didn't you put your name and the date on your report?
C-It was really just notes, not a report.

Kurtz then asks Chappell to take us step-by-step --show us what the State alleges BC did. This is not to demonstrate how long it takes. Just show us the exact steps.

K-You don't know how/when google updates.
C-No, but I'm satisfied that my results were the same. For the record, I want to say that 3 years later, it may be different.
Boz-objection-overruled--let Jury decide weight to give the testimony.
C-Level of zoom was 11/default. Went to almost maximum
K-Not my question. How many actual levels of zoom...
C-(Shut Kurtz down at this point.)

K-Went to 41 second question. asked if he thought BC found/decided where to dump his wife's body in 41 sec.
C-41 seconds is a long time.

K-presents Def. exhibit 84--Ward's report on tampering, appendix states "In fact, these files contain both the active and the deleted files..."
C-There is one missing --related to google ads
C-One google cookie can do different things.
K-Google cookies 1,2,3,5,6,7,8 are all there. Missing cookie 4.
K-Can you show us that cookie?
K-Would that cookie show intermediate access? Not just first and last activity?
K-Was any google cookie activity modified on July 11? Is it your testimony?
(shut down by C)
K-Not a single cookie that corresponds with this visit on the machine.
C-Not that we can see from this side.
K-In your "non report" you said there WAS a cookie.
C-That's what I believed at the time.
K-So it isn't true?
C-It was inaccurate.
K-If you'd had a cookie, it would have been a significant piece of evidence.
C-We found lots of cookies.
K-If you had found that PARTICULAR cookie.
C-It would have been nice.

Kurtz got C to say they did not get court order for google. C-"We sent a preservation letter." K-produced letter--You didn't ask to preserve cookies? C-(Read letter) K-Did you zero in on 1:14 in letter? C-No. That would have been a way to make sure it was preserved.
K-Is it your opinion that Mr. Cooper deleted the single cookie and shredded it? C-It is possible. K-You know BC has a degree in comp sci? You think he would go to time/trouble to clear that ONE cookie but fail to get rid of temporary internet files?
K-Did you evaluate routers? C-No. K-Any other hardware? An external hard drive, thumb drive...
Boz--OBJECTION! DUMB QUESTION...

More later....re:time stamps and CSA logs....

Thank you. So they didn't have the smoking gun until 3 weeks prior to testimony. I call BS on that one. They supposedly expedited the forensics on the thinkpad before the custody case. So how did they go to trial without the smoking gun?


And seriously...every file during the 41 second search had an invalid timestamp? Wow. And no cookie for the visit. Great point by Kurtz about him deleting the cookie but not the tif. I wish I could have seen this. I'm more confused than ever about this search. I sure wish we could see what Jay Ward found.
 
  • #510
staticmap


This is a google map of Manhattan at a 12. (can be overlayed as sat. photo if wanted)

staticmap


This is a google map of Manhattan at a 14. (Same)

The google was an 11/default? So, one step up from the first photo. (To the sky, not to the ground)
 
  • #511
Interesting. So a missing cookie related to google ads, but it may not be missing, and if it was missing it may not have been found. Confusing.

The zoom level can be as high as 21 (building detail), but not all maps have that level of zoom. The map that Brad looked at was probably set to 12, so 11 would have been almost full zoom. Again, in this google map type, there is still no bmp file extension.

http://code.google.com/apis/maps/documentation/staticmaps/

When Kurtz asked if 41 seconds was long enough to decide on a body location, the response was that 41 seconds is a long time. That's not a very good answer.

It sounds like the expert was not as confident as he could have been.

Actually I thought it was not necessarily a dumb question but the wrong question to ask the witness for the truth of the matter. How would he know why Brad was searching that location?
 
  • #512
I respectfully request that you purchase a sports bra and put it on, and have someone drag you.

LOL! Couldn't we arrange for FullDisclosure and her good sported husband to do that?
 
  • #513
I could be wrong, but I believe that Call Manager Express can run on the [possibly existent, possibly not] router itself.

Thanks, I wasn't aware of that. Can any of our Cisco friends confirm this?
 
  • #514
Okay. Wife killers don't like to leave their dead wives naked, I get that part...like, they might want to cover up some small part. Nancy had a rolled under bra on her person, indicating someone put it on her. I get that part too.

2+2 = 4

And with all the supposition that goes on - isn't it easy to suppose that perhaps he was fully dressing her in the running garb (you know, to make the story seem more real) and quite possibly a fussy 2 year old woke up at 4:00 a.m. and wanted some milk, right when he was just getting the bra on her, and then dang nab it, the child just wouldn't go back to sleep for a couple hours - cutting into his redressing time??!! Isn't that at all possible?? Seems possible to me. Surely he wasn't going to continue dressing his dead wife while his two year old watched??!!

;)
 
  • #515
Thank you. So they didn't have the smoking gun until 3 weeks prior to testimony. I call BS on that one. They supposedly expedited the forensics on the thinkpad before the custody case. So how did they go to trial without the smoking gun?


And seriously...every file during the 41 second search had an invalid timestamp? Wow. And no cookie for the visit. Great point by Kurtz about him deleting the cookie but not the tif. I wish I could have seen this. I'm more confused than ever about this search. I sure wish we could see what Jay Ward found.

That's what I said about the cookie deletion but not the TIF. Kurtz needs to stop stealing my moves! ;)
 
  • #516
Interesting. So a missing cookie related to google ads, but it may not be missing, and if it was missing it may not have been found. Confusing.

The zoom level can be as high as 21 (building detail), but not all maps have that level of zoom. The map that Brad looked at was probably set to 12, so 11 would have been almost full zoom. Again, in this google map type, there is still no bmp file extension.

http://code.google.com/apis/maps/documentation/staticmaps/

When Kurtz asked if 41 seconds was long enough to decide on a body location, the response was that 41 seconds is a long time. That's not a very good answer.

It sounds like the expert was not as confident as he could have been.

I will add that at some point in the testimony, C turned to the jury (in dramatic fashion) and stated that he believed that BC did a google search to find a place to dump his wife's body.
 
  • #517
Or it could be that an anonymous person sitting behind a keyboard is jerking some folks' chains by acting like he/she has "inside info" since it provides cheap entertainment and really costs him/her nothing to jerk said chains. Just sayin.

You know, that's possible. But my intuition tells me he was bursting with wanting to let on that he knows something, because he does.
 
  • #518
11/default would not be a very significant zoom on google maps, fyi.

My understanding is that each zoom doubles the size.

Maps on Google Maps have an integer "zoom level" which defines the resolution of the current view. Zoom levels between 0 (the lowest zoom level, in which the entire world can be seen on one map) to 21+ (down to individual buildings) are possible within the default roadmap maps view.

Google Maps sets zoom level 0 to encompass the entire earth. Each succeeding zoom level doubles the precision in both horizontal and vertical dimensions.

http://code.google.com/apis/maps/documentation/staticmaps/
 
  • #519
Thanks, I wasn't aware of that. Can any of our Cisco friends confirm this?

Yes Call Manager Express can run directly on the router.
 
  • #520
I was shocked to see a witness post, before a verdict. This discussion about AL/book, is nothing compared to a witness posting on a forum during a trial. I personally think the judge would 'you know what' a brick if he discovered a witness posting to a message board. You saw the fit he had about tweeting.

I don't agree with him doing it, but he posted nothing about the evidence in the trial. He was basically trying to clear up the misconceptions being posted in here about him.
 
Status
Not open for further replies.

Staff online

Members online

Online statistics

Members online
53
Guests online
5,380
Total visitors
5,433

Forum statistics

Threads
633,614
Messages
18,645,070
Members
243,613
Latest member
S. Boss
Back
Top