Cooper's laptop was on and connected to the Cisco network until 5:09pm on July 15. That's when the laptop was seized and turned off. Whatever files were updated occurred before, or right at, that time. Once the power was off, no updates could be done to the laptop. A computer that is turned off completely does not receive and send info.
From Kurtz's cross:
Actually, the CSA log shows that the last login to BC's computer was at 6:00 pm on 7/15, which was AFTER BC left the house.
He also began to ask about the CSA log on 7/16 and then Zellinger objected. Sustained.
Then the questions went something like this:
Kurtz: If the CSA log indicates that a malicious package was detected, originating from the home network, would that indicate tampering?
Agent J: Not that alone. It would make me look deeper...
Kurtz: Would it matter if it happened frequently or ONLY ONCE?
Agent J: I would seek detail on the reason for the detection
Kurtz: (Continues to "ask questions" in effort to give info to the jury that got shot down with Zellinger's objection, IMO.)
Kurtz: When were you made aware that we alleged tampering?
Agent J: ? Months ago.
Kurtz: Did you then discuss w/LE how to evaluate?
Agent J: I'm sure I have discussed that.
Kurtz: Would CSA log have helped?
Agent J: Yes.
Kurtz: At any point were you told not to check?
Agent J: No.
Kurtz--then got Agent J to admit easy programs to get into computers, like "following a recipe on a box of brownies." Also got him to admit that it is simple to change times, "like students do to show they turned homework in on time."
Kurtz: From the files/cookies on the computer, it doesn't appear that BC ws cleaning files. Old files are on the computer. Is that correct?
Agent J: Yes, old files. Doesn't appear to be "cleaned."
