Would the local feelings be the same if they weren't so close to Raleigh and the Duke situation? Did that turn everyone in NC against LE? Just wondering. I can see where the CPD probably spent too much time with Brad being a dipstick. Frankly, I think it should have been about a 3 week trial. One week spent by pros on Brad's means and motive. 3-4 days on the technical evidence. A week or so on the defense.... My negative feelings are directed entirely at the CPD, prosecution, and judge in this case, and I've expressed them through the appropriate channels.
I think they had a really good piece of evidence in the google search. The items brought forth here, especially by macd, indicate that the DT was trying to use smoke and mirrors to provide reasonable doubt rather than explaining specifically what occurred with proof it was planted, etc.The jury imo did the best they could with what they had.
I think the letter is pretty close to the jury's thoughts on the process: the google search pretty much nailed him. The tech guy on the jury probably sealed the deal by dismissing the defense's main argument with the timestamps, etc. To me, if it were offered that he did use Vista and he was using a beta version of Internet with the buggy private browsing, then the items offered here pretty much explain that. A retrial will most likely include testimony about the supposed router use on Jul 11.... but I get the sense that most people are simply baffled and would appreciate an explanation.
I think his goose will remain cooked either way.
Oh, and I agree with you that it should have been a 3 week trial. The jury seems to agree with that as well.
The state is the entity that put together the trial (not the CPD). The DA (and the DA's office) decides what to present during trial, decides which witnesses to call, etc. L.E. has no say in any of that. They have, by the time of trial, turned over everything they've collected to the DA's office, including notes, interviews, etc.
The DAs office should have trimmed that behemoth down to no more than 4 weeks, and cut the number of friends testifying down to 4 or 5, maximum.
I know why they hauled in every single piece of evidence they collected and tested--to prove they did collect and test as many items as they could, even though there were no DNA results and the crime scene (the house) had been cleaned, as had the car trunk. To not bring those items in would have the defense screaming "they didn't TEST!" So they had to prove they did, even though there was nothing to be found, forensically. Damned if you do and damned if you don't.
Unfortunately the rules of evidence don't allow you to just show a list of all the items you collected and then say, "but none of them had blood or DNA or anything identifiable, so we're not going to bring each one into court." You have to go through each and every one if you want it to be part of the court record. Tedious as heck though.
I appreciate macd's efforts with regards to the timestamps. I simply don't understand why the "FBI" or prosecution team didn't offer some type of reasonable explanation for them. If these issues with vista and IE are so well known, why wouldn't the people that should know this best offer an explanation. Instead, all we got was "I don't have an explanation as to what happened with those file, but I don't think there was tampering". That was enough for the jury, but not enough for a lot of people following this trial.
I too wonder why the prosecution team did not offer reasonable explanation for the timestamps. Personally, I believe the prosecution "experts" truly were not experienced enough to render a detailed explanation so they said they did not think it was tampering. After all, the expert witness is allowed to render an opinion based on their knowledge and experience. It never says how much knowledge and experience are required. IMO, I believe also that the prosecution was afraid of something on the computer that might cause the timestamp to be questioned strongly. I have never seen a prosecution fight so hard to keep testimony out of a case.
Neither side offered well formed conclusions on the data.
State expert: Don't know.
State: Window's is buggy.
Defense expert: Makes me want to dig more.
It makes me a little scared for our country's (or at least county's) judicial system. The lawyers, judges, juries, and even experts do not seem well equipped to deal with digital evidence, at least from this techie's point of view.
I'm not sure what the right answer is. I watched the DNA presentation from the OJ trial where they spent 2 weeks over-presenting the science of DNA to a non-scientist jury. It was a disaster. I'm glad that the lawyers in this case did not put on a 2 week class on software and operating systems, but I think they should have given a little more background.
I do think the defense was able to put their best theory and evidence forward. Kurtz did a good job getting the evidence in through JW and in his closing arguments. Even better for him, he was not subject to cross examination. I think had GM taken the stand with his half-formed opinions, we would have been embarrassed on cross exam.
I also have no doubt that the general population in NC question more strongly LE, prosecution, and even judges now than they did before the Duke Lacrosse case and use of cameras in the courtroom. Have they turned on LE? I don't think the majority have, but people, justifiably so, legitimately and understandably question what happens in a case, from A to Z. This site is living proof that people are extremely interested and concerned about our law enforcement and judicial system. Otherwise, we would be out shopping, playing games with our kids, or just watching television or movies-------anything but debating and exchanging ideas from courtroom cases. IMO, this pressure from the public requires LE, judicial system, and all experts surrounding a case to be extremely accountable for every action, test, or set of notes made in a case.
I followed this case closely, and I thought it was obvious that, while somewhat bumbling, the DA and detectives were honest and the evidence genuine and damning.
For both cases, everyone I know in meat-space was only vaguely aware the cases were going on. They only saw the one-minute sound-bites each day from the local news. Other than on the Internet, I have not met anyone who feels strongly one way or the other for either case. And I look for people to talk with me about this stuff. :-)
slide of the timestamp info for the cursor files.
I think it is clear that the correct time for these files is 7/11/08 17:14 UTC.
I don't think it needs further explanation.
The time was corroborated by other personal computer activity before and after this time.
The time was corroborated by witnesses placing him with the computer at that time.
The defense did a yeoman's job finding questions that they could not answer in that data, and trying to lead the jury to the conclusion that this somehow creates doubt.
But really? Can you look at that slide, understand the corroborating details, and genuinely believe that these files are anything other than a by-product of a search done at 7/11/08 17:14 UTC? Really?
What is common sentiment you find?
I hate when I run into a "something must have happened" person, even to this day. I don't think the degree of police and prosecutor misconduct ever came through to people who did not follow the case closely.
MACD, i still can't see your slide very well. I have seen several slides but not sure where you found that one. Not disputing your opinion or your source, just wondering where this slide originated or if you had a clearer image of it. Honestly, MACD, I am not a computer expert and I was not in court for all of the evidence that was presented during the blackouts.
It shows the eight timestamps for two files. Seven of the eight timestamps are valid and consistent with the files being part of a google search done Friday before lunch. One timestamp is described as "invalid", but no information was offered how or why that timestamp is invalid.
If the evidence was planted the planters were clever enough to get 7 timestamps correct but missed one, I guess.
I don't think enough information was really provided by either side to say the files were or were not tampered with in any way . In everything I have seen the discussions have all been around comparing the timestamps to each other and all timestamps being compared seem to be SIA timestamps. It would be better to compare the SIA timestamps to the FNA timestamps which would make it much more clear that things had or had not been changed.
I agree there was no explanation at all as to what they were referring to when they said "invalid timestamps" there are also too many things that can cause a timestamp to be invalid and with no definition of what they meant by "invalid" it was pretty useless information.
I do think it was suspicious that the main thing Boz wanted to keep out of JW's testimony was any reference at all to the registry. There could be some key information in there and I don't think GM had gotten that far into his exam to offer any insight on the registry itself.
Vista throws a lot of monkey wrenches into the picture as well just y virtue of the number of changes done o things like timestamp modification, security permissions, etc. that need to be addressed in reference to the conclusions being made which weren't mentioned at all really.
All in all I don't really have confidence in anything that was presented from either side as far as evidence coming from the laptop. The lack of follow-up with Google to get verification, with Cisco to get verification, etc. make it pretty much a complete failure.
Hoisted with his own Petard
I'm a little bit dumbfounded of the expectation for police to prove that they didn't fabricate this evidence.
The search files on the computer tell the story of zooming in on the cul-de-sac.
The MFT table gives timestamps of when the search was done.
The browser history gives information of what the search was.
The event log gives information that BC logged into the computer shortly before the search.
Other files show BC logging personal credentials into other sites around the same time as the search.
Eyewitnesses have him in his office with his computer at the time of the search.
Sure... it would be nice if there was a sixth form of corroboration, but at some point isn't it just piling on?
If you're not convinced at this point, I don't think a log from Cisco or Google would convince you.
The fact that it is extremely easy to change the date and time, do a search and change the time back combined with the fact that the files and timestamps on the computer do not look like "normal" operations along with a computer that was not properly handled makes the evidence less than crystal clear. To have this fuzzy evidence be the "smoking gun" to convict somebody to life in prison is enough to make me want some sort of clarifying evidence.
I don't understand why having real data and fabricated data occur on the same day seems to be an impossibility to some people. Data manipulation exactly like this happens ALL the time. It is an extremely common security exploit.
If CPD didn't do such a crappy job extra validation might not be as important, but they did do a crappy job, the extra information was ridiculously easy to get and wasn't, if you have a chance for a slam dunk, why not do it?
And who were these phantom eyewitnesses that have him in his office with his computer at the time of the search? The evidence is sketchy enough without added embellishment.
Last edited by SleuthinNC; 06-07-2011 at 03:19 PM. Reason: eyewitnesses
Hoisted with his own Petard