Monday, January 12, 2015

THE TRUTH ABOUT THE PORN PART TWO -- A Case of Violating The Duty Of Candor

Some of the shared testimony on this site comes from Beth Karas on crime.  Subscription to the site is well worth the nominal fee of 5.99 per month because BK provides a detailed account of the trial. It is a month per month subscription so if you don't like it - no commitment.   She also has the journals on her site and will be providing the transcript of JA's secret testimony as soon as it is available.  I recommend her site for anyone interested in details of the crime.


On January 8th, 2015 the defense presented a new witness who testified under secrecy.   He was identified via the pseudonym "John Smith (JS)".   JS' testimony included some facts already known from the motion Nurmi filed on November 10th, 2008.  Other facts were already known via the testimony of witnesses in the three-part hearing initiated on November 21, 2008.  Per Js' testimony,  additional facts have been released which indicate the Defense was possibly aware some of the information presented on their motion was inflammatory manipulation of the facts to promote a lie.  When considering the picture as a whole, it does not look good for the defense attorneys or their client. It points out the Defense may very well be in violation of their duty of candor.

Basically, a duty of candor is the rule of professional conduct which prevents a lawyer from knowingly and purposefully lying or allowing a witness to lie:

 " the lawyer must not allow the court to be misled by false statements of law or fact or evidence that the lawyer knows to be false".

  
So,  a lawyer cannot say a piece of evidence is something else when they know otherwise.
 
 IE - the can't file a motion indicating that multiple porn hits are user accessed if they have a report in hand which says the site hits are malware caused
IE  they can't make the claim porn disappearing in 2009 is the State's  targeted attempt to impede a client's sex-related defense when the client never changed their defense to sex-related issues until 2010.
IE - they can't lie about never being told about the existence of a 2008 hard drive when they have a report on the examination of said hard drive and it's dated 2008.
IE they can't continue to lie in front of a new judge and claim they were refused a copy of text messages in 2008 when the truth is the technology to print out the 20,000+ text messages never existed until 2011  when they had been told this before
IE they can't claim they were told by the detective those text messages never existed in one breath and claim he told them he never took pictures of those text messages in the next. 

When a defense attorney does all of those things,  they are in violation of the duty of candor.  




"CHANGES TO THE COMPUTER"

JS stated on June 10th, 2008 changes were made to the computer
  • The computer was in sleep mode.
    • The MDP policy does not prohibit waking a computer up from sleep mode
      • E. Flores is aware of the MPD policy
      • E. Flores is not a computer technician
      • E. Flores had no reason to believe waking the computer from sleep mode would destroy evidence
        • No violation made in policy.   
NO POLICY VIOLATION = NO NEGLIGENCE
    • At the time the computer was 'woke up',  Arias was not an official suspect
        • No sex-based link to the crime = no reason to tamper
NO STATE MOTIVE = NO INTENTIONAL CHANGES ON 6-10-2008
    • JS was able to find porn during his inspection of the hard drive.No evidence was lost.  In order to uncover porn, he had to do a more intensive inspection than what is considered the industry standard for forensic investigation.
      • State follows the industry-set standards for their investigations
        • They are not mandated to go beyond the standard policy. To do so is called due diligence.   Due diligence to show innocence during a criminal trial falls upon the defense team, not the State.  By the time the case hits trial,  it is the job of the State to show why the accused is guilty; it is  not to continue to investigate her innocence.  If the charges were made,  the State had already decided her guilt.
          • The DT is the one who has to go above and beyond to make JA innocent,  not the State. 
      • JS' report shows the same porn they found in 2014 was on the 2009 Lonnie Dworkin copy
        • Finding porn on the 2009 copy means it was not lost in 2008
        • means the DT had the capability of finding it - they just chose not to dig any deeper and accepted Lonnie's findings.
        • Lonnie used industry standards and did not find "all that porn."
          • DT did not 'dig deeper'  in 2009 - they had the due diligence to do so.  The State did not.
          • DT is at fault for not going beyond the industry standard and is trying to put the blame on the State because it's the only way the evidence can benefit her with a new trial or removing the DP
            • GET IT NOW? 
JS FOUND PORN = NO EVIDENCE LOST
DEFENSE FAILURE OF DUE DILIGENCE = DEFENSE FAULT,  NOT THE STATE

    • JUNE 10th CHANGES ARE IRRELEVANT
      • Flores followed policy = no neglect
      • Arias was not a suspect = no intentional actions against her
      • Porn was found on the drive = no evidence was lost 


JS stated on June 19th, 2009 'changes' occurred on the computer.

JS finished his inspection of the computer in October 2014. He wrote a report which was turned over to the DT.  The DT had this report before they filed their motion,  and used parts of it to support that motion.  JS' report supports the DT should have known their claims of prosecutorial misconduct were not true.   Nurmi specifically wrote "This was not some sort of inadvertent forensic error."  The JS report supported that was exactly what it was.  The report supports Nurmi should have known and filed his report anyways.    The defense is in violation of the policy of duty of candor. 
  • Nurmi wrote his motion to give appearance as if the changes in the computer occurred over a 3 hour time
    "Specifically,  recent forensic analysis has shown that between the times of 13:56:19 and 16:51:34 1000's of files were deleted from Mr. Alexander's computer".
    • When he wrote this,  Nurmi should have known that it was only 12 minutes in which 1000's of files were changed.  His information came  from the same report  Bryan Neumeister (BN)  read.  BN was the DT's  'contact'  person: 
      • BN: "Computer was turned off at 3:10 pm on June 19, 2009. It was on for 12 minutes"
      • JM: If someone testified that it was on for hours, they would be wrong?
      •  BN: It wasn’t on for hours
        • Why is Nurmi giving the impression the computer changes occurred over 3 hours?
          • Because in 12 minutes a human user cannot delete 1000's of files from a computer without the help of a program  
    • Which defense witness lied about the length of time the computer was on?   BN's testimony does not match JS's. (per BK's site ):
      • BN It wasn't on for hours.
      • JS - "I don't remember what time I told you it was powered off. (Now says 23:07:09 was the last modification which is 11:07:09 p.m. This was 7 hours later. He's says he's sure because he's looking at the data)"
    • JS' testimony does not even match his own
      • JM "Didn't you tell me the application ended abruptly at 16:09:58 on June 19, 2009? 
      • JS Yes but it doesn't mean it was turned off. There were no more modified files."
      • JM What ended at 16:09:58? 
      • JS The modification of a file
      • JM: You indicated to me that it was turned off at that time? 
      • JS: I wouldn't say that it was shut off, only that it was the last modified files but I see a few more modifications after that.
    • And JS' testimony does not match the DT's claim in the motion
      • Now says 23:07:09 was the last modification which is 11:07:09 p.m
      • recent forensic analysis has shown that between the times of 13:56:19 and 16:51:34 1000's of files were deleted
        • The chain of custody shows this computer was placed back in evidence around 17:00.  The time JS is claiming the computer was "still modifying"  no one had it. The computer was off. Prior testimony via the defense team stated a "hard shut down"  occurred.  For it to be "turned back on", it would have had to been signed back out and this would have been apparent in the log books.  
        • Multiple evidence differs from JS's claim.  Can JS be considered credible as a witness?  No,  at least not to the time the computer changes occurred on June 19th.  
DEFENSE WITNESSES STORIES DO NOT MATCH EACH OTHER = ONE IS NOT TELLING THE TRUE FACTS OF THE CASE = LACK OF CREDIBILITY FOR BOTH
  • Nurmi also wrote in his 11/15 motion  porn was targeted and intentionally removed by the State. 
    • Amongst the files that were deleted are several that are easily recognizable as pornographic websites and therefore demonstrating the purposeful nature of their (the State) targeting
      • Nurmi knew Jodi's defense on June 19th had nothing to do with sexual deviancy.  He knew there was no way for the State to foresee the future and know she would eventually change her claim.
      • There was no motive for the State to remove porn from Travis' computer on June 19th, 2009 because there was no sexual defense at that time.
      • Prosecution demonstrated obtaining a murder 1 conviction was more important to them then maintaining Travis's reputation.
        • Arias gave an "or else"  demand for a plea bargain for Second degree murder.   Either she got 2nd degree murder or she would air Travis's dirty garments.  
        • The prosecutor basically said "go ahead,  murder 1 stays".  
        • The prosecutor would not have risked his murder 1 charge just to remove non-related porn off the victim's computer.   Porn is not illegal.
NO CLAIM OF SEX-RELATED CRIME = NO KNOWLEDGE IT WOULD BE USED = NO NEED TO TARGET AND REMOVE PORN
  • Nurmi added that the files removed were exculpatory in nature and claimed the State knew this too. 
    • demonstrating the purposeful nature of their (the State) targeting and their (the porn) exculpatory or mitigating value."
      • Nurmi was aware that any porn found on the computer could not have been exculpatory (supporting innocence) or mitigating (lessening responsibility) in nature in 2009 because her defense did not include the sexual deviancy claims. 
        • thus the prosecutor had no reason to remove them  
      • Nurmi listed those "purposefully targeted porn sites" in his 11/14 motion.   The dates of those "targeted sites"  which held "exculpatory" value fell between May 28-June 10th.
        • JS' report indicates that Nurmi was aware that some,  if not all of these sites were malware hits.  The truth is they are all malware hits because every single site he listed had daily "hits'  before June 1st and continued after June 1st.  
          • JS' report indicated the hard drive was wiped on June 1st and there was NO FURTHER USER ACCESSED PORN VISITS.
          • "Firefox is made by Mozilla. You looked at history on June 2, 2008 and there were no porn sites visited? 
          • JS - Yes--no visits to porn after June 1 
NO SEX-RELATED CRIME LIE =  NO MOTIVE FOR STATE TO REMOVE PORN

HARD DRIVE WIPED JUNE 1ST + NO FURTHER PORN HITS = NOT OVERTLY OBVIOUS = STATE NOT AWARE = NO INTENTIONAL ACTION
  • Defense team witnesses supported that the prosecutor made no changes to the computer on June 19th, 2008.
    • Gilbert McReynolds testimony
      • 1:40 GM never saw JM at the computer, touching it, only making those comments --- GM recalls JM asking if there were nude photos of JA on either computer. It stuck out in GM’s mind because JM asked a few times, and he thought it was unusual for him to ask."
      • The witness testified JM only asked if there were any nudes - he specifically stated he never saw JM at the computer or touching it. 
      • Flores was never identified as being in the computer.  If GM overhears JM asking someone if they can see nudes of JA on the computer,  the only ones he could be asking are members of the DT. 
      • Nurmi ignored the testimony of his own witness and stated in his closing
        • "The current egregious conduct deals with the fact that JM was on the computer looking for nude images of JA
          • Nurmi's witness specifically states JM asked about,  not was looking for those images.  

The evidence supports Nurmi knew his charges of prosecutorial misconduct were false at the time he filed them.   
How is he allowed to get away with such egregious conduct?




THE SCRUBBER EVIDENCE
Through JS' testimony, the multiple 'cleaners'  on Travis's computer was brought up to the jury.   The defense team was trying to give the impression the 'cleaners'  were  related to Travis trying to hide his tracks.   

  • BN's testimony  " If you have these, it means you’re looking at porn and trying to cover tracks" 
  • The purpose of cleaners/ scrubbers
    1. To speed up the computer
      • The number one reason a person uses a cleaner is to speed up their computer
      • Laptops get slow with age and some ppl believe using cleaners such as CCcleaner help remove files fragments which slow down a computer
        • While searching for a cleaner, sometimes the novice user will unwittingly download malware disguised as a cleaner.
          • opens up the user to getting more malware
    2. To remove unwanted programs and malware
      • Many malware programs are very difficult to remove and can remain after a cleaner is used. 
        • often Malware has to be removed manually
          • a novice user would not know this
        • prompts the user to download more cleaners. 
          • downloading more cleaners raises the risks of downloading fake malware cleaners.   Fake Malware cleaners will not work.  It means the user must download more cleaners to remove the initial malware program and any new ones added.
    3. To hid one's tracks
      • Travis was a novice computer user.  He was not computer savy
        • Hired a friend to 'clean-up'  his computer in 2007 after a roommate used it for porn
          • Travis did not know how so he had to ask someone else
        • Given his lack of computer knowledge,  if Travis was using a cleaner to remove porn he would only have needed one program.  And,  he would have stuck with that one program he thought worked. Only a computer savvy person understands that just erasing files with a cleaner does not mean it is gone per forensic standards.   The defense has tried to paint Travis as someone who understood "all that porn"  could still be found hidden out in small files in the registry and history of the computer so he downloaded multiple cleaner programs.   It's a ridiculous implication to make about a man who could not even manually remove malware from his computer.
CLEANERS LEGITIMATE=  WORKS  = ONLY A FEW DOWNLOADED

CLEANERS FAKE =  DO NOT WORK = MORE DOWNLOADED = INC. RISK OF MORE MALWARE = NEED FOR MORE CLEANERS

RESISTANT MALWARE = CLEANERS DON'T WORK = MORE DOWNLOADED = INC. RISK OF MORE MALWARE = NEED MORE MORE CLEANERS

Travis wasn't trying to hide his tracks;  he just got in the vicious cycle of the do-it-yourself user who made the mistake of trying to clean his computer on his own.  Ignorance,  not perversion, is the reason for the multiple cleaners.

DATES OF CLEANERS?

  • The defense never shared what the dates of the downloads of "all those cleaners"  were.  What they did share  were dates of cleaning but not what  cleaner it was and the download date of the cleaner.  
    • Was it one particular cleaner Travis used before the malware attack on his computer?
    • Does the download dates for the majority of the cleaners coincide with the time Travis' computer became infected w/ malware?
      • If the answer is yes,  it provides an explanation for "all those cleaners"
        • He was trying to do-it-yourself method of removing malware.
          • hopefully the question as to when cleaners were downloaded will asked


    HIGH VOLUME CLEANER DOWNLOAD + MALWARE PRESENCE = MALWARE REASON,  NOT PORN


PURPOSE OF THE CLEANER - WHAT KIND?

In the DT's testimony they lumped all the 'helper tools'  into one category and called them "cleaners."  It has not been shared as to how many of each type of cleaner Travis had.  How many reg cleaners?  How many anti-virus programs?  How many spyware scanners? Etc. They all have different functions.   Additionally,  BN also stated part of "all those cleaners"  included malware disguised as cleaners. How many fake cleaners?

MULTIPLE CLEANERS IN THE FORMS OF SPYWARE SCANNERS AND ANTI-VIRUS PROGRAMS = INFECTION,  NOT HIDING TRACKS
  • An estimate of how often Travis cleaned his computer was not shared.  All that was shared is he cleaned it "a lot".  However,  "a lot"  could be for multiple reasons.  JM brings this up:
    JM  Travis ran his business on this computer and that could be why he cleaned it?
    JS Yes
    • Laptops do get slower the more you use one.  Anyone who is a frequent user of a laptop knows this. 
    • Wiki's 9 steps to speed up a slow laptop:
    1. Uninstall unnecessary programs
    2. INSTALL AND USE A GOOD REGISTRY CLEANER
    3. CHECK YOUR COMPUTER FOR SPYWARE -must load up another 'cleaner'  ie spybot to do this
    4. INSTALL ANTI-VIRUS SOFTWARE - another 'cleaner' 
    5. keep big files off the desktop
    6. disable windows aero
    7. upgrade your memory
    8. use paging file size
    9. use all cores

To a novice user like myself,  most of those "suggestions"  are beyond my understanding. But even a novice user can understand 1-4.  Travis was a novice computer user.   He had to hire a friend to work on his computer in the past.   In 2007,   Travis had an issue with his roommates using his computer for porn.  He hired Taylor Searle to come in and clean it up for him.  Travis couldn't do it on his own because he didn't understand computers. If Travis doesn't understand computers,  how is he going to know porn remains after a cleaner is used?  Given his limited knowledge,   after the use of one cleaner Travis would have had the impression the porn was gone (if he used it to hide porn).  If Travis thought his tracks were erased,  there would be no reason to download more cleaners.

Travis's porn-viewing roommates eventually moved out.  Even though he was burned once,  Travis kept his computer open to others.    Jodi was one of the people who often came over and used his computer. He had reasons to not trust Jodi,  but he still let her have access.   His computer was a communal computer with multiple people using it.  The more use, the slower a laptop gets.   The remedy is to clean it frequently.  



And,  could it be since he was burned once with other users viewing porn Travis was 'playing it safe'  by cleaning frequently?  Travis was trusting generous guy and wouldn't tell people 'no'.   However,  being burned once by room mates viewing porn,  it's possible Travis decided frequent cleaning was needed just to be on the safe side.

The point, which I am trying to make, is there are alternative reasons why a person may clean frequently.  I have named three not related to hiding one's tracks: work related,  a slow laptop  and to remove what others may be doing.   The presence of cleaners on his computer does not necessarily mean hiding porn.   If it did,  I would be considered "guilty" of it myself because I have CCleaner that I use frequently because I do a lot of research with my laptop.
   
Just because Travis had cleaned his laptop does not mean it was to remove bad activity.  
I say show me proof it was due to an excessive use of porn.  If the defense is making this claim,  they have a duty to back it up with the evidence and not speculation.   But they cannot.  All they can say is "The items were erased and we don't know what was erased."



THE PORN SITES
Multiple porn sites were discussed.

JS found no evidence of pornographic pictures ever being downloaded on Travis' computer.  It would be unusual for a man who was a sexual deviant porn addict to not have even one picture file of a naked woman.  According to Jodi,  he took pictures of his penis and they shared in previous naked photo shoots.  Yet,  not one pornographic image could be found on his computer.

Furthermore,  if Travis was truly a pedophile his sickness would have made it necessary for him to download any pornographic images of child he found to his own computer in order to maintain them.  The FBI is always on the look-out for child porn sites,  so those sites are short-lived.   They are also very hard to find and often the links to such sites are shared through chat rooms.   If he was looking,  Travis would have eventually came upon a short-lived site which would have made it necessary for him to download the pornographic pictures in order to assure access to meet his needs.   Pedophilia is a sickness and these men and women do very stupid things to feed that sickness.  The lack of picture evidence on Travis' computer supports he was not a pedophile.

What the DT did find was evidence of pornographic websites being accessed.  Many of those accessed sites have already been shown to be "malicious sites"  in "Truth About Porn"  part I.   The defense team cited another "100sexlinks.com".   But that site,  like the rest,  is just another malware redirect malicous site.   

  • 100sexlinks.com
    • BLACKLISTED by Shalla Secure services as Spyware domain
    • distributes CWS spyware
    • on hosts list of Spybot S&D
      • means any computer 'immunized w/  Spybot S&D would not connect to the web page
        • Spybot S&D replaces the IPS address of the "block site" in the HOSTS files  with a dummy IPS so no connection can be made
          • it is done because spyware like CWS can be downloaded by just visiting the site - "drive-by'  installation.
    • Travis computer had Spybot S& D on it.  It was immunized by Spybot and would not have connected to 100sexlinks.com
  • JS stated "Spybot has a dictionary of defintions of malware and viruses"
    • this is the "Block list"  in which Spybot puts the list (dictionary) in the Hosts file and assigns them all the same IPS address.   When the site name is typed in the browser, the computer looks for the corresponding  address in the HOSTS file.   If it is there,  it grabs it and directs the user to the site.  Spybot assigns fake addresses to malicious sites, so when the url is listed in the browser a fake address is grabbed from the HOSTS file.    By assigning fake addresses to malicious sites is how Spybot prevents contact and 'drive-by' installation of malicious programs such as CWS.
    • JS stated that Spybot does not put these sites in the history - true.
      • however,  as per previously explained in The Truth About the Porn part 1,   Malware can insert URLS into the history.
  • JS stated YOUPORN.Com was only visited once
    • However, it was not typed into the browser.   JS assumed Travis clicked on the "link"  via the Alexa toolbar "favorites"  tab
      • if it was not typed in,  how does he know it was not a browser redirect sending the user there?
    • Youporn is a legitimate porn site which was among the top 50 most visited porn site
    • offered porn videos free of charge
      • why would a person who is alleged to be a sexual deviant visit a safe porn site on just one day and then continute to visit malicious sites he could not connect to on a daily basis for 5- 6 days?
    • Youporn.com is supported completely by ads
      • many of these ads are malware in disguise
        • How likely is it a malware author would choose to redirect a user to a legitimate site which provides links to multiple malware containing ads?
          •  It's very likely because browser redirects are one way malware authors make money. (based on the page hits they cause)
UPorn is a site completely supported by ads.  The more ads,  the more money.  The more traffic to their site,  the higher amounts of ads sold.  In order to get more traffic,  Uporn says "Hey Jonnie , get more 'hits'  to our website and we well pay you .05 cents for each person you bring."   So,  Jonnie becomes Jonnie virus writer and forces his redirect browser upon unsuspecting victims.  
    • The other URLS named by JS were accessed ON THE SAME DAY  -It all happened on June 1st. June 1st is the only day that both BN and JS have cited as to having any signs that it could have been user accessed porn.  
      • URLS were  videos linked to three different porn sites which WOT (Web of Trust)  lists as safe to access but loaded with ads which many are Malware in disguise. 
        • These porn sites are dependent upon ads for income as well. 
          • if these sites pay for traffic 'referrals'  in order to stimulate ad revenue,  then a browser redirect author is going to take advantage of it as well

Nonetheless, in the end out of all the "1000's of Porn hits"  BN alleged to,  there is only ONE DAY  which they could only name that could have been possible user access.  The fact both BN and JS only cited June 1st as being "proof of user access"  says a lot.  If there are other days,  why not bring that up?   Wouldn't a trend of days showing possible user access help to show Travis was a 'habitual user of porn?"     So why,   in both their examples of "user access porn"  does JS and BN both name June 1st, 2008 and the same websites?   In my opinion,  it is because it is the only day the DT can link to possibly be user access and they are playing fast and loose with the truth by sticking it in the middle of proven malware hits.  If so,  the defense is in violation of their duty of candor by keeping silent the rest of days are related to either malware or Spybot block files. 


As for the alleged user porn hit on June 1st,  there is no proof who it could have been.  Yes,  it could have been Travis.  Or, it could have been one of the sexually active young men in his house.  And, even if it was Travis,  one day of viewing porn is a far cry from sexually deviancy.   Even occasional viewing of porn does not equal out to be exculpatory in nature.  Due to the sex tape evidence they heard,  the jury was aware of Travis' sexual knowledge when they declared JA guilty.  Finding out the man watched porn would have made no difference in their decision



The DT already knew the limited amount of possible user porn they found would have made no difference.  It is why they tried to lump the malware pinged porn and the Spybot associated links all in one bundle,  wrap it up, and call it Travis.   And,  in case this failed,  they tried claim it was Martinez calling Jodi a liar about porn on the computer which persuaded the jury to not believe her.  They DT has one big problem with that.  Jodi never claimed Travis had porn on the computer so Martinez couldn't have said her non-existent statement was a lie.  What Martinez did say was Jodi lied about the pedophilia and the lack of child porn on his computer supported that.  And,  according to the defense witness JS, there was no child porn found on the computer.   Yes,  JS stated he wasn't quite finished with the 2008 drive, but that doesn't matter.   He stated the 2008 drive was identical to the 2009 drive except for the few changes on June 19th,  and he found no child porn on the 2009 drive. Had he,  the defense would have been all over that by now.

THE DEFENSE HAS PRESENTED ONLY ONE DAY OUT OF MANY THAT SHOWS POSSIBLE USER ACCESSED PORN - JUNE 1ST.    ONE DAY ONLY OUT OF 1000'S OF PORN HITS.  WHAT DOES THAT TELL YOU?



USER PORN VERSE MALWARE PINGED PORN
  • JS never stated that malware/ viruses cannot place porn URL's in the registry. His claim was that it doesn't happen,  not that it can't.   
    • JS "Viruses do not typically log their actions. Virus authors do not want to leave tracks of what they're doing. A virus would not have put a porn url in the registry."
    • "Malware and viruses can overwrite information in the registry but it would be counterproductive to leave tracks."
      •  JS was not able to state it does not happen - because it can happen:
http://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/     (link to part 2 as well)

""Forensic examiners many times rely on the TypedURLs Registry key in order to ascertain certain user-based web browsing activity."
 "If a system is compromised and the malware can invoke the Windows API call RegSetValueEx, specific values can be set in the TypedURLs key.  There are many adware samples in the wild that write specific values to this Registry key, so that the user’s address bar is populated with entries chosen by the malware authors."

What the author is basically saying is malware   can and does place URLs in the registry.

JS identified "Porn hits"  on June 1st which he attributed to being user access.  June 1st is the same date BN claimed was user porn as well.   Per BN's statement,  he knew it was 'user access'  because the URLS were in the history.dat file.    History.dat was once used by firefox but is no longer used.  It is a file which stores browsing history (a record of visited pages). 

BN claimed that because the URL was in the history.dat file it was evidence of a user viewing porn. What he was implying was malware pings to porn sites would not put it there.  But is that true?    It seems the history.dat file is just a file which records pages which were visited.   So,  what happens if  browser redirect malware redirects the user to a website?  One would think once the URL is connected,  it is recorded into the history file because a connection means a visit. 

SO WHAT ABOUT THE CLAIM "THEY WOULDN'T LEAVE TRACKS"?
It's called a PUP (POTENTIALLY unwanted program),  browser redirect adware.  Authors of such get offended when their programs are called malware.   And,  even some anti-virus programs don't recognize them as such.
In the world of BN and JS,  a malware author would fix it so that there are no such traces of their malware in the directory. So,  in their opinions a redirect via malware would not show up in the history or in the registry.    It's already been shown that malware such as CWS does show up in IE history.   However,  what happens if the author of such malware feels their programs are not really malware?   Would they even care if traces of their programs were found?  In fact,  in order to get paid by the websites they redirect to,  redirect writers need to have proof it was them that increased the traffic to said site. 



"Most browser redirects are caused by adware and potentially unwanted programs (PUPs).................software developers who create adware and PUPs take offense to their programs being called malware and will counteract any such accusation with the argument that their creation is actually useful" 

http://deletemalware.blogspot.com/2014/10/browser-redirect-virus-removal-guide.html

The author of the above webpage considers browser redirects as malware. But he states the authors do not.  If they do not consider it 'bad',  why would they hide it?

But, for all user classifications,  browser redirects such as PUPs are malware.  But not the technical classification.   PUPs are called potentially unwanted programs because they do not ask your permission prior to downloading.   They can do it on their own; this makes them malware in the 'ethical' defintion. A PUP acting as a browser redirect does not put malware on the computer. So by the 'technical' definition they are not.  That is why the authors say "no we are not malware." However,  it can redirect to sites which are shady or malicious in nature.  And,  it can redirect to sites with lots of ads; many of these ads are malware in disguise. The author of the PUP makes money for redirecting the user to certain sites so he is going to redirect to whichever site is willing to pay him for the traffic.  And, porn pays a lot to get user traffic to them. 


"The issue is that PUPs and browser hijackers have been developed to create a source of income for the developer and as such they will change your browser settings and your home page to one that the developer wants you to see. Not only this but typing a search query into the search box or a URL into the browser will redirect you, not to the website you want to visit, but again, to one that the developer wants you to go to. " 


So,  a person may type in the URL "www.pugsareus.com"  and the browser redirect says "hey let's go to www.pornhub.com instead because they are paying me .05 cents for each user I send there."   Now,  would a malware redirect  show up in the history file this way?   I do not know, but I have placed some inquiries and am waiting for a response.   

What is known is websites such as uporn are dependent upon ads for their income.  The more traffic to their site,  the more ads they can sell.  And,  one way to get traffic to their sites is to hire people and pay them per referral.   Jonnie Virus-writer takes advantage of this and places links to such sites in his browser redirect toolbar or via other malicious programs.  Jonnie Virus-writer then cashes in each time a person 'connects'  the website. And,  the website owners don't really care.  Each "visit"  bumps up their numbers and makes them more appealing to advertisers.  It's a win-win for the website and Jonnie Virus-writer.  


With so many different malware programs on the computer a malware specialist needs to be consulted.   He or she can name each program, and break down what it does.  He or she can give a clearer picture if the program could have caused the user to go to the associated sites.  No matter the outcome of the findings,  this is something that needs to be a must-do to get the bottom of the truth.  Nonetheless,  it is my suspicion the only evidence of possible user porn is on June 1st, 2008.   If so,   JA's claim the porn supports her sexual deviancy claim is flushed down the toilet.   The majority of those jurors have either viewed porn themselves at least once or have a person in their life who has.   A one day viewing does not mean anything. It is not sexually deviant.

ATTEMPTS TO IMPEDE THE PROSECUTION
Is it what the bogus 11-10-2014 claim is all about?




There was porn found on the computer. It is a fact now.  It is also fact that a large number of the porn evidence is attributed to malware activity and Spybot.   And, it is also a fact the computer was wiped clean on June 1st, 2008 and that is most likely why porn did not stick out to either Melendez or Dworkin.  What is not fact yet is how much of the "porn"  was possible user related verse malware hits.  So far,  we know of just one day of possible user access.



So, how much of those 1000's of porn files was malware related?  How many of those 1000's of porn files were related to Spybot or other cleaners?   And how many of those porn files are possible user access?  To get to the truth, Juan needs to admit porn was on the computer.  The defense has attempted to impede his search for the truth via a red-herring attempt caused prosecutorial misconduct charges.  They are trying to stop him at step one by screaming "See they admit they tampered"  every time Juan says "Yes, it appears like there was porn on the computer we missed."  The defense is taking an inadvertent forensic error which resulted in no cause of harm via the State and making it nefarious in nature.  It was a purposefully placed strategic plan to throw JM off his tracks.  After all,  how is he going to point out the fact a one day hit of user porn is not equivalent to sexual deviancy if it means admitting to missing the porn?   And,  the DT needs to make it look purposeful for best effect.  



The evidence or prosecutorial misconduct will not stick so JM needs to separate it from the retrial of the guilt phase.  He needs to discuss those porn findings and slim down the list issue by issue.  Remove all those malware hits, and all those Spybot immune file lists. With the list which is left,  he needs to correlate the dates of access against the dates the malware first appeared in the computer.  If the increase in possible user access came after the multiple malware,  it is going to support those are malware related too.  Finally,  with whatever dates he has left, if any,  JM needs to show that it could have been one of a number of people who had access to the communal computer.

But how does he do this when every time he turns the corner the DT is throwing out a revised version of the allegation?   It's an attempt to impede his investigation via making it difficult for JM to complete the first step: admitting signs of porn,  be it from a virus or user access,  was there. 





THE MYSTERY BEHIND THE REFUSED IMAGE
more attempts to impede

Remember the raw untouched image JM asked for again and again?  He received "Tony's"  drive and then he kept receiving the work drives instead of the original image.  JM was forced to rely on the defense for a 2014 copy of the hard drive because once they finished with it,  the hard drive could no longer be accessed.  The 2008 hard image cannot be used to inspect BN's work on the 2014 image.  There was no way to verify it was the same as the one BN started with.  And, it's not the same.   JM needs to see for himself how, where, and when those 70,000 files were zero'd out.  He needs to make sure nothing was added,  changed,  and then incinerated after the fact.  He can't do this unless he can see the 2014 image BN made.   The judge ordered BN to turn over the original image several times.  He was to turn it over before the hearing.  And once again at the end of day 2 of the hearing.  Hearing day three started a week later,  and BN still did not turn over the raw untouched image he worked off of.  And, once again he was told to turn it over.  


JM" He (BN) said he had a compressed image and was asked to turn it over. He was asked to do so last Friday and still has not done so."


It is unclear if BN ever turned over the original image.  His story kept changing as to why.  In the end,  he claimed it was an attorney work copy.  However, even the judge told him it was not what he stated before. And, it was not:

.
JM: You went to the Mesa PD and created 3 clones? 

BN: 2 of the compaq presario (Travis's computer) and 1 of the other.
BN 
 I made an image of the drive


EXCUSES MADE FOR NOT TURNING OVER THE IMAGE
The grabbed the wrong one excuse

Tony Klump is the person who used FTK. When he made the first clone, the FTK grabbed the wrong image.(The Tony clone)

The "Tony did it excuse
"
BN says he’s already provided a copy of the clone he worked on. But he didn’t provide a clone of the first time he imaged it-
JM-
 In order to conduct a test, we need exactly what he used to arrive at his conclusions (THE UNTOUCHED IMAGE) BN-I already turned it over. I didn’t verify it myself. Mr. Klump said it’s an exact clone of the second clone.  BUT IT WAS NOT THE UNTOUCHED IMAGE

The "I won't be home excuse"
BN was leaving for a capital case on Sunday so he didn't have time.
JM didn't believe him and said "verify it"

JSS said "Just do it on Weds 11/26 when you return"

DECEMBER 4th - BN was ordered to make an image on 11/26.  But he did not.

THE IMAGE IS COMPRESSED SO NOT USEFUL EXCUSE

 JM wants to know why the image wasn’t turned over.
 JM says the court’s order was to turn over image

BN  The image is compressed

THE USE YOUR OWN EXCUSE
(argued multiple times)

JM wants a copy of the exact image that BN took–not BN's work product
JW 
They’re asking for something they already have (NO, they have a 2008 image,  they want the 2014 untouched image DT made)

THE IMAGE IS ENCRYPTED EXCUSE

BN  I made an image of the drive. The image is encrypted. First visit was an image–compressed file.
JM Your image has not been copied and turned over to the state?
 Judge orders him to copy it
 BN says fine–but it’s encrypted and you won’t be able to open it. A code is needed to open it.

THE USE LONNIE'S DRIVE EXCUSE
JM: I want an exact image of your compressed image that can be unencrypted
BN: I don’t see what possible reason you want this because everything you could possibly want is on the drive that you gave Lonny.

THE IMAGES ARE GOING TO TAKE AWHILE EXCUSE

 Judge wants BN to provide the images
JW doesn’t know when they can be available. It takes several hours to make an image.

THE IT'S AN ATTORNEY WORK COPY EXCUSE"
We interviewed BN.  He did not refuse to turn over the encrypted copy. That copy is not an image of the hard drive. It’s a specific request to go into certain files the defense was interested in. It’s our belief that it’s work product because it highlighted what we’re interested in. The State does not need it. They have their own copies of the images. It’s not that BN refused; it’s that we believed it is work copy."

And, it was with that excuse the Judge said "BS".  She pointed out it is not the same claim BN made previously.    A transcript of the interview between BN and the DT was requested.   It was not available.  The DT was supposed to provide the Judge with an audio recording of the interview in which BN stated the image was an attorney work copy.  They needed some time to get it together.  The outcome of the inquiry is unknown.  However,  it leaves me wondering something.  Can a recorded conversation really be verified as to happening on a given day?  Or, could someone go back and re-record it to make it fit better with past statements in an attempt to cover up a lie?  Bryan Neumeister is an audio visual forensic specialist..... Interesting thought.....

It is still unknown if the State ever received the raw untouched 2014 image made.  However,  with so much effort put in via the defense to avoid giving it,  it's highly unlikely it was provided.  So many excuses can only make a person go "hmmmmm?"    One can't help but to wonder why the original image was not shared after the hard drive was broken.   It's obvious there is a reason beyond the multiple excuses given,  but what is it?

Did the DT fail to make an image before they started their investigation and then broke the hard drive?  If so,  it is very bad for DT as it reduces the credibility of the witness.  After all,  an expert understands the first thing that is done before a computer exam is to immortalize the data on record.  It also looks very bad for a forensic specialist to make such a mistake.  It puts a black strike on his business resume.  The failure to preserve the evidence prior to beginning would be an error in the best interest of all to hide; especially if the witness states "the number one rule is to change nothing." 


Perhaps it is because there is something which only shows on the 2014 original image which shows the DT claim of State misconduct or "lots of porn"  is complete BS.  

Or,  is there something on the 2014 image which was doctored to make more or all of the malware related porn look like user associated porn and then incinerated?

But maybe it was just a delay tactic in order to prolong the hearing so the charges of prosecutorial misconduct would impede JM's ability to cross-examine the witness. 

The only way the answer can be given is if the DT shares that 2014 image -- if one was ever made that is. 


The defense delayed and possibly never even provided the untouched raw image.  JM can't make his own because the drive was not functional when returned.  It means the only way he can do his own investigation is by using those work drives BN turned over.  But, the defense is now attempting to stop him from doing that as well. 

"There is argument about the defense motion to preclude the state from asking this witness about the work copies of the hard drive.JW  argues that BN never worked with the 2008 drive that JS is testifying to. More important, they are work drives and are not meant to remain in pristine state. To question about the work drives will mislead the jury and confuse them."

JS studied those work drives and found no child porn and only pointed out one day of what could be user accessed porn.    His investigation using those work drives was completed.   Because it was completed,  he would be able to state if he found child porn . He didn't.  And JS would be able to point out exactly how much seemingly user porn he found.  It was one day - June 1st (from the trial information thus far).  He can't use the excuse "there might be more because I did not have enough time to look."   However,  if his questioning was limited to only the 2008 drive,  it is an answer he can "honestly" provide because he had it for a relatively short time.  



The defense does not want the "work drive" in because of that incinerator which was found.  Their claim is the changes on the work drive will confuse the jury.  Well,  to remove the confusion the defense only has to do one thing- provide the 2014 image they made.   If their claim is true,  it would show nothing other than malware was lost when the incinerator was used. Even with this benefit to the defense,  the original image has not yet been presented.  It makes one wonder why. 

  


THE WITNESS SHUFFLE

At the end of the three-day hearing, it was obvious Juan knew BN was full of hot air. In truth,  it was probably Dt. Smith who said "Juan,  this guy hasn't got a clue of what he is talking about.  Let me tell you....."   And D. Smith would have been correct.  Bryan Neumeister's specialty is audio-visual forensics,  not computer.  There is a difference, and it's a major difference.   

 In his closing,  JM made note of BN's lack of expertise.  JM's interview supported he was correct in his analysis.  BN could not answer the computer specific questions.   He couldn't even explain what the well-known Smitfraud malware did.  BN stated "Go ask John Smith."   Understanding what the Smitfraud malware was  important.   It explained how  Travis got some of those extra scrubbers on his computer.  Smitfraud tricks the user into purchasing fake anti-virus and fake antispyware programs.  These programs do not work and the result is the user needs to purchase more.  An investigator must understand malware to conduct a proper investigation.  BN did not. 

  Nurmi attempted to berate Juan for it.  His claim was BN was qualified and tried to offer BN's audio-visual work for the county and federal attorney as proof. "The country attorney hires him, and the federal government does too".  However,  I wonder how long that will hold to be true given BN's antics in the hearing.   Hopefully, JA paid him well enough to cover the loss of that income.

Evidence of Incompetence


JM requested to interview BN further because he was listed as a witness in JA's guilt retrial.  There were things BN stated that just did not add up. When BN was finally made available for an interview on 1-02-15,  the reason for JM's suspicions about BN was clear.  The interview with BN confirmed JM's claim that BN was not competent to testify about the computer.   

When BN was asked how he could tell when a file was deleted he said "Go ask John Smith (JS)"
When BN was asked about the June 19th turning on of the computer he said "Go ask JS"
When BN was asked about the file downloads on June 19th he said "Dunno,  ask JS"
When BN was asked about how the computer was turned on/off he said "Dunno, ask JS"
When asked who told him about the times and the shut down he said "JS"
Who made the EO1 file "JS"
Who knows about the malware "Me, not too much, ask JS"
What do you mean by "redirecting"?    "Eh... er... ask JS"
"Tell me about Smitfraud".... "Eh... I know some but ask JS"
When was Spybot S&D installed?   "EH... ask JS,  I gave them the list"
Does visiting a internet site go into the registry?  "EH.. no.... eh.... history.dat.... eh.. ask JS"
Was everything shredded from purchase to June 1st?  "...ask JS - put it this way, there is nothing in the history.dat file prior to that"
How do you know if it was shredded if it is not there?  "Ask JS"
When was the first porn entry?   "Ask JS"
Later that day at 4:57 pm 1-2-2015 Nurmi sent an email.  It stated they were pulling Neumeister from the line-up on 1-05-2015 and replacing him with JS.  It was the first time the state was told JS would be testifying.   The short notice gave JM little time to prepare.  However,  in good faith he still tried to make it work.   He requested an interview on 1-04-2015 at 8 am.  It was only one day before the testimony, but JM believed an early interview would give him the time needed to prepare.  The defense refused to be accommodating and basically stole two hours of prep time from JM by insisting an interview could not be done until 10am.  Due to the DT's antics,  JM was already faced with an insufficient time to prep,   but he was willing to make it work.  However, the two-hour reduction in time made it not possible to both interview and prep.
  


The defense had purposely tried to make sure JM would not be prepared to cross-examine the witness.  However,  in the end they lost out. JM struck back with a motion to preclude JS as a witness or give the prosecutor more time to prepare.  JS was present Jan 5th for trial so instead of testimony,  JM was given the opportunity for an appropriate interview.  There was no way the DT could get out of it.  Court for January 5th was postponed until Jan 8th to give JM extra time to prepare.   He wanted a week; he only got 4 days.  

The witness shuffle and delay are just more examples of the egregious attempts per the DT to impede the investigation of the prosecution.   If it were the prosecution doing even 1/4 of the antics the DT has presented,  JA's supporters would be crying foul.  There is a multitude of examples and proof that show the DT's bad actions. There is only speculation and the DT's twisting of facts to suggest bad actions per the state.  The DT continues to claim  the prosecution purposely erased files even though they know it is not based in fact.  Nurmi even snuck the claim into the retrial of the guilt phase.   It's an ongoing attempt to subvert the truth and the public should be pissed.


THE 2008 HARD DRIVE


So much of the DT's antics failed.  It could not be proven the State erased files.  The DT failed to show neglect on the part of the State.  And the DT failed to show their client was harmed.   Despite all their failures,  the DT continued to manipulate the truth in hopes that something would stick.  Their next target was the 2008 hard drive image created by the State.

As mandated per MPD policy,  an image of the hard drive was created on June 10, 2008 prior to Dt. Melendez's examination of the computer.  After his exam,  Dt.M wrote a report which was subsequently provided to the DT.   Later,  in 2009 the DT requested their own copy of the hard drive so that they could conduct an independent investigation.  The State went to what they believed to be the purest source and made a copy.  Unaware that any changes had occurred on June 19th, 2009  the State created another image using the actual hard drive.   This image was presented to the DT.   The State believed their image was exactly the same as the one presented to the DT.  They did not ask "We know we gave you a copy identical to ours but do you want a copy of our copy?"   There was no reason to;  it would have been redundant.   

The DT used the 2009 copy for their investigation.  Lonnie Dworkin found no porn.   Those findings were accepted and the issue pushed no further. The DT knows they screwed up because they missed the porn.  They had the capability of finding it during the guilt phase but chose not to do a more intense search until after she was found guilty.  This means the porn does not fall within the realm of 'new evidence'  because the DT did not do their due diligence in finding it.  So,  they must create a way to make it 'new' and 'out of their control'.    Their focus was on the 2008 drive.   
The DT knew the drive existed; they had to because there was a 2008 report about the contents of that drive.   However, they are playing dumb about its existence and claiming the State had a duty provide the 2008 drive and withheld it.   But, there would have been no reason to; the State thought it was the same.   What the defense is actually saying the State had a duty to be redundant in their activities and should have had the psychic vision to know changes had occurred on June 19th, 2009.    If the State turns over evidence which they in good faith believe to be the same as what they have,  they have no duty to be redundant.  It would have been like the State going into the camera on 6-10-2008 to print the JA nude.  And then going back in on 10-10-2009 and printing the same JA nude so the defense team could have their own copy.   The picture should be the same so there would be no need for the JM to call up Nurmi and say "Hey,  we copied our picture in 2008.  Do you want a copy of the copy too even though it is the same?"  See how ridiculous that sounds.  But,  it is what the DT is claiming the prosecution had a duty to do in regards to the computer. 


The defense team was offered the opportunity to both interview the man who examined the computer and access to a copy of his report.  The report was conducted in 2008.   The date of the exam of the computer would be included in that report.  It is a mandatory policy to create an image before an exam.   The 'line of fire' goes: Image-exam-report-interview.  When the DT received the report dated 2008,  it served to make them aware an image was made in 2008.  And,  when the DT interviewed Dt. Melendez about this 2008 exam of the computer,  it served to make them aware an image was made in 2008.  The DT never asked for the image because their impression was the same as the States:  The 2009 image and the 2008 image matched because no changes occurred.    

The State was not obligated to provide the 2008 image to the DT until they asked for it.  And,  when the DT asked,  they received it within a week's time.   There were no significant changes between the 2008 and the 2009 hard drive so no exculpatory evidence can be introduced.  The bottom line is,  the DT had the 2009 drive for three years before the trial began.   Three years is long enough to find porn via a 'beyond standard'  search method.  They chose not to.   




THE TEXT MESSAGES


Nurmi's antics regarding the computer claim is reminiscent of his 2010-2013 claim about the text messages.   He asserted prosecutorial misconduct at that time as well.  The case was argued ad nauseum in front of a previous judge and denied.  However,  Nurmi continued to manipulate the facts and argued them in front of JSS too.  


On Day 6 of the guilt phase,  Nurmi  brought up an argument about text messages.   He alleged Dt. Melendez changed his testimony because Dt. Melendez spoke about his investigation into the text messages in 2008.   It was Nurmi's assertion that Dt.  Melendez told the DT in 2008 there were no text messages.  He claimed Melendez said the same thing in the 2010 hearing and his statement was readily available via the transcripts. But of course Nurmi could neither provide the transcripts or cite them.  It was the same claim  Nurmi had made in multiple hearings over the subject.  Despite making the claim on several occasions,  Nurmi never presented the evidence even once.   It was because what Nurmi was saying was a lie and the transcripts would have shown it.

 Nurmi's   statements to the judge are proof he was lying about what Dt. Melendez said.
After presenting his case and JM's return,  JSS asked Nurmi a question.  Part of his response included
"
The point is they were available in 2008 and in 2010 when this litigation was going on the State denied their existence"
However,  his earlier statements show he lied.  Nurmi quoted what Melendez allegedly stated in the 2010 litigation
"In Januray and April of 2010 D.Melendez did testify 'I looked at a few....  I didn't photograph any"
If Melendez looked at a few,  it is because the text messages were there to look at.

"....there weren't any on there and I just gave it back to Dt.Flores.  I didn't take any photographs"What photographs would DM been referring to?  What,  a bunch of pictures of a blank phone screen? And why would DM say there was no text messages and then talk about not photographing those text messages? Nurmi's claim about what DM stated doesn't make sense because it's not true.   All Nurmi had to do to prove his case was pull up one lousy transcript and he did not do that for over two years.  In fact, he never did.   Nurmi's lack of action to attempt to prove something that could have gotten JA released supports the transcripts do not hold the 'Hail Mary'  evidence he claimed.

The truth of the situation finally came out when JM spoke.  He filled in the missing details such as the previous judge denied Nurmi's inflammatory claims.  He  pointed out the fact Nurmi refused to back-up his allegations with evidence of the transcript which has been available for Nurmi to do so.    JM also told the court the technology did not exist to pull the text messages out of the phone into a document form.   It finally came available two years prior to the trial date and this was provided to the defense at that time.   JM added that there was over 20,000 text messages and it would have been nearly impossible to photograph every one and provide it to the DT.  Such a task would have taken several months and the DT was not going to have that.

So, Nurmi basically took a situation which was out of the State's control and manipulated the facts in an attempt to make it appear their actions were nefarious in nature.

The judge ignored Nurmi's violation of his duty of candor and focused on the fact the situation caused no harm to Arias' case.


JSS asked Nurmi "Is it true you have had these text messages for two years?"
Nurmi "Yes, but that's not the point.  The point is they were available in 2008"  (They were not, the tech to make them available did not exist until 2011)
"and in 2010 when this litigation was going on the State denied their existence"   NOT TRUE- and Nurmi knows it.   He said "in Jan/April of 2010 Melendez stated "I looked at a few"

JSS  obviously became fed up with Nurmi's BS.  She stiffened her posture and asked in a loud and firm voice  "AND WHAT PREJUDICE DID YOUR CLIENT SUFFER AS A RESULT"


There was a long long pause on Nurmi's part- whispers to Wilmott.


He can't name one.  Instead he tried to distract and claim a Brady violation.  He tried to claim that there was direct hiding of evidence which was exculpatory in nature.   He cites sexual text messages.  However,  he had the same problem then as he does now with the computer evidence.   Jodi's defense at the time had nothing to do with sex.  She was claiming intruders.  Text messages of a sexual nature would not have been exculpatory in April of 2010 unless they were about a three-way with the alleged intruders.

  Additionally,  once again the State would have had no motive to hide sexual texts.  Jodi did not change her defense until June of 2010.  This was after the whole text fiasco Nurmi invented.   June 22, 2010 is when she officially changed her defense to assert self-defense with sexual undertones.  The State had no motive to withhold sexual messages because there was no sex relation to the crime at the time of the allegations.  It's a fact the defense purposefully chooses to overlook time and time again.


"The bottom line for the State is,  these motions for reconsideration where they are highly inflammatory without anything to be backing them up at some point state that if there is any deceit it involves the duty of candor on the part of defense council"   -Juan Martinez



Gee.... what is JM thinking while Nurmi is twisting the truth?  Maybe "What an ass!"?



DEFENSE VIOLATIONS OF DUTY OF CANDOR

The defense has on multiple occasions demonstrated a violation of duty of candor.  And,  the have been allowed to run amuck doing so.   They are the ones who have made a mockery out of the court with their non-evidence based inflammatory accusations against the State.   How long is JSS going to allow this to go on before she sanctions Nurmi for his disrespect to the courts? 


Claiming E. Flores violated MPD policy of waking up the computer when no policy exists

Claiming the 2008 inadvertent change of files was a purposeful attempt to impeded JA's sex-related defense when the defense did not exist until 2010 and JA wasn't even a suspect

Claiming the file changes on 2008 hid evidence of porn and it caused their client harm during her 2013 trial when they knew the same porn evidence was on the Dworkin copy they had since 2009

Presenting a motion that suggested file changes were made over three hours to give credence to their claims when they knew the time span was just 12 minutes

Claiming the State purposefully targeted porn and erased in in 2009 because JA's defense was sex-related when her sex-related defense never started until 6-2010

Claiming evidence was exculpatory because it was proof TA accessed porn when they knew the June 2-10 porn hits listed in their motion was from malware because the expert who told them stated there was no more user visited porn sites after June 1

Manipulating the evidence from transcripts and stating Juan Martinez was on the computer June 19th and looking for nudes of J Arias when  the defense witness stated JM was NOT in the computer and only asked those who were looking in the computer if they saw nudes of JA.

Implying JM asking about nudes of JA is sign of prosecutorial misconduct when nudes of JA was already an important part of evidence

The DT listed two malicious websites as "possible child porn" visited by the user when they had the report in hand indicating those websites were targeted by malware

The DT kept claiming there was child porn on the computer which supported Arias' claims of pedophilia when they knew there was not and the sites suggestive of child porn were malware targeted.

The DT implied TA went to 1000's of porn sites when the only possible user access was on one day,  June 1st,  and for only 45 minutes.

The DT claiming the prosecution should have seen the porn on the computer when they knew this was not true because the computer was wiped clean on June 1st and no more sites were visited.   Claiming the porn to be "an aircraft carrier in the room"  when they knew it was only very small traces of porn present due to that cleaning on June 1st

The defense team wording their argument in a way to purposefully misrepresent their client's expertise so they can claim the State was acting egregious by calling BN incompetent about computers.   They stated "the county attorney hires him,  the federal government does too"  - yes,  but not AS A COMPUTER TECH - AS AN A/V SPECIALIST.

The defense team mis-quoting Det Smith about the Mesa PD evidence policy.
KN "DS said waking up the computer is not consistent with Mesa PD policy"
DS "Agrees the policy states to not turn on a computer but does not agree it is not OK to wake up a computer from sleep mode.  In certain circumstances it is OK."
EF "it is NOT against policy to wake a computer up from sleep mode"
JM "the policy does not discuss waking a computer from sleep mode"

Claiming they were denied copies of the text messages when the truth was the technology did not exist.

Claiming that the sexual text messages were exculpatory evidence (ie support of her sex-based allegations)  which the prosecutor withheld when Jodi's defense had nothing to do with sex at the time.  


Lying about the reason why they did not find 'more porn'  on the computer by claiming it was limited time with the 2008 drive.  The tech had a long time with the actual hard drive and the 2009 drive and limited porn was found.

Claiming the porn was overtly obvious and then saying they couldn't find 'more porn'  because it was not overtly obvious and would have taken more time then they were allowed

Promoting the lie of a witness who stated he saw TA being physically abusive to DR on January 18, 2001 when they knew this was not a possibility because DR previously testified she was in Costa Rica in January of 2001.

Claiming MM never told DT there was a difference between 2008 and 2009 image was a violation when he damn well knows MM had no idea there was.

In a legal document,  Nurmi claimed McReynolds testified JM was touching the laptop.
"This claim was ultimately negated by the testimony of
Ms. Schaffer and Gilbert McReynolds, both of whom worked on Ms. Arias’ prior legal
team, and both of whom testified that Counsel for the State was touching the computer in
an effort to find either pornography or nude images of Ms. Arias.
GM never said that.  According to BK's LIVE BLOGGING of the trial, GM said "
1:40 GM never saw JM at the computer, touching it, only making those comments --- GM recalls JM asking if there were nude photos of JA on either computer. It stuck out in GM’s mind because JM asked a few times, and he thought it was unusual for him to ask.









THE TRUTH ABOUT THE PORN

The truth about the porn is the DT found evidence of "porn"  on the computer.  But,  what they left out is almost all of the porn evidence they found was related to malware attacks and normal Spybot functions.   They only found one day  that could have  possibly been linked to user access.  It was only a period of 45 minutes.

 It was one day out of 570 days of knowing Jodi that there is any proof Travis could have possibly looked at porn.

It was 45 minutes out of 855,000 minutes of knowing Jodi that there is any proof Travis 'could have' possibly been looking at porn.

The DT provided one date,  just one date as "proof" of user porn.  That date was June 1st, 2008- a date we all know the computer was already infected with malware.   If there was more,  it is an odd thing for the DT to have both BN and JS use the same day as an example of porn access.

 And, if there is more that they never mentioned why are they crying "If we had more time we could have found more?"   It's a pretty damn strange claim for someone who initially claimed the porn was overtly obvious that it no longer is.     

No evidence of child porn.  And a 0.009% occurrence per year of what looked like user porn.

The defense has turned the courtroom into a mockery with their inflammatory non-fact based accusations.  When will JSS put a stop to their BS?





WHY DIDN'T MELENDEZ SEE THE PORN?
A reader asked this and bless the reader who answered it so simply.  "Technology at the time could not find it".

The big answer could very well be the programs PROGRAMS.


To completely understand let me write a timeline...


June 1st the computer is cleaned .

The computer is left on,  but sleeping.

The computer is woke up briefly on June 19th - back asleep in 3 minutes.

The computer is shut OFF.

Before is it turned back ON,  a write blocker is placed and an image is made.

The computer is shut OFF.

2008 Melendez puts the IMAGE onto a bigger hard drive so he can look at it.  He does his exam using ENCASE.  He finds no porn on the drive. 

6-19-2009 the computer is turned back on WITHOUT A WRITE BLOCKER.

12-2009 another copy is made of the computer hard drive.

Lonnie Dworkin does his exam.  He uses ENCASE . He finds no porn on the drive.

2014 DT does their exam using the
UPDATED VERSION OF AUTOPSY and FTK.   They find no porn on the drive.  But, they find remnants,  or SMALL TRACES of visits to porn websites.


   On June 1st the computer was cleaned and there was no more evidence of porn visits after June 1st.  This cleaner left only small traces of porn behind.  Neither Melendez or Dworkin noticed those small traces using EnCase.   Is it because in 2008 EnCase could not pick up those small traces of porn and 6 years later the updated progarms of FTK and Autopsy could?

What Martinez needs to ask JS is why he chose to use updated programs of Autopsy and FTK instead of using the 2008 version of EnCase Melendez used.



9 comments:

  1. Does'nt a computer have to be powered up before a write-blocker program is installed or can it applied while the laptop is in a sleep mode?

    ReplyDelete
  2. Once again, kudos for your rare ability to explain complex issues in an understandable manner!! Thank you!!

    ReplyDelete
  3. OK your article has cleared it up somewhat. But I'm still not understanding why Melendez didn't find any porn? Didn't he examine the original image of the hard drive made on June 10 , 08 ?

    ReplyDelete
    Replies
    1. Robbie, my understanding is that the technology at the time couldn't find the porn and that's why Dworkin couldn't find it neither.

      Delete
    2. Thanks Mr.Steve! Robbie, I have updated the article to help explain this. Please see the end of the article for the explanation. Basically, Dworkin and Melendez used the 2008 version of Encase and Skymeister ind. Used the 2014 version of autopsy and FTK. That is a 6 year improvement in technology. So, maybe not a time to LOL-it yet?

      Delete
  4. EXCELLENT research and reporting. THANK YOU for "walking" the readers (me) through so many computer issues, legal arguments and DT misconduct. All of your work should be forwarded to the judge, the district attorney, and especially Phoenix journalists. I know Arizona taxpayers are fed up with the costs. I find the blatant DT's repeated misconduct very offensive; and, it makes me wonder if JA will be able to use any of it in her future appeals. Again, THANK YOU.

    ReplyDelete
  5. Hi Debbie; Was wondering if you know anything about the upcoming Omnibus hearing that JSS granted JA to attend. I and so many others are wondering how it possible for JA to attend such a hearing. the dozen or so defendants who have joined together in the pool to ask that their "Notice of the Death Penalty" be dismissed, have not, as yet, faced their capital murder trials trials. By contrast, Jodi Arias was convicted of 1st degree premeditated murder, in May 2013, and is only facing sentencing, and ergo, there is an argument to be made that JSS should have rejected her request. But, she didn't... instead, JSS has allowed Jodi Arias to join in with the other defendants who are asking that Judge Joseph Kreamer remove the possibility of the DP from their cases.
    The Omnibus Hearing is designed for a pre-trial review, not post-conviction. How can JA attend as part of the group when she does not qualify? Looking forward to your response.http://www.voiceforvictims.org/ChapterOne.htm#Pre-Trial Conferences/Omnibus Hearings

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete

Note: Only a member of this blog may post a comment.