The cursor files associated with the search also showed signs of tampering. First, the file extensions for Google Map searches are .cur but the files allegedly found on Brad’s computer are .bmp. Google used .cur files in ’08 and still uses them today.
Second, the MACE value (modified, last accessed, created and entry modified) timestamps aren’t logical. All of the timestamps on the cursor files are identical. This is impossible with a dynamic search because the timestamps should update when the mouse is moved and clicked during the map search. This type of search was duplicated and in all cases the cursor files updated. Clearly, these are not valid files.
Some will argue that this is a normal function with Windows Vista, but this is not true of the IBM Thinkpad that contained the alleged Google map files. It showed normal time increments for many other searches. It is a little tough to see the numbers, but this is the actual cursor file in question. Note the identical times. There is no explanation for this except that it’s an invalid file.
The defense tried to have the state computer witness (Agent Johnson) replicate this search during the trial, using any of the computers in the courtroom (including one with Windows Vista) and the state objected. I believe they knew that the times would update.
Please watch this video which contains parts of the trial testimony specific to the cursor files.