By now it’s obvious to many that Brad Cooper was deprived of his right to a fair trial. The NC Court of Appeals agreed and ordered a new trial in September, 2013. The trial has yet to be scheduled. Through the many articles published at this blog I have tried to break down all of the evidence piece by piece so that it would be obvious that the State failed to present anything linking Brad to the crime. What was presented at trial was nothing more than twisted speculative ideas. We heard a lot of “could haves” at trial and when one examines each item independently, the evidence simply falls apart and all we are left with is the computer evidence. To really grasp the level of misconduct that occurred in this case one must take the time to understand how the computer was tampered with. It seems that many still don’t understand it and may wonder “Was the computer really tampered with? Was evidence really planted on the machine as alleged by the Defense?” . The answer of course is “Yes” and it is unmistakeable. Brad Cooper was framed. My goal is to break this down to a level where it becomes understandable to anyone who takes the time to read this. To me it is very obvious and I want others to understand it too because if it can happen to him, it can happen to any one of us at any time. For now, I would like to focus on the Google cookies.
What is a cookie?
Basically, a cookie contains information about the individual user that enables the website to store preferences for future website visits. A cookie not only tracks information, but speeds up web browsing, because the page does not have to reload new information each time it is visited.
Why are cookies important when investigating computer evidence?
Investigators can send a subpoena to the site where the search occurred (in this case Google) and Google can supply them with:
- the IP address
- the time of the search
- date of the search
This is in fact 3rd party verification of the search — it could have proven 100% whether Brad did or did not do the search in question —- had investigators taken the time to subpoena the cookies. They did not. note: It is not possible for someone to fabricate the data in a Google cookie.
Why didn’t investigators verify the search with cookies?
State expert, Agent Johnson testified that he did advise Cary Police that it was something that needs to be done. Obviously, that recommendation was ignored.
Was there a cookie that corresponded to the Google search of Fielding Drive?
No. There were no cookies at all for 7/11/08, though there were cookies for days preceding and following that date.
What explanation is there for a missing cookie?
Some have suggested that private browsing could have been used. With private browsing, no cookies are left on the hard drive. However, there would also be no temporary internet files present for private browsing searches and we know that the tif (temporary internet files) for the Fielding Drive search were present. Agent Johnson testified that private browsing was not utilized. There is no explanation for the missing cookies for 7/11/08.
Could the cookie have been deleted?
No. Agent Johnson checked and there was no sign of a deleted cookie for this search. No cookie…..no deleted cookie…..impossible for a normal search
Agent Johnson when called by the Defense —
What about Agent Chappell’s report?
Agent Chappell did in fact state in his report on computer tampering that there was a cookie that matched up to the search. During testimony, he and Agent Johnson both admitted that there was NO cookie for the Fielding Drive search. Agent Chappell, in his report, states why the cookie is so important, important enough to mention in his report. With that cookie “we have an independent way of verifying time stamps.”
Agent Chappell’s report:
Agent Chappell’s testimony:
Could investigators have sent cookies from after the alleged search time to Google to verify that the Fielding Drive search originated on Brad’s machine?
Yes, absolutely. Google cookies from 7/12/08 could have been used to identify what searches occurred on previous days.
Why didn’t the Defense subpoena Google when they received the hard drive?
Why did the State wait so long to give the Defense a copy of the hard drive?
Is it standard for law enforcement to subpoena cookies?
Absolutely. I posted an article not long ago about another case and the very first thing investigators did was contact Google to verify the search. In fact, law enforcement in this case subpoenaed google for other irrelevant information in this case, but never for the google cookie.
Why will one never see a cookie corresponding to planted computer files?
Quite simply, it is impossible to fabricate a cookie to make it appear as though a search was performed on a particular machine. If those who framed Brad did somehow place cookies on the hard drive, if subpoenaed they would not correspond to Brad’s IP address. They would correspond to the IP address of the computer that did the search. That is why there are no cookies related to this search. This is a smoking gun indicator of planted files.
I hope this answers the questions about the significance of the absent cookies associated with this search. Of course there are several other signs pointing to tampering and the framing of Brad Cooper, but I will limit this article to the cookies alone to avoid confusion. If you are interested in learning more about everything the State did to impede the Defense’s ability to examine and then present the computer evidence at trial, please read this article.
To summarize, there is absolutely no logical explanation for the absent cookies associated with the search of Fielding Drive. This isn’t a fluke or some odd computer glitch. The temporary internet files were present and therefore the corresponding cookies should have been in the cookie folder as well.
Brad didn’t go in and delete any cookies as there were many cookies present from other days and logically, if one were to delete cookies, they would simply delete them all and certainly as a computer engineer, he would have known to delete the temporary internet files as well. I don’t know who planted the files, but it is very obvious that they were indeed planted on his machine. If the tables were turned and law enforcement and prosecutors were trying to show a Judge and jury evidence of computer tampering with evidence similar to what I’ve just described here, it would be a slam dunk case and the accused would be convicted of evidence tampering. Brad Cooper did not do the Google search of Fielding Drive. This is not a gray area….it’s crystal clear.