Justice for Brad

Computer Evidence

Overview

Brad Cooper was convicted with tainted computer evidence.

During the course of his ten-week trial, the only evidence against Brad came from his computer.

Durham Police Officer Chris Chappell, in his assignment for the local FBI, testified that a map of Fielding Drive - the area where Nancy Cooper's body was found -was discovered on Brad's laptop. He testified that the timestamps of the map tiles for a Google Maps search were dated 1:14 pm July 11; the afternoon before Nancy Cooper was reported missing.

If those tiles were verifiable, it would be compelling evidence.

But the jury was not allowed to hear two computer experts who stated that the tiles were planted. Judge Paul Gessner precluded the testimony of Jay Ward (Network Security Expert) and Giovanni Masucci (Computer Forensics Expert) regarding the spoliation of the whole computer, as well as specific incidents of tampering with it.

Cary police entered the Cooper home just after 3:00 pm on July 15, 2008.

Brad Cooper left his home at approximately 5:20 pm. From that point on, the IBM ThinkPad was in the sole custody of the Cary Police Department. Instead of following protocol, Cary police chose not to analyze that computer’s RAM (random access memory). They chose not to disconnect the computer from Brad’s wireless network. They chose not to power it down immediately. They knew that the computer was open on the WEP network, but left it on in the home, connected to

Brad’s wireless network for over 27 hours. And during those 27 hours, at least 692 files were altered (according to the FBI). Those files included emails, internet history files stretching over weeks at a time and key properties of Brad's user profile.

Despite allegations of tampering, neither Cary police nor the FBI took the necessary steps to validate the data on that machine. Cary police were advised by the FBI to ask Google if the search was valid. They chose not to do that (even though they sent other subpoenas to Google regarding this case).

The police could have received information from Cisco about their own routers that would have determined whether that map was produced by a computer search on July 11th. They chose not to do that either.

The police knew that Brad’s friends and neighbors were tech savvy, and yet they never analyzed his computer for tampering prior to trial. CD boot and admin change records go beyond showing that all doors and windows were open -- it showed they were off their hinges. As they looked through the $MFT in this case, they could not explain why those files were modified. They could not explain why there were invalid timestamps. They were confident that no tampering occurred on Brad’s machine.

But there it is. You can see it.

We can't tell you who tampered with Brad’s computer, or when it was done. We don't know if it was a member of the Cary Police Department, a friend who lived nearby and wanted to help the police along with their case, investigators hired by Nancy’s custody attorneys or even Nancy Cooper’s real killer. We will never know -- because Cary police and the FBI never bothered to investigate. What we do know is that there was clear spoliation on that machine, and it cannot be trusted as evidence. Just like Nancy Cooper’s Blackberry, it is useless as evidence. And that useless evidence convicted an innocent man.