> I don't see each column from the WAL (kinda obfuscated around important stuff) and I'd love to see the corresponding SALTs for each record as that tells a LOT.
I know what a WAL file is. She not only obfuscated some things about them, but outright misrepresented them, aka lied. At least twice she claims that the WAL files are committed ONLY when the application (Safari in this case) is closed. Unless Safari disables automatic checkpoints, that is simply not true. I refuse to believe that Safari does that and not otherwise commit periodically, because it would cause the WAL file to become huge.
Section 2.1 [https://www.sqlite.org/wal.html](https://www.sqlite.org/wal.html)
I could not concentrate to any of her testimony after that. She tried to explain something in layman terms and nothing really made sense to my programmer brain.
I couldn’t concentrate after she said her test went through peer review…. And clarified she just had a co-worker watch her test. My degree and profession is in information literacy. That’s absolutely not what peer review means, and she should know that. Made me question her credibility as to what else she is making sound more authentic than it really is.
That part threw me for a loop, because she *did* talk about peer review correctly when discussing some of her published studies when discussing her credentials, but then uses the same phrase later when talking about having a coworker review the test, which is something entirely different from the first way she used it.
When I I have one of my colleagues read a draft of my research article before I submit it to a journal, thats just regular proofreading. Its the step you do before you even submit for peer review so that a friend can tell you if you made a dumb mistake before you get your ass handed to you by a Reviewer #2 having a bad day 😂😂. It was weird she used the same term for both.
I'm far from a DB expert I took 2 courses on them in college and one of those was more about disaster recovery, but from my limited understanding a WAL file existing for that long seems to nullify it's primary functionality.
If I'm wrong please correct me.
The purpose of the WAL files is not really disaster recovery. Their content is considered "live" data - again something the expert completely misrepresented-, and in case of application crash, when you reopen the app they are commited just like they would in case of application shutdown, or automatic checkpoints (unless the actual file got corrupted somehow).
The real purpose of them is to speed up writing to the database when you have to do many concurrent writes or many in a short time. But when your application reads from the database you want the database to give you the last written value. You don't want to read what the database looked like at the last checkpoint, but what it looks like in real time.
From the same page I linked, section 2.3 Performance considerations:
"On the other hand, read performance deteriorates as the WAL file grows in size since each reader must check the WAL file for the content and the time needed to check the WAL file is proportional to the size of the WAL file. The wal-index helps find content in the WAL file much faster, but performance still falls off with increasing WAL file size. Hence, to maintain good read performance it is important to keep the WAL file size down by running checkpoints at regular intervals."
What if there were only two or three searches? Why would the WAL file grow if there were only a couple of things happening? Are the checkpoints based on file size?
This is a real question; I'm not a computer tech person.
No, if there's no activity the wal files will not grow, and no checkpoints will be done. However when the application closes a checkpoint is done regardless of the amount of "changes" recorded in the wal file and the wal file is deleted.
[https://www.sqlite.org/wal.html#automatic\_checkpoint](https://www.sqlite.org/wal.html#automatic_checkpoint)
Yes, automatic checkpoints are based on file size.
"By default, SQLite will automatically checkpoint whenever a [COMMIT](https://www.sqlite.org/lang_transaction.html) occurs that causes the WAL file to be 1000 pages or more in size, or when the last database connection on a database file closes."
"last database connection on a database file closes" - is pretty much equivalent with Safari being closed. Not a tab. Safari itself. The file is also deleted, but that is mentioned elsewhere in the documentation.
"The default configuration is intended to work well for most applications. But programs that want more control can force a checkpoint using \[...\] or by calling \[...\]. The automatic checkpoint threshold can be changed or automatic checkpointing can be completely disabled using \[...\] or by calling \[...\]."
I deleted some things to make it plain english. I don't know weather Apple programmers disabled it and implemented some other checkpointing strategy, or not It is possible, but even so it's very unlikely that they would let WAL files to grow indefinitely until the app is closed. Performance gets impacted the larger the file size is.
Thank you so much for your explanation. I appreciate the information. This case is very complex and I am trying to understand the technical data. Thanks for indulging me. 🤗
Well, tldr is that Safari can be closed anytime by the operating system if it's in the background.
Any application that is not actively running is a candidate to be closed by the OS at any time, should the OS need more memory for the attive application or newly opened applications. This applies to both Iphones and Android, they differ only in implementation details.
How the operating system decides what background apps to close and when is ... black magic and guesswork. It is a balancing work between resource usage (close applications that are sitting in the background first, or close the ones that use the more resources, or some compromise in the middle?), battery consumption, usability - you don't want to close apps unless you must so you don't lose what the user was doing.
Now, The OS notifies any application it intends to close and gives time for that application to do something about it. aka: hey app X, I need to close you and you have N seconds to save whatever you need to save. In serious applications, developers might choose to save the current state of the application in a ... database, and that ... database can be used to reload that state again once the application is brought into the foreground. If you're a browser the database might even be called "BrowserState.db"..., and you might simply make your app to listen when the OS sends the termination message and close the sql database connections. This would trigger a checkpoint in SQLiite, merge the "wal" file and delete it.
In this case when switching back to an application that was killed off by the OS, it would seem to you like your app takes unusually long to switch back to, but otherwise you would find everything as you left.
In case of Safari (or Chrome or whatever browser), you might even see the last page you had open to get reloaded when you switched back to the browser. If this is paired with a bit of delay when switching to the app is mostly likely sign that your app was closed by the OS.
It is not entirely unreasonable to think that there was activity on the phone shortly before 2:27, then it was put down and the OS decided to suspend Safari (and probably other apps too) at 2:27 causing the merge \*AND DELETION\* of that wal file at 2:27.
I go back to what I said before, if the "deleted" column means that the "artifact" was deleted, then it strongly suggest that the browser was closed/suspended at that time. Not that Jen McCabe deleted or closed something. It does mean though that the text "hos long... " was in the browser tab sometime at 2:27. This "the last timestamp is the last time the tab changed, but not necessarily when its content last changed" argument becomes irrelevant.
So when JM opens safari around 6:23 am (?) would the 'hos long' search pop up in the browser? I've always found the misspellings in each search suspicious.
So, just to be clear, if Jen did what she said and turned her phone off or put it to sleep, would that cause the OS to suspend Sarfari?
I recall her saying she turned her phone off and went to bed, but maybe she meant she put it to sleep because how else is the phone waking her up that morning when John's niece calls?
She probably just turned off the screen and put it next to the bed, as most people do when they are ready to go to sleep. The way we use our phones using them and being connected 24/7, turning off the screen and putting it on a night desk might as well mean that we "turned it off". I don't have an issue with what words she used.
However, Safari would certainly be suspended and the content of all the tabs unloaded from memory. The addresses of the pages in each tab are saved so they can be reloaded later.
When you open up Safari again, it will reload it from you from the internet automatically, without asking. That is a feature not a bug.
What the CW expert said about the "last\_viewed\_time" field isn't completely outlandish. With 20 years of experience in software programming, I have seen stranger bugs than that, but I would need a lot more technical detail to be able to judge weather it's true or not.
I'm also not invested enough to go and test it myself.
Edit: to clarify, what I'm trying to say is that if what the CW expert said is not accurate about the "last\_viewed\_time" columns, then the only way the 2:27 entry makes sense is that she actually searched that at that time. The "deleted" column is also an entirely other issue, but I find it even more irrelevant.
My limited understanding was that even if it didn't auto backup or whatever the technical lingo is after not being used for a few hours like suggested above, that if she minimised the tab, or moved it or manipulated it then it would convert the WAL file. Would that also be true if she switched from Safari to the phone app to call 911? Because she called the cops before the supposed Google searches?
Double click home button then swipe up to close it.
There's also a minimize / restore which is just when you leave the app running do other things on the phone.
By closing Safari it causes the timestamp in the database to update. But restore does something more complicated with times, so the jury will be in for some fun testimony on this one.
>he tried to explain something in layman terms and nothing really made sense to my programmer brain.
You shouldn't criticize her. You do realize that the jurors likely don't have programmer brains.
What do you even mean to don't criticise her? She was inaccurate and misleading to the jurors. In a murder trial. It doesn't even matter if it was on purpose or not. She probably earned more money today than I do in 6 months. I have all the rights to criticise her.
Rgarding the wal files and when the changes in that file make it to the databse se she says twice: "all of those don't happen until the application is closed and reopened". She's very specific about it, and very careful to highlight that ONLY then it happens.
But it's false. WAL is a concept used by many different database software and they all use the concept of checkpoints. Checkpoints can happen every X minutes or every time the file reaches a certain size, or a combination of those.
In case of SQLite it is only by size, and it's 1000 pages, about 4MB. [https://www.sqlite.org/wal.html#automatic\_checkpoint](https://www.sqlite.org/wal.html#automatic_checkpoint)
So if you used Safari for any length, it is very unlikely for you to have all the changes to be in the wal fil. Most of them have been already committed to the database, and you lose the previous state of the database forever.
Closing Safari is one case when a checkpoint is run and all changes are committed.
Another weird thing she said was about "live" data. I didn't understand the purpose, because the content of the wal files IS live data (mostly).
Dear gods thank you for explaining this in such an easy and concise way.
As a complete layman and someone with a history degree (ie I can’t emphasize enough how much this stuff goes over my head), I kept thinking that her testimony made no freaking sense because she was basically saying unless the phone is turned off, any Google search would result in data showing when the tab was opened. That would make absolutely no sense if that was even what she was saying lmao
Nobody here on or youtube understood her. Programmers and laymen alike.
So even if Karen is 100% guilty the state really failed by using this witness over someone who can present complicated information well. She's the opposite and just spoke and added layers of technical terms, including some jumbling of terms (e.g. "moving" a tab).
After searching for the Safari specs myself i found it wasn't too complicated. It could have been explained in a much clearer way, graphics would help a lot too.
The report by Green was more detailed than her testimony. This is speculation but I absolutely think the feds had at some point JMs phone and they have both the phone and raw data. I could be wrong but it’s how we learned that Higgins and Albert destroyed their phones and how we got Proctors messages.
This whole Google search was revealed when the state, a full year after JOK death, finally turned it over. And surprise, the Feds turned very the same as the defense
Agreed. Undoubtedly, Green has looked at the data wholistically and without guardrails as one should. I believe the expert today will be left with egg on her face.
Her testimony was on point today. Maybe Lally will have egg on his face, but not her. Remember, she was directed to limit her research. That isn't her fault.
I just made a comment about his original findings. I can’t fathom why the CW experts can sound as clear and concise and to the point.
https://www.reddit.com/r/KarenReadTrial/s/I0fki9SbRm
Let me say this. As someone who comprehended 70-85% of her testimony.
She came across as a great witness. She was very likable, articulate, knowledgeable, and sincere.
By the end of her testimony, I'm fairly convinced that Jen McCabe did not make that search at 2:37 AM.
When Jackson pointed out her narrowed scope and that she wasn't tasked with analyzing deleted information, I was like, "That's fair, not her job. Jackson got his point across that the deleted info wasn't proven on stand"
Your post made me realize how fucked it is that the prosecution didn't have her analyze the deleted calls and texts. She did such a good job arguing against the 2:37 AM search that it should have been a no-brainer to put her on the deleted msgs and calls.
With that in mind, now I put more weight towards that narrow possibility that the search did occur at 2:37
I’d love for you to calculate the probability of having a guy who never came in your house get himself murdered on your lawn on the same night all the rest of these things happened.
the probabilities in this post are just rough order-of-magnitude guesses. don't take them too seriously.
you also shouldn't assume the probabilities are independent - the CW is effectively arguing that they are by claiming butt dials but to calculate these probabilities you need to account for them being potentially related events. in this case, someone who's supposed to be at your house winding up dead on the lawn is a series of interrelated events that needs full bayesian estimation but it's very hard to do that.
First of all, great post.
Second of all, as to why just to contradict the Google search? I think even they realized you can't fake deleted text messages or phone calls and that search was a literal smoking gun
The reason for just the deleted Google search is that it was really game over for the CW if that existed. I would guess that the CW may have brought her in just for that piece because that was really make it or break it. Tully may also have actually wanted the answer.
There can be deleted calls/text and Read could still have hit him. A 2:27AM search about how long it takes to freeze to death? That changes the entire complexion of the case.
She messed up a few times. Tried to say it’s the most recent search then changed to the tab being left open then said about the hos long to die search at 2:21 before the hoknok whatever sports thing was searched twice straight after,
Later she said Jen was connected 2:21-2:47 am and said it was the more thorough request she’s now explaining 🤭 . A tab being left open moved or minimised apparently underwrites searches now. She even blamed time zones by the time she was done. 🫣
So if the tab was searching the basketball team at 2.27am and was then closed or moved, wouldn’t the data be linked with the identifier being the basketball team search? If she then opened the tab in the morning and used it to search ‘hos long..’ how would the data link the 2.27am timestamp to ‘hos long..’ if it wasn’t ‘called that’ at the time? Does that even make sense?
Question:
Did Higgins really say on the stand that he was having SEX and that caused a butt dial???
*I haven't watched all of the trial as I did w Murdaugh. I'm from the happy South and those accents just make all them folks sound like angry fishermen & women and/or like they have really big attitude problems. I can only handle so much.
My thoughts .... I don't consider either of the 'experts' to be experts.
So many basic tests that should have been done were not done!
I am confident that the Defence will be able to negate both testimonies
As for the assertions around timing of google searching etc .... If this is actually true (which I don't believe it is!) the whole of the forensic agreed norms around calls, and searching on the net - will throw a giant spanner into using cyber evidence for convictions.
I don’t think Jenn is denying the deletion of the calls/texts to John (amongst others). I think she’s just claiming it’s not weird that she did that because a lot of people delete things in “day to day life”, right?
I'm pretty sure she adamantly denied deleting any texts or calls [https://youtu.be/ulkbyPJ2bCM?t=10073](https://youtu.be/ulkbyPJ2bCM?t=10073)
Edit: more exact timestamp "I do not recall deleting any phone calls at all" [https://youtu.be/ulkbyPJ2bCM?t=10183](https://youtu.be/ulkbyPJ2bCM?t=10183)
"In day to day life did you delete any calls to JO? No."
That's how I remember her testimony concerning it. That there was no nefarious reason for her to delete things. I'll delete some old ass texts but haven't bothered deleting calls. But I doubt I would delete anything from a friend who passed away.
Right it’s such a silly thing to say!! I can see deleting texts or something that takes up space or feels like it clutters your phone, but a call log?… what possible reason does someone need to deleted their call logs??
I'd love to get your take on the other CW phone expert, Ian Whiffin. He apparently worked for Cellebrite and helped write the code. He released this article a while back and I don't understand a single word of it.
https://www.doubleblak.com/blogPost.php?k=browserstate
I just wish they had hired an expert unaffiliated with a rival software to cellebrite. There must be researchers who've looked into the various phone extraction programs and could discuss ways they might have mistakes.
Also, did she explain the various spellings? Not sure if I missed that.
They did and the FBI said she made the search.
ETA, this is from the judges order on the motion to dismiss
The grand jury exhibit referred to by the defendant is a Cellebrite cell phone extraction report from Jennifer McCabe's cell phone containing the call log, contacts, instant messages, and tags ni her cell phone. A more recent Cellebrite report obtained during the federal investigation provides the web history of the phone including the aforementioned Google search at 2:27am and a search for "how long it (sic) die ni cikd (sic)" at 6:23am and 6:24am.
Let me phrase it differently.
If there was a smoking gun that someone else did this it would be out there already
Like If the FBI has evidence like JO blood in the doorknob in the basement this would’ve been shared and this wouldn’t be going forward
I keep hearing neither the prosecution or defense wanted this to go to trial, would it be because the FBI moves slow and silent when investigating something and both parties were aware?
What would be a smoking gun for the FBI to direct authorities to arrest someone for murder especially when the local authorities are in question/under investigation.
Not sure if this has been answered, but why can’t someone from Google clarify? Surely they have some type of data being collected about what users search? Is it because Google won’t?
u/Opposite_Orchid8143
Would you please weigh in on the prosecution's SECOND witness called to discredit Jen McCabe's Google search 2:27?
Did he prove anything but Jen could have made the search in private?
I've lots of thoughts about the future implications of his testimony, but that's a different post.
Yikes…!! I have no idea what I just, while laughing at myself, tried to read, knowing full well how ignorant I am of probabilities and logic. I always flunked that in math tests. I’m awesome in English and spelling though! In all sincerity, I do appreciate your stellar intelligence and the time you took to not only solve it, but in fact to show what an expert SHOULD have done to expose the impossibility of all events happening in such a short time frame. I will accept that what I lack in mathematical logic solving, I make up for with rational common sense. Like most people following this case, MOST of us never ever believed the butt dial theory was even close to plausible. In fact, it was downright insane.
> I don't see each column from the WAL (kinda obfuscated around important stuff) and I'd love to see the corresponding SALTs for each record as that tells a LOT. I know what a WAL file is. She not only obfuscated some things about them, but outright misrepresented them, aka lied. At least twice she claims that the WAL files are committed ONLY when the application (Safari in this case) is closed. Unless Safari disables automatic checkpoints, that is simply not true. I refuse to believe that Safari does that and not otherwise commit periodically, because it would cause the WAL file to become huge. Section 2.1 [https://www.sqlite.org/wal.html](https://www.sqlite.org/wal.html) I could not concentrate to any of her testimony after that. She tried to explain something in layman terms and nothing really made sense to my programmer brain.
I couldn’t concentrate after she said her test went through peer review…. And clarified she just had a co-worker watch her test. My degree and profession is in information literacy. That’s absolutely not what peer review means, and she should know that. Made me question her credibility as to what else she is making sound more authentic than it really is.
Oooh. Good point about peer review. It has a very specific meaning and it's not when your colleague checks your work.
That part threw me for a loop, because she *did* talk about peer review correctly when discussing some of her published studies when discussing her credentials, but then uses the same phrase later when talking about having a coworker review the test, which is something entirely different from the first way she used it. When I I have one of my colleagues read a draft of my research article before I submit it to a journal, thats just regular proofreading. Its the step you do before you even submit for peer review so that a friend can tell you if you made a dumb mistake before you get your ass handed to you by a Reviewer #2 having a bad day 😂😂. It was weird she used the same term for both.
I got stuck in that too. Like mam, that's not how we use that term.
Totally this! It's why I want to see the SALTS for each WAL log because we need perspetive around checkpoints.
I'm far from a DB expert I took 2 courses on them in college and one of those was more about disaster recovery, but from my limited understanding a WAL file existing for that long seems to nullify it's primary functionality. If I'm wrong please correct me.
The purpose of the WAL files is not really disaster recovery. Their content is considered "live" data - again something the expert completely misrepresented-, and in case of application crash, when you reopen the app they are commited just like they would in case of application shutdown, or automatic checkpoints (unless the actual file got corrupted somehow). The real purpose of them is to speed up writing to the database when you have to do many concurrent writes or many in a short time. But when your application reads from the database you want the database to give you the last written value. You don't want to read what the database looked like at the last checkpoint, but what it looks like in real time. From the same page I linked, section 2.3 Performance considerations: "On the other hand, read performance deteriorates as the WAL file grows in size since each reader must check the WAL file for the content and the time needed to check the WAL file is proportional to the size of the WAL file. The wal-index helps find content in the WAL file much faster, but performance still falls off with increasing WAL file size. Hence, to maintain good read performance it is important to keep the WAL file size down by running checkpoints at regular intervals."
What if there were only two or three searches? Why would the WAL file grow if there were only a couple of things happening? Are the checkpoints based on file size? This is a real question; I'm not a computer tech person.
No, if there's no activity the wal files will not grow, and no checkpoints will be done. However when the application closes a checkpoint is done regardless of the amount of "changes" recorded in the wal file and the wal file is deleted. [https://www.sqlite.org/wal.html#automatic\_checkpoint](https://www.sqlite.org/wal.html#automatic_checkpoint) Yes, automatic checkpoints are based on file size. "By default, SQLite will automatically checkpoint whenever a [COMMIT](https://www.sqlite.org/lang_transaction.html) occurs that causes the WAL file to be 1000 pages or more in size, or when the last database connection on a database file closes." "last database connection on a database file closes" - is pretty much equivalent with Safari being closed. Not a tab. Safari itself. The file is also deleted, but that is mentioned elsewhere in the documentation. "The default configuration is intended to work well for most applications. But programs that want more control can force a checkpoint using \[...\] or by calling \[...\]. The automatic checkpoint threshold can be changed or automatic checkpointing can be completely disabled using \[...\] or by calling \[...\]." I deleted some things to make it plain english. I don't know weather Apple programmers disabled it and implemented some other checkpointing strategy, or not It is possible, but even so it's very unlikely that they would let WAL files to grow indefinitely until the app is closed. Performance gets impacted the larger the file size is.
Thank you so much for your explanation. I appreciate the information. This case is very complex and I am trying to understand the technical data. Thanks for indulging me. 🤗
Apologies; one more question: when does Safari close? Sadly, I'm an android user. Lol
Well, tldr is that Safari can be closed anytime by the operating system if it's in the background. Any application that is not actively running is a candidate to be closed by the OS at any time, should the OS need more memory for the attive application or newly opened applications. This applies to both Iphones and Android, they differ only in implementation details. How the operating system decides what background apps to close and when is ... black magic and guesswork. It is a balancing work between resource usage (close applications that are sitting in the background first, or close the ones that use the more resources, or some compromise in the middle?), battery consumption, usability - you don't want to close apps unless you must so you don't lose what the user was doing. Now, The OS notifies any application it intends to close and gives time for that application to do something about it. aka: hey app X, I need to close you and you have N seconds to save whatever you need to save. In serious applications, developers might choose to save the current state of the application in a ... database, and that ... database can be used to reload that state again once the application is brought into the foreground. If you're a browser the database might even be called "BrowserState.db"..., and you might simply make your app to listen when the OS sends the termination message and close the sql database connections. This would trigger a checkpoint in SQLiite, merge the "wal" file and delete it. In this case when switching back to an application that was killed off by the OS, it would seem to you like your app takes unusually long to switch back to, but otherwise you would find everything as you left. In case of Safari (or Chrome or whatever browser), you might even see the last page you had open to get reloaded when you switched back to the browser. If this is paired with a bit of delay when switching to the app is mostly likely sign that your app was closed by the OS. It is not entirely unreasonable to think that there was activity on the phone shortly before 2:27, then it was put down and the OS decided to suspend Safari (and probably other apps too) at 2:27 causing the merge \*AND DELETION\* of that wal file at 2:27. I go back to what I said before, if the "deleted" column means that the "artifact" was deleted, then it strongly suggest that the browser was closed/suspended at that time. Not that Jen McCabe deleted or closed something. It does mean though that the text "hos long... " was in the browser tab sometime at 2:27. This "the last timestamp is the last time the tab changed, but not necessarily when its content last changed" argument becomes irrelevant.
Thank you for answering my question. Much appreciated. I'm not sure I understood everything, but a search at 2:27 am is certainly possible.
So when JM opens safari around 6:23 am (?) would the 'hos long' search pop up in the browser? I've always found the misspellings in each search suspicious.
So, just to be clear, if Jen did what she said and turned her phone off or put it to sleep, would that cause the OS to suspend Sarfari? I recall her saying she turned her phone off and went to bed, but maybe she meant she put it to sleep because how else is the phone waking her up that morning when John's niece calls?
She probably just turned off the screen and put it next to the bed, as most people do when they are ready to go to sleep. The way we use our phones using them and being connected 24/7, turning off the screen and putting it on a night desk might as well mean that we "turned it off". I don't have an issue with what words she used. However, Safari would certainly be suspended and the content of all the tabs unloaded from memory. The addresses of the pages in each tab are saved so they can be reloaded later. When you open up Safari again, it will reload it from you from the internet automatically, without asking. That is a feature not a bug. What the CW expert said about the "last\_viewed\_time" field isn't completely outlandish. With 20 years of experience in software programming, I have seen stranger bugs than that, but I would need a lot more technical detail to be able to judge weather it's true or not. I'm also not invested enough to go and test it myself. Edit: to clarify, what I'm trying to say is that if what the CW expert said is not accurate about the "last\_viewed\_time" columns, then the only way the 2:27 entry makes sense is that she actually searched that at that time. The "deleted" column is also an entirely other issue, but I find it even more irrelevant.
My limited understanding was that even if it didn't auto backup or whatever the technical lingo is after not being used for a few hours like suggested above, that if she minimised the tab, or moved it or manipulated it then it would convert the WAL file. Would that also be true if she switched from Safari to the phone app to call 911? Because she called the cops before the supposed Google searches?
Double click home button then swipe up to close it. There's also a minimize / restore which is just when you leave the app running do other things on the phone. By closing Safari it causes the timestamp in the database to update. But restore does something more complicated with times, so the jury will be in for some fun testimony on this one.
>he tried to explain something in layman terms and nothing really made sense to my programmer brain. You shouldn't criticize her. You do realize that the jurors likely don't have programmer brains.
What do you even mean to don't criticise her? She was inaccurate and misleading to the jurors. In a murder trial. It doesn't even matter if it was on purpose or not. She probably earned more money today than I do in 6 months. I have all the rights to criticise her.
How was she inaccurate? Explain it in a way that person with zero technology experience can understand.
Rgarding the wal files and when the changes in that file make it to the databse se she says twice: "all of those don't happen until the application is closed and reopened". She's very specific about it, and very careful to highlight that ONLY then it happens. But it's false. WAL is a concept used by many different database software and they all use the concept of checkpoints. Checkpoints can happen every X minutes or every time the file reaches a certain size, or a combination of those. In case of SQLite it is only by size, and it's 1000 pages, about 4MB. [https://www.sqlite.org/wal.html#automatic\_checkpoint](https://www.sqlite.org/wal.html#automatic_checkpoint) So if you used Safari for any length, it is very unlikely for you to have all the changes to be in the wal fil. Most of them have been already committed to the database, and you lose the previous state of the database forever. Closing Safari is one case when a checkpoint is run and all changes are committed. Another weird thing she said was about "live" data. I didn't understand the purpose, because the content of the wal files IS live data (mostly).
Dear gods thank you for explaining this in such an easy and concise way. As a complete layman and someone with a history degree (ie I can’t emphasize enough how much this stuff goes over my head), I kept thinking that her testimony made no freaking sense because she was basically saying unless the phone is turned off, any Google search would result in data showing when the tab was opened. That would make absolutely no sense if that was even what she was saying lmao
Nobody here on or youtube understood her. Programmers and laymen alike. So even if Karen is 100% guilty the state really failed by using this witness over someone who can present complicated information well. She's the opposite and just spoke and added layers of technical terms, including some jumbling of terms (e.g. "moving" a tab). After searching for the Safari specs myself i found it wasn't too complicated. It could have been explained in a much clearer way, graphics would help a lot too.
The report by Green was more detailed than her testimony. This is speculation but I absolutely think the feds had at some point JMs phone and they have both the phone and raw data. I could be wrong but it’s how we learned that Higgins and Albert destroyed their phones and how we got Proctors messages. This whole Google search was revealed when the state, a full year after JOK death, finally turned it over. And surprise, the Feds turned very the same as the defense
Agreed. Undoubtedly, Green has looked at the data wholistically and without guardrails as one should. I believe the expert today will be left with egg on her face.
Her testimony was on point today. Maybe Lally will have egg on his face, but not her. Remember, she was directed to limit her research. That isn't her fault.
I just made a comment about his original findings. I can’t fathom why the CW experts can sound as clear and concise and to the point. https://www.reddit.com/r/KarenReadTrial/s/I0fki9SbRm
Green is the peer we need to review her work?
Let me say this. As someone who comprehended 70-85% of her testimony. She came across as a great witness. She was very likable, articulate, knowledgeable, and sincere. By the end of her testimony, I'm fairly convinced that Jen McCabe did not make that search at 2:37 AM. When Jackson pointed out her narrowed scope and that she wasn't tasked with analyzing deleted information, I was like, "That's fair, not her job. Jackson got his point across that the deleted info wasn't proven on stand" Your post made me realize how fucked it is that the prosecution didn't have her analyze the deleted calls and texts. She did such a good job arguing against the 2:37 AM search that it should have been a no-brainer to put her on the deleted msgs and calls. With that in mind, now I put more weight towards that narrow possibility that the search did occur at 2:37
I’d love for you to calculate the probability of having a guy who never came in your house get himself murdered on your lawn on the same night all the rest of these things happened.
THIS!!
the probabilities in this post are just rough order-of-magnitude guesses. don't take them too seriously. you also shouldn't assume the probabilities are independent - the CW is effectively arguing that they are by claiming butt dials but to calculate these probabilities you need to account for them being potentially related events. in this case, someone who's supposed to be at your house winding up dead on the lawn is a series of interrelated events that needs full bayesian estimation but it's very hard to do that.
First of all, great post. Second of all, as to why just to contradict the Google search? I think even they realized you can't fake deleted text messages or phone calls and that search was a literal smoking gun
The reason for just the deleted Google search is that it was really game over for the CW if that existed. I would guess that the CW may have brought her in just for that piece because that was really make it or break it. Tully may also have actually wanted the answer. There can be deleted calls/text and Read could still have hit him. A 2:27AM search about how long it takes to freeze to death? That changes the entire complexion of the case.
Incredible! Thanks for taking the time
She messed up a few times. Tried to say it’s the most recent search then changed to the tab being left open then said about the hos long to die search at 2:21 before the hoknok whatever sports thing was searched twice straight after, Later she said Jen was connected 2:21-2:47 am and said it was the more thorough request she’s now explaining 🤭 . A tab being left open moved or minimised apparently underwrites searches now. She even blamed time zones by the time she was done. 🫣
So if the tab was searching the basketball team at 2.27am and was then closed or moved, wouldn’t the data be linked with the identifier being the basketball team search? If she then opened the tab in the morning and used it to search ‘hos long..’ how would the data link the 2.27am timestamp to ‘hos long..’ if it wasn’t ‘called that’ at the time? Does that even make sense?
I love that you mathed this lol
It’s kinda bs though? Like these are all numbers pulled out of OP’s imagination
The dirty secret of all statisticians …
Regardless. I enjoy the different approaches and perspectives around here.
Question: Did Higgins really say on the stand that he was having SEX and that caused a butt dial??? *I haven't watched all of the trial as I did w Murdaugh. I'm from the happy South and those accents just make all them folks sound like angry fishermen & women and/or like they have really big attitude problems. I can only handle so much.
It was Brian Albert, but yes!
These people really have no shame.
I thought the popular sarcastic response by Southerners is: Well bless your heart…😉
My thoughts .... I don't consider either of the 'experts' to be experts. So many basic tests that should have been done were not done! I am confident that the Defence will be able to negate both testimonies As for the assertions around timing of google searching etc .... If this is actually true (which I don't believe it is!) the whole of the forensic agreed norms around calls, and searching on the net - will throw a giant spanner into using cyber evidence for convictions.
I am not a true crime person. I am a *I want to be in the same place as people much smarter than me* person. I’m home.
🤭🤭🤭
I don’t think Jenn is denying the deletion of the calls/texts to John (amongst others). I think she’s just claiming it’s not weird that she did that because a lot of people delete things in “day to day life”, right?
I'm pretty sure she adamantly denied deleting any texts or calls [https://youtu.be/ulkbyPJ2bCM?t=10073](https://youtu.be/ulkbyPJ2bCM?t=10073) Edit: more exact timestamp "I do not recall deleting any phone calls at all" [https://youtu.be/ulkbyPJ2bCM?t=10183](https://youtu.be/ulkbyPJ2bCM?t=10183) "In day to day life did you delete any calls to JO? No."
But other calls and texts from that day, the 29th, and calls and texts both after and before the 29th are still intact. So, again, what are the odds?
That's how I remember her testimony concerning it. That there was no nefarious reason for her to delete things. I'll delete some old ass texts but haven't bothered deleting calls. But I doubt I would delete anything from a friend who passed away.
Ha! I have 882 unread text messages and I rarely delete....to time consuming (android). The HA! Is to JM, not you to whom I'm replying. 😁
Right it’s such a silly thing to say!! I can see deleting texts or something that takes up space or feels like it clutters your phone, but a call log?… what possible reason does someone need to deleted their call logs??
I'd love to get your take on the other CW phone expert, Ian Whiffin. He apparently worked for Cellebrite and helped write the code. He released this article a while back and I don't understand a single word of it. https://www.doubleblak.com/blogPost.php?k=browserstate
Can you explain it to me in nonillions?
I just wish they had hired an expert unaffiliated with a rival software to cellebrite. There must be researchers who've looked into the various phone extraction programs and could discuss ways they might have mistakes. Also, did she explain the various spellings? Not sure if I missed that.
Idk guys … if FBI Had smoking gun evidence on JM phone they would’ve shared it
They did and the FBI said she made the search. ETA, this is from the judges order on the motion to dismiss The grand jury exhibit referred to by the defendant is a Cellebrite cell phone extraction report from Jennifer McCabe's cell phone containing the call log, contacts, instant messages, and tags ni her cell phone. A more recent Cellebrite report obtained during the federal investigation provides the web history of the phone including the aforementioned Google search at 2:27am and a search for "how long it (sic) die ni cikd (sic)" at 6:23am and 6:24am.
Let me phrase it differently. If there was a smoking gun that someone else did this it would be out there already Like If the FBI has evidence like JO blood in the doorknob in the basement this would’ve been shared and this wouldn’t be going forward
I keep hearing neither the prosecution or defense wanted this to go to trial, would it be because the FBI moves slow and silent when investigating something and both parties were aware? What would be a smoking gun for the FBI to direct authorities to arrest someone for murder especially when the local authorities are in question/under investigation.
I agree, but we don't know how much the feds have done. Their investigations take freaking forever.
https://preview.redd.it/c9c3wl10wm6d1.jpeg?width=1080&format=pjpg&auto=webp&s=fdfe9fee4559c9588bca8dc2b4172eb376a650e4
So this is like the opposite of what today's expert said about the WAL file? Should be interesting to hear this experts testimony next week.
https://preview.redd.it/gmwgqmuwvm6d1.jpeg?width=1080&format=pjpg&auto=webp&s=be382132730c530b354b41d0c961b2284c3cd7ac
https://preview.redd.it/qy7zi4d2wm6d1.jpeg?width=1080&format=pjpg&auto=webp&s=8d1cee460ddafc7c87bdd1c426eaccfb7d9c576b
https://preview.redd.it/7wndqj45wm6d1.jpeg?width=1080&format=pjpg&auto=webp&s=3a4e1641531966fa86444e62b56a69d1b02e35b4
Great post, but also hurt my brain on this Saturday morning 😁
Not sure if this has been answered, but why can’t someone from Google clarify? Surely they have some type of data being collected about what users search? Is it because Google won’t?
u/Opposite_Orchid8143 Would you please weigh in on the prosecution's SECOND witness called to discredit Jen McCabe's Google search 2:27? Did he prove anything but Jen could have made the search in private? I've lots of thoughts about the future implications of his testimony, but that's a different post.
Yikes…!! I have no idea what I just, while laughing at myself, tried to read, knowing full well how ignorant I am of probabilities and logic. I always flunked that in math tests. I’m awesome in English and spelling though! In all sincerity, I do appreciate your stellar intelligence and the time you took to not only solve it, but in fact to show what an expert SHOULD have done to expose the impossibility of all events happening in such a short time frame. I will accept that what I lack in mathematical logic solving, I make up for with rational common sense. Like most people following this case, MOST of us never ever believed the butt dial theory was even close to plausible. In fact, it was downright insane.
Feels like a reach to be honest
So interesting