Bryan Pringle v. William Adams Jr et al
Filing
193
DECLARATION of David T. Gallant in Opposition to MOTION for Summary Judgment 159 filed by Plaintiff Bryan Pringle. (Attachments: # 1 Exhibit 1, # 2 Exhibit 2)(Holley, Colin)
EXHIBIT 2
Roughrider Professional Building
8209 Roughrider Dr., Suite 200
Windcrest, TX 78239
T (210) 271-2999
F (888) 511-7894
www.WhatsOnTheComputer.com
Tax ID: 26-4329342
December 16, 2011
Dean Dickie, Esq.
Miller Canfield
225 W. Washington Street, Suite 2600
Chicago IL 60606
GCIS Case Number: 201012701 - Bryan Pringle
Dear Mr. Dickie,
1.
I would like to correct a typographical error on my report dated August 6, 2010, paragraph 4a:
(bold added):
"Cursory analysis metadata associated with each of the 134 images contained in the “promo
photo” directory disclosed the images were all taken on 09-06-1999 and 09-08-1999 with an
Olympus C900Z/D400Z digital camera."
2.
I have also reviewed the Declaration of Erik Laykin dated November 14th, 2011, as well as the
draft transcript of his deposition dated December 7, 2011, and offer an opinion as to some of the comments he made. A true and correct copy of my December 16, 2011 Rebuttal Report (“Rebuttal”) containing those opinions is attached to this Declaration as Exhibit 2.
3.
Mr. Laykin stated in his declaration (page 4, paragraph 12) that Mr. Pringle reported his computer stolen in 2000 yet claimed he burned the music image to CD on May 17, 2001, thus could not
have burned the CD-Rom containing his "Take a Dive" song at that time. Mr. Laykin seems to be basing the CD burn date of May 2001 from my declaration dated November 18, 2010. That burn date pertained to the first CD-Rom (Tag 1) analyzed and reported in that declaration. In my subsequent report
dated August 6, 2011, in which I reported my findings for Tag 2, the CD-Rom containing the "Take a
Dive" song, in paragraph 4C I stated:
“I also examined the original CD-ROM (Tag 2) with a utility called NeroInfoTool, which determined that the content of this particular CD-ROM was created on “9 September 1999” (i.e. the CDROM was burned September 9, 1999). This corresponds to the CD volume name described above.
Confidential: This document is intended for the use of the intended recipient(s) only and may contain information that is
confidential, privileged or legally protected. Any unauthorized use or dissemination of this communication
is strictly prohibited.
EXHIBIT 2
NeroInfoTool is a free “non-forensic” application that identifies when a CD-ROM was burned, as well
as other information concerning the computer’s CD-ROM drives.”
4.
This burn date predates the theft of Mr. Pringle's property. I also reviewed the police report Mr.
Pringle provided to me. He did not report his computer stolen, but rather "several items of music
equipment" were stolen. The major items that were stolen were very specifically identified in the report, and it would be logical that if a computer had been stolen, Mr. Pringle would have listed it in the
report. Mr. Pringle informed me that among the "several items of music equipment" were removable
hard drives that contained the original compilations of the "Take a Dive" song. I also reviewed an excerpt of Mr. Pringle's deposition dated August 24, 2011, page 155, line 21 where he specifically stated
he didn't recall if they stole his computer in 2000.
Q. So the hard drive that was taken along with the ASR-10 that was stolen, what
was on that hard drive?
A. Well, there was many hard drives. It was instrumentation, MIDI
13:19:06 sequences, samples. I don't recall if they stole my computer too, but
there was a lot of different drives and removable drives that were taken and basically just (demonstrating)
5.
Mr. Laykin goes to great lengths to discuss the possibility of finding evidence Mr. Pringle downloaded the song, "I Gotta Feeling" from the Internet on the hard drive Mr. Pringle returned to the
manufacturer due to defects. Mr. Pringle informed me he purchased his current computer in July 2004.
He upgraded various hardware components on this computer through the years. It originally had a
200 GB hard drive which he upgraded to a 640 GB hard drive on/about May 18, 2009. At that time he
reinstalled the operating system (Windows XP) from the original installation CD-ROM and transferred
his data to the new drive. This would create a pristine installation without any residual system files
(including Internet history) remaining from the previous hard drive. He also reinstalled the programs
he commonly used and transferred data to the new hard drive. Again, this would not have transferred
any system files (to include Internet history) to the new drive. On January 5, 2010, he purchased two
new hard drives (500 GB each) and installed one in this system and believes he gave one to a friend.
Again he reinstalled the operating system into the computer and transferred his data and programs to
the new drive in the same manner as described above. No system files (including Internet history)
would have transferred. In July/August 2011, Mr. Pringle began experiencing intermittent hardware
issues with the computer and believed the issue may have been the hard drive he purchased in January
2010. On August 1, 2011, after receiving an return merchandise authorization (RMA) number from
Western Digital, he returned the drive for an exchange after copying his data to an external source. He
provided two copies of this data to me for safeguarding, and I provided one of these copies to Mr. Daniel Aga on August 8, 2011. Western digital shipped Mr. Pringle a replacement drive on August 9, 2011.
Confidential: this document is intended for the use of the intended recipient(s) only and may
contain information that is confidential, privileged or legally protected. Any unauthorized use or
dissemination of this communication is strictly prohibited.
6.
Internet browsers are typically configured by default to clear their internet history on a scheduled basis. Users can also manually delete the history at will, or set their browser to delete the history
more or less frequently than the default settings, or automatically when they exit the program. These
actions typically do a decent job of clearing the temporary internet files and cookies, but do on occasion leave remnants of files that can be forensically analyzed depending on how the remote web site
was configured. For instance, sites that use the hypertext transfer protocol secure (HTTPS) protocol
are designed to transmit the data in an encrypted format and the data that remains on the computer is
encrypted. Sites that typically use the HTTPS protocol are banking sites, most of the commonly used
online email sites, or sites that accept credit card transactions. Computer forensics can not decrypt that
data into clear text. In addition to history deletions, browsers now have an optional privacy function
that prevents any browsing history from being written to the computer. This action thwarts computer
forensics on systems unless they are forensically imaged on site while running since any remnant data
that may remain will reside only in RAM. When a computer is turned off, for all intents and purposes,
RAM is cleared of all data.
7.
According to the web site www.beatport.com
(http://www.beatport.com/search?query=i%20gotta%20feeling&facets[]=fieldType:track), the song, "I
Gotta Feeling" was first released on the site April 13, 2010. If Mr. Laykin's theory was accurate, then
the internet history for the transaction would likely have been deleted either automatically or manually
by Mr. Pringle through the course of normal computer activity. Also, if Mr. Laykin was accurate in
portraying Mr. Pringle as a meticulous computer genius who was perpetrating a fraud, then one would
expect him to not use his personal computer to download and create the music files, but would rather
expect him to use an unknown computer. Mr. Laykin's theory is not consistent.
8.
Additionally, the four available Black Eyed Peas' downloads all require the user purchase the
download. In order to purchase the download, the user would need to create an account, log in and finalize the transaction with a credit card. As stated in paragraph 6 above, details of the credit card
transaction would have been encrypted. Since the details of the credit card transaction, if it had been
conducted, would be encrypted on on Mr. Pringle’s defective hard drive (per Mr. Laykin’s theory), an
investigator would alternatively be able to obtain evidence of the purchase and download from
Beatport.com. In my opinion, it would be better evidence to show a credit card purchase by Mr.
Pringle to prove he actually downloaded the music - regardless of what computer he may have used.
Additionally, "Beatport" would likely have transaction logs that would show Mr. Pringle created an
account that could be traced back to the Internet Protocol address of his computer. I left two messages
(11-29-11 and 12-5-11) for Beatport to contact me to discuss these records - they did not return my
calls.
Confidential: this document is intended for the use of the intended recipient(s) only and may
contain information that is confidential, privileged or legally protected. Any unauthorized use or
dissemination of this communication is strictly prohibited.
9.
One page 8, paragraph 28, Mr. Laykin stated, "In my experience, it is not uncommon for individuals who use CD Rom discs on a regular basis, such as those in the electronic music industry, to
retain a number of unused CDs, and to burn data to those old CDs years later. CD Rom discs are often
purchased in bulk, for instance in packages of 25, 50, 100 or even 250 discs. Indeed, Mr. Pringle testified to having repeatedly sent out demo CDs in batches as large as 200 at a time, over a period of many
years. Pringle thus likely had access to old CDs from the late 1990s which he could have used to burn
the NRG discs in 2009 or 2010."
10.
CD-Rom technology has evolved over the years. In the 1999 era, the technology was not reliable, the cost per disk was comparatively high, and most importantly, the successful burn rate was extremely low. I can attest to a success rate during that time frame of less than 50% and sometimes even
lower. There is nothing unreliable about a CD-Rom that was able to be successfully burned. The issue was that it took many attempts and many CD-Roms before one could be burned successfully. It is
not reasonable to think anyone would store this dated, unreliable media for any reason.
11.
On page 8, paragraph 27, Laykin stated, "Similarly, older digital storage media such as CDs,
which are also readily available for purchase, have been known to be used to make it more difficult to
determine the true date of back-dated files."
12.
Contrary to Mr. Laykin's claim, "old digital storage media" from circa 1999 is NOT readily
available for purchase." I conducted a search on E-Bay for the Verbatim model 94328 CD-Rom used
by Mr. Pringle to save the music files in question. There were NO vendors who could provide these
CD-Roms. I then conducted a Google search for the Verbatim 94328 CD-Rom. None of the sites that
Google identified had any of these disks in inventory. I sent queries to some of the sites and they all
responded that the particular CD-Rom was not available.
13.
During his deposition on December 7, 2011, Mr. Laykin also discusses a theory that Mr. Pringle
may have backdated the NRG files in question as well as the date the CD-Rom was burned. He stated
that in order to attempt to prove that theory, a computer forensic examiner would need to have access
to the computer used to perpetrate this fraud and that he had no proof to support this theory. He acknowledged in his deposition that he had no evidence to support his theory of backdating - including
his analysis of the two CD-Roms I provided to him via Mr. Daniel Aga on August 8, 2011.
14.
Please contact the undersigned at (210) 271-2999 or David@GallantCIS.com if you have any
questions.
Respectfully,
Confidential: this document is intended for the use of the intended recipient(s) only and may
contain information that is confidential, privileged or legally protected. Any unauthorized use or
dissemination of this communication is strictly prohibited.
David Gallant
President, GCIS, LLC
Licensed Private Investigator (TX Lic: A15633)
Confidential: this document is intended for the use of the intended recipient(s) only and may
contain information that is confidential, privileged or legally protected. Any unauthorized use or
dissemination of this communication is strictly prohibited.
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?