The case of Casey Anthony occurred back in 2008. Her 2-year-old daughter Caylee was first reported missing, and then half a year later, found dead.

The mother’s behavior was suspicious from the very beginning and she was arrested the day after her child was reported missing.

What followed, was called 'the social media trial of the century' by TIME magazine. The trial did not start for the case until almost two and half years later.

The trial lasted approximately six weeks and there were multiple items of physical evidence, but something was standing apart. It was electronic evidence: some browser searches, in which Casey allegedly made prior to the child's death.

Browser history analysis

The search terms were quite disturbing and included 'how to make chloroform' and 'neck breaking'. The prosecution supposed that Anthony used chloroform to make her daughter unconscious, and then suffocated her using duct tape. The software, which was used for the computer analysis, gave 84 results for the search for 'chloroform', meaning she searched for chloroform 84 times.

There was originally something strange with this evidence. First, these searches had allegedly been made between March 17th and the 21st, just 5 days for 84 searches. Also, the computer had two accounts and it was not possible to determine under which of these two accounts the search had been made—at least this is what the software author said in court.

The software used for the analysis was called 'CacheBack', and its author was an ex-law enforcement officer. CacheBack analyzed Internet Explorer history of the desktop computer, which was seized from Anthony's home and gave the result described above.


CacheBack user interface

Another interesting fact was later discovered after the trial. It appeared that the same computer had another internet browser, which was not analyzed at all!

About two weeks before deliberations, the software author found that his software had a bug and instead of 84 searches, the search had been made only once. The result, by the way, was pretty innocent: a website, which described the use of chloroform in 19th century.

Did the bug sway the result of the trial? It does not seem so. The software issue was not reported to the jury, but they found Anthony not guilty of the murder. If this was not the case however, the inability to inform the jury could have led to a mistrial (and potentially, a re-trial).

Was Casey Anthony guilty?

The other browser, which remained un-analyzed, might have given one more argument to the case. The Firefox browser contained a search for 'foolproof suffocation'. There was corroborating evidence that this search was made by Casey, not by the other user of the computer.

Conclusions

Apart from other mistakes made by the prosecution, there was definitely a lack of the comprehensive approach to the computer examination. Why did they analyze only one of the browsers? Why not the drive in its entirety? This would have given not only both browser histories, but also proof of who made searches in question by analyzing the Windows event logs, registry, and other data in the timeline.

The use of a product such as Belkasoft Evidence Center X could have solved such an issue—and it actually existed at the time of hearings: its first version was released in 2010. Moreover, in 2008 we had Belkasoft Forensic Studio, which particularly supported both Internet Explorer and Firefox browsers.

This again calls for the necessity of cross-checks in a digital forensic investigation. Even if you have a tool and often rely on it, double check its results by using another digital forensic tool, or manually.

About Belkasoft X

Belkasoft X is a world-renowned tool used by thousands of customers for conducting computer, mobile and cloud forensic investigations. In the previous years, Belkasoft X was pronounced top-3 DFIR commercial tool per Forensic 4:cast Awards, being nominated to the finals of this prestigious competition 3 times out of 4 latest years (2018, 2020, 2021).

Belkasoft X can automatically acquire, extract, and analyze evidence from a wide range of sources, including mobile phones, tablets, computers, cloud, memory files and dumps.

To try Belkasoft X, download the trial version of the product:

See also: