Yesterday’s CNN InSession broadcast of the Matt Baker trial covered the testimony of a prosecution computer forensic expert named Noel Kersh, whose witness-stand rhetoric was excellent. Unlike most computer forensics experts I’ve heard, he was very clear without being patronizing and without oversimplifying issues to the point of absurdity.

However, Kersh’s testimony also illustrates what most bothers me about the use of computer forensics in the courtroom: it’s usually completely irrelevant.

Defendant Baker is a former minister who was convicted earlier this year of murdering his wife with a drug cocktail and then staging her suicide.

Sidebar: Kersh is an independent consultant. Apparently, the Waco cops have no computer forensics expertise. They may have compromised a laptop before Kersh could examine it and seem to have permitted Baker to destroy some evidence before the local Justice of the Peace declared the manner of death “undetermined.” Frankly, I think all forensic expertise ought to be supplied to local authorities by private contractors, but I also think local cops ought to have at least basic training in the collection of forensic evidence, including computers.

Relevant Computer Issues

In the Baker case, computers played an important role: not only was the victim’s system found to contain a lethal cocktail of sleep aids (most of which are thought to have been bought online), but she also purportedly left a computer-printed suicide note.

Because the cops didn’t suspect homicide immediately, they didn’t collect any computer evidence at the scene. They didn’t even check to see if there was a working printer with ink and paper (at least as far as I can discern). (You would think they would have protocols for examining suicide scenes, but apparently not.) They collected only the suicide note, and left their own fingerprints all over it.

Sidebar: Here’s a little shameless self-promotion. In a short story, “’Tis the Season to K.I.S.S.,” my killer-heroine uses a computer and printer without leaving a single clue for the forensics guys.

The Baker home at the time—as I understand it from TV coverage—had at least two computers, a laptop and a desktop. By the time the cops wanted to examine the desktop (several months later), Baker claimed to have gotten rid of it. The cops seized the laptop, but compromised the data by inadvertently turning it on and booting it up by opening the screen. Both of these computers might have held evidence of the suicide note—key evidence.

IMHO—as a computer owner since the very early 1980s—the Baker’s missing desktop is extremely suspicious. If I were an investigator, I would have tried to track this computer down.

In my experience, a computer is the most-difficult item on earth to discard. I and my friends all have several generations of computers stored in basements, attics, garages, and even under my current computer desk. It’s illegal to dump them in a landfill here (IL). You have to pay specialists to recycle them (and even then you have to transport them to the recycling facility; no one will pick them up). If you leave them on the curb for a scavenger to collect, you have to remove the hard drives for fear of identity theft. You might be able to resell them on eBay, I suppose; but you’d better wipe them clean with a really good hard drive reformatting tool.

Online Searches

The core, surviving computer evidence in the Baker case was evidence of Baker’s online activity: web searches and websites visited. Most of this data was collected from computers where Baker worked, since his home PC had “vanished.”

Kersh did a great job of finding Baker’s searches for online sources of drugs and of proving Baker was the user, not someone else in the office: he found near-simultaneous email activity to and from Baker’s email address. I can’t say enough about how well-done this documentation was. Unlike other cases (Scott Peterson, for example), Baker’s online identity was documented. According to Kersh, Baker searched extensively for online pharmacies where he could have obtained the drugs that were found in his wife’s system.

Honeymoon Websites

The prosecution also questioned Kersh about Baker’s online activities after his wife’s death. This is where I begin to question the “evidence.”

Kersh found evidence that five weeks after his wife’s death, Baker made inquiries about a Fiji honeymoon with his fiancée. So what? Baker was having an affair with a divorced, single mom when his wife died. Is it suspicious that he would want to marry her as soon as possible? He had two daughters of his own to care for at that time.

No, I’m not naive. I don’t think it’s entirely proper for a man to marry so soon after the suicide of his wife, but I also don’t think this is entirely proper evidence of guilt that should be presented to a jury.

In every murder trial, much is made, I know, of “the defendant’s state of mind,” because the law permits evidence of state of mind at the time of the alleged crime. Intent is a key element of the law. But what does the defendant’s state of mind long after the crime have to do with anything?

Prosecutors need to get a life, I think, when it comes to computer evidence. And, yes, I need to get a life, too. (And I pray I’m never accused of a crime based on my bizarre computer searches as I research murder.)