About the Post

Author Information

Day 2: Prosecution Calls 4 Witnesses, All Special Agents of the FBI.

The following was written concerning the second trial day of Dr. Tarek Mehanna, held on October 28’th, 2011.


NOTE: All quotes are paraphrased. Any and all errors are unintentional.



The Trial of Tarek Mehanna

[DAY 2]


Second day of the trial and the first day of witness testimony. Everyone’s eager to see who the first witnesses to take the stand will be. Although less than the day before, support for Tarek is in good numbers – two of the three benches columns are full. With the exception of his gray suit, American prosecutor Aloke Chakravarty appeared to be wearing the same blood-red tie and blue shirt from day before. Calling his first witness, Thomas Sarrouf takes the stand.


Sarrouf, wearing a dark suit and solid black tie, appears to be in his late 40s. A caucasian male standing about 5’11”, he has a prominent jaw and thick layer of stubble. Though parted, his thinning auburn hair encircles a bald spot at the crest of his crown. With his hooked, beak-like nose leading the way, he seats himself in the witness box. Following the cue from Chakravarty, Sarrouf details his professional life. A Massachusetts state trooper, Sarrouf had been assigned to the F.B.I. Joint Terrorism Task Force (JTTF). Before becoming a state trooper, he spent about 24 years in the U.S. military (both active & reserve) as an infantry officer, as well as in Special Forces (with a focus on intelligence).


Having taken part in several JTTF investigations, in 2006, he executed a special court ordered 24 hr. search of the Mehanna family home. During the JTTF meeting which was held to discuss the home invasion, the personnel needed was discussed, as well as a contingency plan in the event that anything went wrong.


Chakravarty: “Was it [the home invasion] overt?


Sarrouf: “No, it was covert.


He indicates that the purpose of the mission was to identify items of intelligence, or evidence of a crime. With well over a dozen F.B.I. agents, they advanced towards the Mehanna home during the early evening while the family was away on vacation in Egypt. Amongst the precautions taken was the surveillance of the key holder to the home. In addition, a perimeter was established around the home so that no one would be able to come within distance without their knowledge. Stolen items would be curried from the home to an offsite base established at a building a few miles away. If needed, any acquired books, computers, and tapes would be photographed, copied, recorded, and catalogued, then placed back in the home in a manner to avoid suspicion.

Various images taken during the home invasion are displayed as exhibits for the court. The first, is a photo of Tarek’s room. In the top left-hand corner of the room, the audience sees the flag of Saudi Arabia – a large green flag with a silhouette of a sword and the phrase:


لا إله إلا الله محمد رسول الله

{There is no deity worthy of worship except Allah alone, Muhammad is his messenger}


printed above. Below it, a Qur’an holder stands open with a large collection of scented oils next to it. To the left, a large rack filled with audio cassettes containing Islamic lectures. Another image is then shown of several large bookshelves filled with Islaamic texts. Below them, a black laptop is left open. According to Sarrouf, the laptop was searched by Special Agent Kevin Swindon [see below].


The next exhibit is what appears to be a large plastic bag filled with video cassettes (VHS). From Bosnia to Chechnya, Iraq and Afghanistan, the video tapes depicted various scenes from the Muslim resistance campaigns held in those countries. Included amongst the videos, was a copy of Osama Bin Laden’s ‘State of the Ummah’ speech [see footnote 1]. The F.B.I. had viewed and copied each video tape.


Following that image, a copy of Tarek’s address book is shown. Next, a copy of a document from Azzam Publications [see footnote 2]. An excerpt from the document is then read:


Sarrouf: “Whether you’re employed or unemployed, studying or not studying … take a year out … this way you can fulfill your obligations and not give up your job. The situation is critical … the Jewish backed Northern Alliance …


Another document from Azzam Pubications is shown, this time dating October 20’th, 2000:


Sarrouf: “As for the Muslims, they must bear the following in mind … the Israeli Barbarians …


The audience is then presented with a printout from a June 2003 Yahoo news article discussing Al-Qaeda training in the Philippines. After that, a document entitled, “The Unreleased Interview with Osama Bin Laden”. Finally, an e-mail from Tuesday October 23’rd, 2001 written in Arabic.


Under cross-examination, Sarrouf is given to Atty. Janice Bassil. Almost immediately, she dives into the proceeding in a vicious and aggressive manner:


Bassil: “Do you recognize this image?


Sarrouf: <hesitates for a few minutes> “I believe it’s the defendant’s home.


Bassil: “You’re not sure? … Can you read Arabic?


Sarrouf: “Some


Bassil: “Modern?


Sarrouf: “Some, yes.”


Bassil: “You know this is the flag of Saudi Arabia, correct?” <presents image of Tarek’s room>


Sarrouf: “I don’t know


Bassil: “Can you read the Arabic on it?” <لا إله إلا الله محمد رسول الله>


Sarrouf: “No.


Bassil: “You don’t know it says ‘There’s no God but Allah, and Muhammad is his prophet’ ?”


Sarrouf: “No”


Bassil: “Your Arabic isn’t good enough to read the most basic of sentences, but it’s good enough to identify terrorist related material in the defendant’s room?


She moves on, highlighting that one of the exhibits (unreleased interview of OBL) which was previously shown was actually a document produced by Al Jazeera News [see footnote 3]. She also asks if any other notable field agents were involved in the search, to which Sarrouf answered,


Yes, Heidi Williams” [see footnote 4].


Focusing on the home invasion, Bassil inquires as to why Mr. Sarrouf didn’t bother to write a report. After evading the question for a few minutes, he frustratingly replies,




Concluding the cross examination with a few more question, Bassil ends her line of questioning.


The next witness to take the stand on behalf of the government is Special Agent Kevin Swindon. A slightly heavyset caucasian male, standing about 5’9″, his close cropped blonde hair is segmented by bald spots. Identifying himself as the supervisor of cyber security for the Boston field office, he goes on to detail his credentials: UMASS-Lowell, Northeastern University, Boston School, etc.


Following a line of questioning by Chakravarty, Swindon goes into fine grained detail concerning the field of computer forensics. The audience hears about WiebeTech [see footnote 5], and how it is used to access data from a hard drive without leaving any evidence of tampering. They also hear about MD5 hash values [see footnote 6], and how they’re used to authenticate that copies which are created, are indeed sound copies of the source device. Information about the Windows Operating System registry is also given, and how it provides information on how a person may have used a particular file. Swindon comments that in their line of work, the data acquisition which is performed also recovers deleted files [see footnote 7], which include registry files.


Moving past the dull tech talk, he transitions into the August 2007 Mehanna home invasion. Explaining his role, he details how he traveled to the residence with well over a dozen F.B.I. agents, and set up a workstation on the kitchen floor of the Mehanna household. Besides imaging the home PCs with WiebeTech, FTK [see footnote 8] was used to image several CDs. At this point, Chakravarty presents Agent Swindon with an accordion folder containing the hard drive from Tarek’s laptop in a plastic shell. Asking him to identify it, he complies.


Wrapping up his initial testimony for the prosecution, Swindon briefly discusses various software programs, all of which were allegedly found on Tarek’s computer:


– Tor

– WinRAR

– WinZip

– Window Washer

– RegCleaner

– Anonymizer

– IP Hider


Following the description, Chakravarty ends his line of questioning, and offers the witness to Atty. Sejal Patel acting for the defense. Going over his credentials once more, he also reviews the home invasion. Patel then requests him to review the concept of cache as it relates to computers, and inquires whether or not it’s possible for random images to be saved to a person’s internet cache. She concludes her line of questioning by inquiring as to the qualifications of the individuals who reviewed the digital evidence. Agent Swindon immediately clarified that none of personnel were forensically certified, including Heidi Williams[see footnote 4]. Taking issue with Patel’s line of questioning, Chakravarty is quick to ask on redress,


Are you aware of any viruses which push Jihad images onto a person’s computer?


To no one’s surprise, the defense immediately objected, to which the judge sustained. The rest of the day was essentially spent on dry technical talk, after which Judge O’Toole recessed the court for the next day.


10.21.09 … never forget … never surrender!


[1] Amongst the better known media productions of As-Sahab media (Al-Qaeda’s media outlet). The video contains addresses by Osama Bin Laden, Ayman Al-Zawahiri, and others, primarily targeted towards a Muslim audience. It essentially reviews the aggression facing several Muslim populations of the time, and depicts the military forces mobilized by Muslim immigrants to Afghanistan.


[2] The now defunct British publishing house. A full fledged publisher and media outlet, Azzam Pubications printed and distributed a variety of works related to Muslim resistance efforts across the globe. Eventually developing their resources, the publishing group also operated a website (www.Azzam.com), and employed independent news correspondents  in countries such as Afghanistan and Chechnya. Their efforts reached such a point of efficacy, that the Chechen resistance leader Khattab (1969 – 2002) recognized their efforts in a recorded video address. Following the 9/11 attacks, the organization was shutdown (though it was kept alive for a period of time through web forums), and its workers arrested. Babar Ahmad, a British citizen, is accused of acting as the web administrator for the organization, and is currently facing extradition to the United States to face trial.


[3] Founded in 1996, the satellite news station is  primarily concerned with events which occur in the Arab & Muslim world. Broadcast around the world in Arabic & English, the station was one of the only organizations to fully broadcasts media messages from Osama Bin Laden and his allies before the 9/11 attacks, and during the 2001 Afghan war. Due to intense political and physical (station bombings, reporter shootings) pressure, the station has since severely limited, if not eliminated, independent coverage of clandestine organizations such as Al-Qaeda.


[4] F.B.I. field agent known to Boston area Muslims as a harassing figure.


[5] WiebeTech: Write-protect device used in data acquisition. In forensics, it essentially permits the copying of a hard drive or memory disk, without proof of tampering. Copying is done down to the base 1’s and 0’s, and thus, operating/file systems are completely ignored. Though effective, implementation can be time consuming, particularly with large memory disks.


[6] 16 character alpha-numeric values which essentially act as digital fingerprints.


[7] Deleting a file from a machine (i.e. emptying the trash/recycle bin) only removes it’s index (i.e. like in a library), not its actual presence. A file is only truly deleted when data overwrites it (i.e. new file is created in the same memory address). To circumvent data recovery from one’s machine, one may employ “whitening” software which securely removes the index of a file, and overwrites it with logical 0’s several times. Mac OS X’s ‘Secure Empty Trash’ option in the Finder is an example of this, as is the ‘srm’ command in Linux. For Windows, users may download ‘SDelete’ or similar software. None of these methods are 100% guaranteed to prevent data recovery, but they will make it more difficult for foreign parties to recover information.


[8] FTK: Forensics Toolkit. Software used by forensics experts to scan data disks for information. Amongst its capabilities are MD5 hash verification, and password ‘cracking’. It’s essentially ‘Forensics For Dummies’ in that it permits even individuals with a limited background in technology to search for data.


No comments yet.

Readers are encouraged to respectfully share their perspectives. Please comment!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: