-
DECLARATION OF BRAD MARYMAN
I, Brad Maryman, declare and state as follows:
1. I am the owner and President of Maryman & Associates
Inc., a professional services firm specializing in
computer forensics, cyber investigations, incident response and
security consulting. I have over 43 years of
experience in conducting investigations, collecting evidence and
analyzing evidentiary items. The firms associates have wide-ranging
investigative, security and forensic experiences with backgrounds
in military, law enforcement,
intelligence and academia. They are located in cities across the
country and have traveled internationally in support
of highly sophisticated and complex forensic and cyber matters
for our clients and their legal representation.
2. Prior to founding Maryman & Associates Inc., I served as
a Supervisory Special Agent with the Federal
Bureau of Investigation (FBI) for over 29 years. During that
time, I conducted and supervised investigations, served
as an Information Systems Administrator, Chief Information
Security Officer (CISO) and Security Programs
Manager. I was a founding member of the FBIs Computer Analysis
Response Team (CART Team) where I received extensive training from
the FBI and scientific industry experts in the acquisition,
examination and analysis
of computer evidence, also known as computer forensics. I
received certification by the FBI Laboratory as a
Forensic Examiner of Computer Evidence. I have performed
thousands of hours of computer forensic investigation to include
forensic data acquisition and analysis of an extensive variety of
digital evidence items
including electronic business records and computer files. I am
an FBI certified instructor and have provided
computer forensic training to numerous federal, state and local
law enforcement entities. I have contracted with a
major computer forensics device manufacturer to provide training
in computer forensics and data acquisition. I have
provided that training to various groups across the nation as
well as internationally.
3. During my tenure as a Special Agent for the FBI, as a private
forensic examiner and as an expert witness, I
have provided declarations and affidavits as well as depositions
and testimonies in criminal and civil court cases
many times and I have also served as a court appointed neutral
forensic examiner. I have previously qualified as an
expert witness in local, state and federal courts. I served as
Chairman and Member-at-Large of the advisory board to
the Director of the FBI on computer and information systems. I
currently serve on the University of Southern
CONFIDENTIAL NFLPA_BRADY001619
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 1
of 9
-
California (USC) Information Technology Program Advisory Board
and am a frequent guest lecturer at USC on
digital forensics. I am also a member of the Information Systems
Security Association and serve on the Los Angeles
Chapter Community Outreach Advisory Board.
4. I am licensed as a Private Investigator by the California
Bureau of Security and Investigative Services and
hold license number 26012.
5. Please see my Curriculum Vitae (CV) attached as Exhibit A for
additional information regarding my
experience and qualifications.
6. In May 2015, my company, Maryman & Associates, Inc. was
retained to perform a forensic examination
and analysis of the e-Mail account of Mr. Thomas Brady, Jr.:
***********@**********.com
7. On June 3, 2015, under my supervision and direction, one of
my associate Forensic Examiners accessed the
above noted e-Mail account. Its data was subsequently acquired
via an IMAP connection to a server hosted by
Apple, Inc. utilizing Aid4Mail eDiscovery v 3.61. All e-mail
messages and their attachments with a store date (sent
or received date) between September 1, 2014 and March 1, 2015
were preserved to a PST file and stored on a best
evidence drive. The PST contains 5,317 messages. In computing, a
Personal Storage Table (.PST) is an open
proprietary file format used to store copies of messages,
calendar events, and other items.
8. The PST file from the best evidence drive was copied to a
working copy drive. The two files were
compared by a HASH algorithm and noted as identical. The PST
file stored on the working copy drive was
subsequently indexed by Intella v 1.84 and searched for the
requested terms identified in the February 28, 2015 e-
Mail from Douglas Burns to Stephen Dubin regarding the
investigation into ball-related issues at the AFC
Championship Game. When the requested search terms were in a
search term format incompatible with this search
tool, the best possible interpretation was used and exceptions
noted where appropriate.
9. The collection, processing and examination of all evidence
noted above were all performed in accordance
with digital forensics best practices. I have provided all of
the recovered emails within the search parametersplus corresponding
metadatato counsel for Mr. Brady in this matter. These findings,
based upon the Forensic Examiners visual review of all search
results, are presented below in Results.
CONFIDENTIAL NFLPA_BRADY001620
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 2
of 9
-
10. Results:
a. Requested Search Term: k-ball
Term as Searched: k-ball Result: No Results
b. Requested Search Term: kball
Term as Searched: kball
Result: No Results
c. Requested Search Term: gage
Term as Searched: gage
Result: No Results
d. Requested Search Term: air-pump
Term as Searched: air-pump Result: No Results
e. Requested Search Term: airpump
Term as Searched: airpump
Result: No Results
f. Requested Search Term: needle
Term as Searched: needle
Result: 55 files containing one or more instances of the given
search term were discovered. These were
contained in 11 e-mail messages, 42 Excel files, one plain text
document, and one XHTML document. The 11 e-mail
CONFIDENTIAL NFLPA_BRADY001621
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 3
of 9
-
messages and 44 attachments were all communications between Tom
Brady and Josh McDaniels
(**********@*******.com). These files all appear to be related
to the Patriots organization and their game day call
sheets/play sheets.
g. Requested Search Term: pin
Term as Searched: pin
Result: 28 files containing one or more instances of the given
search term were discovered. These were
contained in 11 e-mail messages, 12 Excel files, two plain text
documents, one vCard file, and two XHTML documents.
The 11 e-mail messages include play calling, family discussions,
discussions with friends, e-mail messages relating
to PIN as a Personal Identification Number, and PIN as a
Property Identification Number. The 12 Excel files are all
Patriots call sheets/play sheets. The two plain text documents
and the two XHTML documents are both attachments
of e-mail messages described above. The vCard contains PIN as a
personal identification number.
h. Requested Search Term: PSI
Term as Searched: PSI
Result: 24 files containing one or more instances of the given
search term were discovered. These were
contained in 18 e-mail messages, three plain text documents, and
three XHTML documents.
i. Requested Search Term: pounds per square inch
Term as Searched: pounds per square inch Result: No Results
j. Requested Search Term: 12.5
Term as Searched: 12.5
CONFIDENTIAL NFLPA_BRADY001622
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 4
of 9
-
Result: 12 files containing one or more instances of the given
search term were discovered. These were
contained in seven e-mail messages, three PDF files, one plain
text document, and one XHTML document. The files
include discussions of Tom Bradys shoe size, a description of
working hours in a day, and distance in miles.
k. Requested Search Term: bladder
Term as Searched: bladder
Result: Two files containing one or more instances of the given
search term were discovered. These were
contained in one plain text document and one XHTML document.
Both files refer to the bladder as a component of
the human body.
l. Requested Search Term: McNally
Term as Searched: McNally
Result: No Results
m. Requested Search Term: Bird
Term as Searched: Bird
Result: 11 files containing one or more instances of the given
search term were discovered. These were
contained in seven e-mail messages, two plain text documents,
and two XHTML documents. The files include
references to Early Bird, Blue Bird, and [Larry] Bird.
n. Requested Search Term: 1 pound
Term as Searched: 1 pound Result: One file containing one
instance of the given search term was discovered. This e-mail
referenced
consuming one pound of protein per day.
CONFIDENTIAL NFLPA_BRADY001623
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 5
of 9
-
o. Requested Search Term: 1 lb
Term as Searched: 1 lb Result: No Results
p. Requested Search Term: one pound
Term as Searched: one pound Result: No Results
q. Requested Search Term: one lb
Term as Searched: one lb Result: No Results
r. Requested Search Term: 2 pound
Term as Searched: 2 pound Result: No Results
s. Requested Search Term: 2 lb
Term as Searched: 2 lb Result: No Results
t. Requested Search Term: two pound
Term as Searched: two pound Result: No Results
CONFIDENTIAL NFLPA_BRADY001624
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 6
of 9
-
u. Requested Search Term: two lb
Term as Searched: two lb Result: No Results
v. Requested Search Term: gaug*
Term as Searched: gaug*
Result: Seven files containing one or more instances of the
given search term were discovered. These were
contained in three e-mail messages, two Excel files, one plain
text, and one XHTML document. These files include
references to allowing someone to gauge reactions or interest
and Patriots call sheets/play sheets.
w. Requested Search Term: pump*
Term as Searched: pump*
Result: 94 files containing one or more instances of the given
search term were discovered. These were
contained in 30 e-mail messages, 41 Excel files, one PDF file,
11 plain text, and 11 XHTML documents. These files
include references to pumping water, installing a pump to pump
water, pumpkins, Patriots play calls, muscle pump function, pumped
as a way to express excitement, a heat pump for a house, and prices
at the gasoline pump.
x. Requested Search Term: inflat*
Term as Searched: inflat*
Result: 32 files containing one or more instances of the given
search term were discovered. These were
contained in 22 e-mail messages, three PDF files, two plain text
documents, and two XHTML documents. These files
include references to not over-inflating corporate position
titles, inflategate, personal e-mails, e-mails between Tom Bradys
financial advisor, and economic inflation.
CONFIDENTIAL NFLPA_BRADY001625
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 7
of 9
-
y. Requested Search Term: deflat*
Term as Searched: deflat*
Result: 21 files containing one or more instances of the given
search term were discovered. These were
contained in 17 e-mail messages, one HTML document, and three
PDF files. These files include references to media
reports, economic deflation, e-mails between Tom Bradys
financial advisor, personal e-mails, and media reports.
z. Requested Search Term: (game or kick*) /2 ball
Term as Searched: "(game OR kick*) ball" ~2 [Search for game or
kick* within two words of ball]
Result: 11 files containing one or more instances of the given
search term were discovered. These were
contained in six e-mail messages, three Excel files, one plain
text document, and one XHTML document. These files
include personal e-mails and Patriots call sheets/play
sheets.
aa. Requested Search Term: (prep* or rub*) /10 (ball or
football)
Term as Searched: "(prep* OR rub*) AND (ball OR football)" ~10
[Search for prep* or rub* within 10 words
of ball or football]
Result: Seven files containing one or more instances of the
given search term were discovered. These were
contained in five e-mail messages, one plain text document, and
one XHTML document. These files include personal
e-mails.
bb. Requested Search Term: (investigat* or meet* or discuss* or
question) /10 (championship or Jan. 18 or January 18 or 1/18)
Term as Searched: "(investigat* OR meet* OR discuss* OR
question) AND (championship OR Jan* 18 OR 1/18)" [Search for
investigat*, meet*, discuss*, or question and championship, Jan*
18, or 1/18 to be in the same file]
CONFIDENTIAL NFLPA_BRADY001626
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 8
of 9
-
Result: 29 files containing one or more instances of the first
search term were discovered. These were
contained in 21 e-mail messages, five PDF files, one HTML, one
XHTML, and one plain text documents. These files
include personal e-mails and media reports.
cc. Requested Search Term: investigat* /10 (ball or football or
Indianapolis or Indy or Colts)
Term as Searched: "investigat* AND (ball OR football OR Ind* OR
Colts)" ~10 [Search for investigat*
within 10 words of ball, football, Ind*, or Colts]
Result: Two files containing one or more instances of the given
search term were discovered. These were
contained in two e-mail messages.
dd. Requested Search Term: (equilibrium or equilibrat* or
atmosphere* or climat* or environment* or test* or
experiment) /10 (ball or football)
Term as Searched: "(equilib* OR atmosphere* OR climat* OR
environment* OR test* OR experiment) AND
(ball OR football)" ~10 [Search for equilib*, atmosphere*,
climat*, environment*, test*, or experiment within 10
words of ball or football]
Result: 11 files containing one or more instances of the given
search term were discovered. These were
contained in five e-mail messages, three plain text documents,
and three XHTML documents. These files include
references to Patriots play scheme.
I declare under penalty of perjury under the laws of the State
of California that the foregoing is true and correct.
Executed on June 15, 2015 at Simi Valley, California.
Bradley N. Maryman
CONFIDENTIAL NFLPA_BRADY001627
Case 1:15-cv-05916-RMB-JCF Document 28-21 Filed 08/04/15 Page 9
of 9
