FAYETTEVILLE — Prosecutors in Josh Duggar’s child pornography trial brought in two computer forensics experts Thursday afternoon and attempted to put Duggar “behind the screen” of a computer they say was used to download the material by showing jurors a single document, an out of place receipt.
Duggar, 33, of Springdale, is charged in federal court with two counts involving receiving and possessing child pornography. He faces up to 20 years of imprisonment and fines up to $250,000 on each count if convicted.
Duggar, best known for being part of his family’s cable television reality show, is accused of using the internet in May 2019 to download and possess the material, some of which depicts the sexual abuse of children younger than 12, according to court documents.
Computer analysts said a partition and a Linux operating system were installed on the computer at Duggar’s used car lot at 1:52 p.m. on May 13, 2019, and a browser capable of encryption was installed shortly after 2 p.m. that day. Child pornography was downloaded to the computer during the following days of May 14 and May 15, 2019, using that operating system and browser.
Prosecutors are arguing Duggar installed the partition and Linux operating system to avoid an accountability application that had been installed on the computer that would report to his wife about inappropriate internet activity, such as searching for pornography.
Along with child pornography found on the Linux side of the computer at Wholesale Motor Cars, one document file was also found — a receipt for a car payment from the dealership, prosecutors said. They showed the receipt on a large screen in the courtroom. At the bottom, the receipt said the sales agent for the transaction was “Josh.” The receipt was dated June 22, 2019, at 12:18 p.m.
The child porn was downloaded on Duggar’s computer around 5 or 6 p.m. May 14 and around noon May 15, according to James Fottrell, who heads up a computer crime forensic analysis unit at Homeland Security Investigations in Washington, D.C. Someone actively viewed the files as well, he said.
Fottrell said someone had to physically be at the dealership to initially install the partition and Linux operating system on the computer as well as to switch from the Windows side of the partition, which came with the computer and was used for business, to the Linux side, where the child porn was downloaded.
Fottrell said the two operating systems could not be used at the same time and Windows, the business side, would come up automatically when the computer was turned on. He said the Linux operating system is often used by people to access parts of the internet where illegal activity, including child pornography, can be found. The operating system installed uses three-layer encryption and the purpose is often to be anonymous and hide where the user is located, he said.
Lawyers for Duggar told jurors earlier that someone other than Duggar either downloaded or placed the child pornography on the computer, possibly even doing it remotely.
Fottrell said a popular application was used to download child porn files from a peer-to-peer file sharing network, but that too had to be installed by the user of the computer. A video player app and bookmarks were also added by a user.
Computer-generated logs of pop-up advertising indicated the Linux side of the system was being used during the same time the child porn was being downloaded, Fottrell said. There were also automatically generated logs listing the various child porn downloads and for the viewing of files and videos, he said.
Fottrell confirmed the children in the photos and videos were minors engaged in sexually explicit behavior, and jurors were shown short excerpts.
No child porn was found on Duggar’s iPhone or laptop, analysts said.