Under the Brady Rule, the government is obligated to disclose evidence favorable to the defendant. To that end, Ross’ attorneys have requested the following items. They also request all outstanding discovery that was previously requested the week of Sept. 8 and still have not received:

  1. the MD5 hash value of the device mapper for the partition sda4_crypt as well as

the MD5 hash of the RAW (.dd) image of the partition, both of which should have

been generated, when the following command was issued (according to the bash

history attributable to the FBI): 2175 date ; md5sum /dev/mapper/sda4_crypt >

/media/sv_13_0210/evidence/l1c1_sda4_crypt/sd4_md5.txt ; date ; md5sum

/media/sv_13_0210/evidence/l1c1_sda4_crypt/sda4_crypt.dd >


  1. any and all logs of communications between the front-end and back-end Silk

Road Servers;

  1. any and all traffic and communication logs for the Icelandic server assigned IP


  1. exact dates and times of access and/or attempted access to the Silk Road servers

by former SA Tarbell and/or CY-2;

  1. the name of the software that was used to capture packet data sent to the FBI from

the Silk Road servers;

  1. a list of the “miscellaneous entries” entered into the username, password, and

CAPTCHA fields on the Silk Road login page, referenced in the SA Tarbell’s

Declaration, at ¶ 7;

  1. any logs of the activities performed by SA Tarbell and/or CY-2, referenced in ¶ 7

of SA Tarbell’s Declaration;

  1. logs of any server error messages produced by the “miscellaneous entries”

referenced in SA Tarbell’s Declaration;

  1. any and all valid login credentials used to enter the Silk Road site;
  2. any and all invalid username, password, and/or CAPTCHA entries entered on the

Silk Road log in page;

  1. any packet logs recorded during the course of the Silk Road investigation,

including but not limited to packet logs showing packet headers which contain the

IP address of the leaked Silk Road Server IP address [];

  1. any server configuration files from the time period referenced in the Tarbell

Declaration, at ¶ 7, including in particular, NGINX vhost configuration files

obtained from the Silk Road Server in early June 2013;

  1. any and all data obtained from pen registers judicially authorized in this case;
  2. information and documentation regarding how the IP address ( of

the initial Silk Road Server was obtained;

  1. any and all correspondence between the Reykjavik Metropolitan Police and the

United States government (as described in fn. 1);

  1. a copy of the August 27, 2013, First Supplemental Request issued by U.S.

Authorities to Icelandic Authorities;

  1. the September image of the server, referenced in item #9 of the

government’s March 21, 2014, discovery letter; and

  1. in regard to the several .tar compressed archives (all.tar; home.tar; and

orange21.tar) produced as part of item #1 of the government’s March 21, 2014,

discovery letter, please

(a) identify when these .tar archives were created;

(b) list the commands that were issued to create them;

(c) state whether any cryptographic hash values were generated for the .tar

archives at the time they were created ;

(d) provide any such cryptographic hash values generated at the time of the

creation of the .tar archives;

(e) specify whether each of these directories was from the server;


(f) if any of the directories were not on the server, identify where

they were located.