You’ve got an IT background don’t you? Have you followed the whole DNC server story?
Not as closely as you have. I’ve read some of the links that you guys post and ‘wiki walked’ around the sites they’re on and sites they link to.
I do have trust issues, though.
ETA: As it pertains to the physical vs. virtual servers. Those virtual servers, as you well know, don’t just hover out there in the ether. They’re on a physical server, so when someone says “they’re virtural” as if that should be the end of it, my brain goes …
Really? Who at the FBI…Peter Strzok? At the time we’re discussing, who was the lead investigator?
Yeah I think the DNC guys made clear that they couldn’t surrender their entire server infrastructure in the middle of an ongoing election.
I’m not sure confiscating the cloud servers once the election was over would have served any purpose but… shrug.
It does appear to be in line with standard DOJ practice to boot when dealing with a co-operative source:
"It’s also consistent with the Department of Justice’s electronic evidence manual, which recommends capturing images when practical even when the FBI is executing a search warrant against a uncooperative suspect. When the computers belong to a cooperating victim, seizing the machines is pretty much out of the question, said James Harris, a former FBI cybercrime agent who worked on a 2009 breach at Google that’s been linked to the Chinese government.
“In most cases you don’t even ask, you just assume you’re going to make forensic copies,” said Harris, now vice president of engineering at PFP Cyber. “For example when the Google breach happened back in 2009, agents were sent out with express instructions that you image what they allow you to image, because they’re the victim, you don’t have a search warrant, and you don’t want to disrupt their business.”
I don’t know who led the DNC server investigation.
Sounds like you’re ready to dismiss whatever findings they came to if you don’t agree with them though, doesn’t it.
It sounds like you’ve already swallowed what I’m not prepared to at this time, doesn’t it?
I’m not sure you know whats in yer mouth yet mate .
Agreed. Therefore…I’m not swallowing it…mate.
While admirable Mole, you have to realize you’re providing facts and evidence and logic to someone who freely admits they are a full-fledged conspiracy theorist. He will never allow the truth to obscure his preconceived conclusions of some massive conspiracy. Just saying…
We know nothing of the sort.
Might find out if the Russians start showing up for court.
Watching the spin on this is fascinating.
It’s like the left knows it can antagonize Putin, but would never dare do the same to the radical jihadists.
Wish the focus was on ending the bloodshed in Syria, instead of the Clinton election loss.
Oh absolutely make copies and work on the copies, that’s a given. I’m still not comfortable that access to the physical device(s) were denied and it seems as if the denial was shrugged off as seems to be the practice since forever.
Off to make a $.
Have a good day/evening.
Yeah it does make sense given that they’re the victims though. As to the cloud servers, i’m not sure the DNC would even own them would they? I assume they wouldn’t be on-site either.
Seems like they were happy to give crowdstrike they access they wanted to assess the situation, and both crowdstrike and the DNC were happy to share what information had been gathered with the FBI. Not sure there’s much more there there.
Toodle pip, and you have a good day too.
I dunno, if you’re buying that the hacking was too fast to have been from overseas in a world where drones in Afghanistan have been being flown by operators in Virginia for fifteen years, it’s hard to take seriously.
Well that explains everything…thanks.
So, where are the original drives? Isn’t normal practice to retain the original drive but not perform any forensics on it beyond copying it? How do you “demonstrate that they have not altered the evidence whatsoever by presenting cryptographic hash values, digital time stamps, legal procedures followed, etc.” without retaining the original? If what the hashtags refer to is gone, of what value are they? The value of hashing, is that the copies hash matches the original.
Nah, not when it’s a co-operating witness / victim.
Remember the DNC wasn’t being investigated or suspected of falsifying information. I believe the FBI came in as part of a counter-intel investigation, so there wouldn’t be any reason to suspect that the DNC or rather Crowdstrike falsified anything.
And given that seizing all the servers of a political org like the DNC would be catastrophic for them during the middle of an election, the DOJ isn’t going to do that unless they’re a suspect.
As for after the election, I would assume too much time would have passed for the servers to retain any relevant information, or be the pristine thing they could have been if seized immediately. The images would be a far better source at that point.
So what? If they did retain the original drives and compare the images to them and find they’re identical, what have you gained or proven?
That the evidence hadn’t been altered, which the defense of anyone prosecuted is sure to allege.
I believe the credibility of the cyber-security firm and their security practices come into play at that point.
Since it seems to be standard practice to only image the hardware in these cases, i’m assuming that works in court.
Again, the hashes are useless without an original to compare them to, you brought them up.