It’s the ideal, but it doesn’t appear to be the standard approach in these cases due to how disruptive seizing all the hardware is.
I actually don’t know how often they even make it to court, especially when dealing with foreign hackers. The most important element is protecting against future incidents in those cases.
Nonsense. The original drive can be altered just as easily as the image.
Do you disagree?
But he is charging people. And according to the DNC, all the hardware was trashed anyway, which is their explanation for why it isn’t available. So how would preserving it have been more disruptive than decommissioning and dismantling it? Drives can be copied and swapped fairly quickly. They copied them once right? They were one copy away from retaining the original and replacing it with a copy.
No, that’s the entire purpose of hashing, to ensure the original matches the copy at the time the copy was made.
On further reading it look like it may be because the information isn’t contained on the server hard-drive, modern malware is often stored in the RAM.
That’s why they have to image the servers ASAP, because once they’re unplugged the information is gone.
Could be wrong there, as this stuff is going beyond my bare knowledge levels 
.
All the hash proves is that they’re identical.
It doesn’t prove the original was unaltered.
Yes.
And it appears that these investigations very rarely actually take possession of the hardware, the image is more useful.
Close your Wiki brother. 
No worries was still editing 
The idea that the image can be manipulated to provide false evidence but not the “original” is pretty silly.
Ah…right on. I’m glad we have editing capabilities back, but we need to look out for each other on this one. 
I’d imagine there’s actually a higher risk of corruption / failures with the hardware it self as well.
And yet the hardware the server is running on may change any time the server is shutdown and restarted, at least in the AWS platform. So while there is silicon under all these virtual servers, it is most often shared tenancy and can be different over the life of the virtual server.
So the dumb ■■■■ Trumpist bleating for “turning over the server” makes no ■■■■■■■ sense.
When this Administration has been fully disrupted by the MSM, the political establishment and all of the lib sheeple yelling at the sky in protest of Russian collusion, there is NO OTHER CHOICE BUT THE IDEAL. So where is the original hardware?
It proves it hasn’t been altered since the time the copy was made.
But not that the original is unaltered. Which is just as easy as altering a copy, if not easier.
It doesn’t appear to be the norm to seize the original hardware in these cases. Or do you disagree?
I know. You said that already. I agree.
How does that help the case?
I’m dedicating my book to him.
Considering that the DNC servers were virtual, that would also imply that the servers “hard drive” was virtual. In the Amazon cloud this is called Elastic Block Storage and it is what provides non-ephemeral data storage. To get the physical device may lead to many physical devices, with data from many unrelated parties. I don’t ever see that happening.
Instead you create an Amazon Machine Image, which is a snapshot of the state of the machine at that moment in time and can be used to create a single tenancy server for forensic analysis.
I don’t expect Smyrna to give a single ■■■■ about this as it blows his whole conspiracy theory out of the water.
Wait, the DNC was using AWS and not bare metal and these peeps are screaming “WHERE’S THE SERVER?!”
There aren’t enough faces to palm.
