It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

FBI never looked at the server REDUX

page: 4
51
<< 1  2  3    5  6  7 >>

log in

join
share:

posted on Aug, 30 2018 @ 11:05 AM
link   
a reply to: whargoul
Fact:

A copy of a drive isn´t a complete copy of the data that is stored in a way or another on it. This is more true for magnetic storage devices than flash based.

You do not need to educate me on how filesystems work, it´s quiet obvious you´re the one that needs more education in that field.

Depending on the way you "copy" a drive, there will be either just the data present that the filesystem knows it has allocated or in the case of magnetic drives, you´d need much more precise hardware to read out ALL the partly overwritten lines of 1s and 0s that the allocation table(s) do not know.

Because with magnetic drives, the arm won´t return to the exact same position everytime. That´s why data recovery is possible with high precision hardware with way less tolerances. This way you can read out halfway overwritten stuff that DEFINITLY won´t show up when you just copy the drive via normal filesystem functions.

I hope I could educate you a bit on that.




posted on Aug, 30 2018 @ 11:07 AM
link   

originally posted by: Sahasrara
a reply to: introvert

No, as always, you are assuming that the people doing this copying and providing were being honest. It seems to always be the assumption from people defending these guys that they were operating according to law. It seems clear to me that these people are/were not operating according to the law, and so your premise, in my mind, is false. At this point I think it is naive to assume that these people were being lawful, and so, I think it's naive to trust that the DNC/Crowdstrike actually provided a complete copy of the server.

IMO


Veracity is built into the process. We don't have to assume people are honest, trust but verify.



posted on Aug, 30 2018 @ 11:08 AM
link   

originally posted by: whargoul

originally posted by: CriticalStinker
a reply to: whargoul

Assuming that the deleted files were not overwritten by new data, which is possible for a server considering the amount of traffic that goes through it day in and day out. Depending on when the breach was detected and when the investigation begins it is a possibility.

That said, I realize you are addressing if they purposefully deleted files right before handing a copy to the FBI, which would be improbable but not impossible. Though to your point, they would likely see evidence of that.


Which is EXACTLY why the FBI didn't need the physical servers and Crowdstrike's images were the best data.


Most likely, if we are humoring the idea Crowdstrike tried to hide something, I doubt they would be able to pull it off undetected by the FBI. But it could help to look at the physical server to see how information is going in and out on the angle of the intruder.

Depending on how sophisticated the hackers were though, the copy of the server may not have been enough for the investigation. That said, they very well may have gotten data from other systems and just didn't release those aspects of the investigation to the public.


edit on 30-8-2018 by CriticalStinker because: (no reason given)



posted on Aug, 30 2018 @ 11:16 AM
link   
a reply to: whargoul

and it seems we've been shown the process is kind of broken, right? (assuming you're referring to the evidence gathering process). From what we've been learning/seeing - I think it's really naive to trust anyone in this mess... So, don't trust, and verify - but instead, people have trusted and not verified - it seems intentionally...



posted on Aug, 30 2018 @ 11:19 AM
link   

originally posted by: verschickter
a reply to: whargoul
Fact:

A copy of a drive isn´t a complete copy of the data that is stored in a way or another on it. This is more true for magnetic storage devices than flash based.

You do not need to educate me on how filesystems work, it´s quiet obvious you´re the one that needs more education in that field.

Depending on the way you "copy" a drive, there will be either just the data present that the filesystem knows it has allocated or in the case of magnetic drives, you´d need much more precise hardware to read out ALL the partly overwritten lines of 1s and 0s that the allocation table(s) do not know.

Because with magnetic drives, the arm won´t return to the exact same position everytime. That´s why data recovery is possible with high precision hardware with way less tolerances. This way you can read out halfway overwritten stuff that DEFINITLY won´t show up when you just copy the drive via normal filesystem functions.

I hope I could educate you a bit on that.



I already addressed that in my first post, but maybe I didn't spell it out enough. You don't do a file copy in digital forensics, you do a bit copy. You copy all the bits on the drive (flash or platter), you get the slack space, you get those parts you are saying are only available on magnetic media.

What you are claiming is just untrue.



posted on Aug, 30 2018 @ 11:20 AM
link   
a reply to: whargoul

Imagine you write stuff on a sheet of paper with removeable ink on a typewriter. The paper is your harddrive.

Now let´s say you wrote 5 pages on that single sheet of paper. Each time you reset the paper you wrote on to the top, you erase all the written ink letters so you have a "clean" sheet of paper.

Now you copy the sheet of paper with a scanner/copy machine and send it away.

Your original paper will still hold the imprints from all the other times you wrote. The copy will not.



posted on Aug, 30 2018 @ 11:23 AM
link   
a reply to: whargoul




you get the slack space, you get those parts you are saying are only available on magnetic media.


No you don´t, even if you do a bit to bit copy with a magnetic drive, you won´t get all the data. Because you need algorithms to concern the good (=newer) bits from the old bits.

If they did what you think is done, you would get like 2-? times more bits out of a single bit "placeholder".
That would translate to 2-? Terrabytes for 1 Terrabyte of bits. 8bits = 1 byte



posted on Aug, 30 2018 @ 11:23 AM
link   

originally posted by: Sahasrara
a reply to: whargoul

and it seems we've been shown the process is kind of broken, right? (assuming you're referring to the evidence gathering process). From what we've been learning/seeing - I think it's really naive to trust anyone in this mess... So, don't trust, and verify - but instead, people have trusted and not verified - it seems intentionally...



Ok, there is no arguing that point. I can't tell anyone how truthful the FBI is.

But, I am not arguing for the DNC or for the FBI, I am arguing that the process is being misrepresented. This is how it works, and this is the tale we are being told. Do you have any evidence that the FBI has lied about the data?



posted on Aug, 30 2018 @ 11:26 AM
link   

originally posted by: CriticalStinker
a reply to: YouSir

My point wasn't to discredit or question OP. He did raise some very good points, and I hope to get the definitive answers too.

What I was trying to say is that we can throw any wish of correcting any of these issues so long as both sides keep throwing their spin on the issues.

Foreign spying/espionage has always been a problem, it's just recently we've met measurable resistance (to my knowledge) on addressing them.

Edit: My mission here isn't to argue, as we don't have all the information and facts for me to be able to do so anyways. But I think the most efficient way of addressing issues is by identifying the root cause(s). I don't see our nation truly "fixing" anything until we get the partisan circus out of the conversation.



Ummm...I agree with everything you just stated...I'm not trying to rub your nose in anything...I respect you and your opinion too much for that...

I just think these questions are too important in and of themselves and was only trying to maintain focus on them without side tracking...

Thank you for the clarification...





YouSir



posted on Aug, 30 2018 @ 11:28 AM
link   
a reply to: verschickter
Short description:

The data on magnetic disks is written in a spiral, but that spiral does not take the same course everytime. There are small differences in the single positions.

If you do a single bit readout from that spiral you´ll get one spiral worth of data.
But there are more, older and weaker bits to be read out.

If your overwrite a drive 3 times with different data, you´ll at least be able to read out 2 different spirals.

That means, you´d get different versions with the precision methods that are used in recovery labs. I know, because we had our own little lab at work to recover company harddrives with extremely sensitive (for the company) data on it.

I´m not talking about unknown bits that the allocation table does not know, I´m talking about the physical properties of a magnetic disc!

HUGE DIFFERENCE.
edit on 30-8-2018 by verschickter because: (no reason given)



posted on Aug, 30 2018 @ 11:28 AM
link   
a reply to: YouSir




posted on Aug, 30 2018 @ 11:33 AM
link   

originally posted by: verschickter
a reply to: whargoul




you get the slack space, you get those parts you are saying are only available on magnetic media.


No you don´t, even if you do a bit to bit copy with a magnetic drive, you won´t get all the data. Because you need algorithms to concern the good (=newer) bits from the old bits.

If they did what you think is done, you would get like 2-? times more bits out of a single bit "placeholder".
That would translate to 2-? Terrabytes for 1 Terrabyte of bits. 8bits = 1 byte


Dude, you are fake news yo. 2 TB of data would be 16 tb of data and they are the same thing. Your flash drives and your hard drives are made of bits, not bytes. Data is stored in bits and files are presented as bytes, but again bit by bit gets all the data. Data CAN be overwritten in standard usage (as you move your mouse across the screen you are erasing volatile slack data), that just goes back to whoever gets there first gets the best data.

I understand how data destruction works and forensic cleaning doing 7x pass to overwrite all the little pieces of the bit that missed its mark, but that is not what we are talking about here. And guess what, if they had done that to ANY data, it would totally show up on the image.



posted on Aug, 30 2018 @ 11:37 AM
link   

originally posted by: whargoul

originally posted by: Sahasrara
a reply to: introvert

No, as always, you are assuming that the people doing this copying and providing were being honest. It seems to always be the assumption from people defending these guys that they were operating according to law. It seems clear to me that these people are/were not operating according to the law, and so your premise, in my mind, is false. At this point I think it is naive to assume that these people were being lawful, and so, I think it's naive to trust that the DNC/Crowdstrike actually provided a complete copy of the server.

IMO


Veracity is built into the process. We don't have to assume people are honest, trust but verify.


How can you verify a copy is complete without having access to the original?

Two points on this I addressed in the OP.

1. James comey states that the FBI prefers to have access to the physical server themselves.

If what you are saying is true, why would that be the FBI preference? They would never need to physically see the server and make a copy themselves, because any person who digital records were being investigated could just use their own firm to do that copying for them.

2. If the copy is an absolute exact replica of the original server, then why would the DNC not leave the FBI look at the server when requested?



posted on Aug, 30 2018 @ 11:39 AM
link   
a reply to: whargoul

"dude"...."yo"

You just don´t want to understand.



doing 7x pass to overwrite all the little pieces of the bit that missed its mark, but that is not what we are talking about here. And guess what, if they had done that to ANY data, it would totally show up on the image.


You´re talking about an "image" is just showing you don´t know the difference between recovery via software (=using the filesystems underlying functions to handle those bits) and recovery via hardware (= using high precision actuator arms to read out what is there, side by side on a track).

Of course the data is stored bit by bit, please quote me where I wrote it isn´t.

And you´re example "2TB = 16TB" is just nonsense and shows you do not understand what I´m trying to tell you.

Edit: I give up, I think you´re too dense to get the point. Or you already made up your mind "dude knows nthing yo" and stay with that because you like to argue.


edit on 30-8-2018 by verschickter because: (no reason given)



posted on Aug, 30 2018 @ 11:43 AM
link   

originally posted by: NiNjABackflip
a reply to: six67seven

Not only that, but some commentators have said this was the worst attack since 9/11 but say nothing about the FBI not being allowed to examine the crime scene.

They got pictures. They swear that's as good as the real thing.

Next year I'm mailing the IRS a picture of a check



posted on Aug, 30 2018 @ 11:45 AM
link   

originally posted by: verschickter
a reply to: verschickter
Short description:

The data on magnetic disks is written in a spiral, but that spiral does not take the same course everytime. There are small differences in the single positions.

If you do a single bit readout from that spiral you´ll get one spiral worth of data.
But there are more, older and weaker bits to be read out.

If your overwrite a drive 3 times with different data, you´ll at least be able to read out 2 different spirals.

That means, you´d get different versions with the precision methods that are used in recovery labs. I know, because we had our own little lab at work to recover company harddrives with extremely sensitive (for the company) data on it.

I´m not talking about unknown bits that the allocation table does not know, I´m talking about the physical properties of a magnetic disc!

HUGE DIFFERENCE.


Alright, you are either lieing or you do not know what you are talking about. Platters are definitively NOT written in a spiral. Bits are written in cylinders and slices. This lessens the search time of the read arm. Response times would skyrocket if the read arm had to search around in a spiral like it was a record player.

For the rest of you following along he keeps stating the read data from precision machines recovering overwritten data.The actual magnetic bit can drift microscopically around its center and data recovery of overwritten data is real. The multiple writes to obfuscate this would stick out like a neon sign in digital forensics though! There is no way in heck the company he works for had this in any kind of digital recovery lab they had in house.



posted on Aug, 30 2018 @ 11:48 AM
link   
a reply to: whargoul


verschickter:
Imagine you write stuff on a sheet of paper with removeable ink on a typewriter. The paper is your harddrive. Now let´s say you wrote 5 pages on that single sheet of paper. Each time you reset the paper you wrote on to the top, you erase all the written ink letters so you have a "clean" sheet of paper. Now you copy the sheet of paper with a scanner/copy machine and send it away. Your original paper will still hold the imprints from all the other times you wrote. The copy will not.


What crowdstrike did was SCAN THE PAPER and that´s BY FAR not what´s really recoverable on the disk. The FBI should have got the original, not a cheap photocopy. Try to understand that.



posted on Aug, 30 2018 @ 11:51 AM
link   
a reply to: whargoul




There is no way in heck the company he works for had this in any kind of digital recovery lab they had in house.

"yo".
I challenge you to read up on me, what projects I did (hint=avatar) and where I worked, then come back to me and say that again.



posted on Aug, 30 2018 @ 11:52 AM
link   

originally posted by: whargoul

originally posted by: Martin75

originally posted by: introvert

originally posted by: Martin75
a reply to: introvert

No, I'm talking forensic. Which is what the FBI should be doing.


Then your example is ridiculous.

All of the info the FBI would need is in those copies they were provided.

Because every time you copy a file it copies? Perfectly, every time. If everything else is perfect. There isn't some other code to do something else with it? You know how this works....
Come on now.


Yes. Every time. It's a digital copy, not a file transfer, bit by bit, with a checksum at the end to prove the veracity. This is how digital forensics works. Nobody would turn over their physical devices, that's not how the world works now, nobody can do without their server farm for any amount of time. Crowdstrike got there first, their data was then the truest data, why would the FBI want degraded evidence? Why would you want the FBI to have degraded evidence?

Do you think Crowdstrike manipulated the data somehow? Because any manipulation would be apparent in the data. You can't just erase data, there would be a pattern in slack space. You can't erase data and change the signature in slack space without leaving artifacts that would show that that happened. And, there is no way in the world you could manipulate the checksum to deliver faked data.

Lastly, do you think Cohen knows how this works? Is he a digital forensics tech? Have you never had a boss talk out of his @$$ with assumptions? If digital forensics were not a thing, I am sure the FBI would have had those servers if they wanted them.

OK

Do you really think I sent them my ENTIRE data center? I sent them one infected physical device.

Next: Do you people think Hillary had a data center? She had a server. Most likely the server was the size of the desktop computer you got back in the 90s in the "cow box".
I have some servers that are small enough to fit on my visor and some that I can't lift with my server lifts.



posted on Aug, 30 2018 @ 11:53 AM
link   

originally posted by: Grambler

How can you verify a copy is complete without having access to the original?



"Damnit Watson. Stop asking sensible questions !!"




top topics



 
51
<< 1  2  3    5  6  7 >>

log in

join