Roger Stone Asks for Evidence Russians Hacked DNC Server

originally posted by: chr0naut

originally posted by: xuenchen
a reply to: chr0naut

The "images" were 2nd and 3rd hand information 😎🐀

Really? Shows how much you know about data forensics.

More than you *think* 🚿

He's an annoying troll for a living but if he gets off on that defense, good. I don't think he should go to prison. He's a victim of the Trump thing. Some folks were too into it and did some things, made asshats out of themselves.

It seemed like he was another offering to the people through MSM to keep the pressure and suspense up on the blockbuster Mueller report. Then the results were expected, everyone grasped for crumbs, and the Democratic House started trolling the President with the newest round of contempt and subpoeanas.

The way things are going lately, a judge will err on the side of STONE, because the FBI's word isn't worth very much in the RUSSIA investigation...and it's about to be worth even less.

a reply to: xuenchen

I love it! It's like when the bank is foreclosing on your buddies house and you tell him, "when you go to court, demand the original mortgage papers with the original signatures" and the bank doesn't have them, because they been bundled in cdc's and other instruments so many times it's like a bad drug deal, all they have is a 10 year old photocopy from a pdf file that came of a microfiche in somebodies basement lol.

Case dismissed! No original evidence, they are SOL :-)

Cheers - Dave

Some of you youngsters will probably not know what in hell this image identifies. It's like todays thumb drives but much less capacity (1.44MB) and much slower but like back in the simple days with this other object called paper that you write on.



For present day we have thumb drives in all shapes & configurations often laced with malware & bleach bitcide. Here catch!



People are going to fry and they know their time is soon to expire.

I wonder if the Trump Administration will give Roger Stone what he is requesting. Bill Barr and Trump are the only ones who can approve the request.

originally posted by: chr0naut

originally posted by: pavil
a reply to: xuenchen

Why was it "not possible" for the FBI to actually have the DNC Server and Hard Drive in its possession to prove an International Event of the scope of Russia directly spying on a Presidential Campaign?

Wouldn't that be something you'd want to prove beyond a shadow of a doubt?

Between that, and the immunity deals they were handing out like condoms at Spring Break, I knew the whole thing smelled to high heaven.

Well, really in-depth security audit forensics takes time. If you switch of the server to pass it from location to location, you can't actually be doing any forensics on it.

The first step in any such forensics is to produce a bit-wise image of all the drives, so that you can re-try things if you accidentally mess with the content. You do this by removing the drives and mounting them in a different machine and then imaging them at a low level (called a bitwise image) this ignores format and partitioning on the drive and copies everything identically at the base level.

The other advantage in removing the drives is that you can read data from the side of the data tracks (in a magnetic rerecording HDD). This works because of a thing called magnetic hysteresis which means that magnetic domains spread out over time through the media and that greater energy is required to erase the data than it took to originally write it. This means that older data is still on the media even though overwritten by later magnetization. In a solid state drive, however, this does not work. To do this side-track reading, you have to modify the drive controller hardware. Standard hardware will not allow this type of operation.

The result is that you get two bitwise images for each drive and it is trivial to determine what data has been recently erased, by simply doing a comparison between them.

Once the original drives are imaged, they can be returned to the original machine, which can either continue to be used or it can be rebuilt. The hardware isn't actually the critical component anymore. The data content is.

Crowdstrike provided the FBI with the same images that it was using to do the forensics. Essentially, the FBI had the server, complete and frozen in time at the time the images were made.

Once you have bitwise images, you no longer require the physical server and it is better to mount copies of those images on another machine entirely. In this way, there are no files on the drive locked by the server operating system - you have full access to everything and don't have to fight for access with any the processes that run the server.

Then you do the forensic audit on the data. Looking both for files, and for formats of data similar to files (even in erased space). Also you have the comparison deltas which tell you which stuff to target first.

Or you can just follow our law and turn over the evidence.
You know the nsa has all this, right?
Remember the name rogers.
Barak obama wanted to fire him but was too late.

originally posted by: shooterbrody

originally posted by: chr0naut

originally posted by: pavil
a reply to: xuenchen

Why was it "not possible" for the FBI to actually have the DNC Server and Hard Drive in its possession to prove an International Event of the scope of Russia directly spying on a Presidential Campaign?

Wouldn't that be something you'd want to prove beyond a shadow of a doubt?

Between that, and the immunity deals they were handing out like condoms at Spring Break, I knew the whole thing smelled to high heaven.

Well, really in-depth security audit forensics takes time. If you switch of the server to pass it from location to location, you can't actually be doing any forensics on it.

The first step in any such forensics is to produce a bit-wise image of all the drives, so that you can re-try things if you accidentally mess with the content. You do this by removing the drives and mounting them in a different machine and then imaging them at a low level (called a bitwise image) this ignores format and partitioning on the drive and copies everything identically at the base level.

The other advantage in removing the drives is that you can read data from the side of the data tracks (in a magnetic rerecording HDD). This works because of a thing called magnetic hysteresis which means that magnetic domains spread out over time through the media and that greater energy is required to erase the data than it took to originally write it. This means that older data is still on the media even though overwritten by later magnetization. In a solid state drive, however, this does not work. To do this side-track reading, you have to modify the drive controller hardware. Standard hardware will not allow this type of operation.

The result is that you get two bitwise images for each drive and it is trivial to determine what data has been recently erased, by simply doing a comparison between them.

Once the original drives are imaged, they can be returned to the original machine, which can either continue to be used or it can be rebuilt. The hardware isn't actually the critical component anymore. The data content is.

Crowdstrike provided the FBI with the same images that it was using to do the forensics. Essentially, the FBI had the server, complete and frozen in time at the time the images were made.

Once you have bitwise images, you no longer require the physical server and it is better to mount copies of those images on another machine entirely. In this way, there are no files on the drive locked by the server operating system - you have full access to everything and don't have to fight for access with any the processes that run the server.

Then you do the forensic audit on the data. Looking both for files, and for formats of data similar to files (even in erased space). Also you have the comparison deltas which tell you which stuff to target first.

Or you can just follow our law and turn over the evidence.
You know the nsa has all this, right?
Remember the name rogers.
Barak obama wanted to fire him but was too late.

The images of the drives are the evidence and were handed over.

originally posted by: chr0naut

The server itself was not given to the FBI because they would have to turn it off and disconnect it to do so. Interrupting the analysis and security remediation.

Do you realize what a ridiculous assertion this is?
Since when has that "in use" ever stopped the FBI of seizing evidence?

originally posted by: chr0naut

The server itself was not given to the FBI because they would have to turn it off and disconnect it to do so. Interrupting the analysis and security remediation.

The DNC turned it off themselves and proceeded to have their special contractors re-create the "images" that the FBI was so happy to get 😀

originally posted by: burntheships

originally posted by: chr0naut

The server itself was not given to the FBI because they would have to turn it off and disconnect it to do so. Interrupting the analysis and security remediation.

Do you realize what a ridiculous assertion this is?
Since when has that "in use" ever stopped the FBI of seizing evidence?

They didn't need house bricks, or clay samples, or window glass, either, that weren't pertinent to their investigations. The FBI had the evidence they needed for the investigation.

originally posted by: xuenchen
a reply to: pavil

Remember WHO was "in power" in 2016 when this all happened ☢

A disgusting racist piece of #e failed president?

Everyone remembers that.

Now there’s an actual President ‘in power’ the fascists are beside themselves with grief. And their more-than-obvious fake hoax ‘investigation’ has failed miserably and totally exonerated the President, in the eyes of the public, all while totally destroying the TINY support base of the dEms

2021 is gonna be a good year

originally posted by: chr0naut

originally posted by: burntheships

originally posted by: chr0naut

The server itself was not given to the FBI because they would have to turn it off and disconnect it to do so. Interrupting the analysis and security remediation.

Do you realize what a ridiculous assertion this is?
Since when has that "in use" ever stopped the FBI of seizing evidence?

They didn't need house bricks, or clay samples, or window glass, either, that weren't pertinent to their investigations. The FBI had the evidence they needed for the investigation.

..... all conveniently under the rigged Obama Adminiztrazion 😎

We know more now than we knew then
-Confucius (circa 500bc) 🉐

Those who "write" History have the key to the Future
-Confucius (circa 499bc) 🉐

"The Secretary will disavow ANY knowledge of Your Actions"

😆

originally posted by: Breakthestreak

originally posted by: xuenchen
a reply to: pavil

Remember WHO was "in power" in 2016 when this all happened ☢

A disgusting racist piece of #e failed president?

Everyone remembers that.

Now there’s an actual President ‘in power’ the fascists are beside themselves with grief. And their more-than-obvious fake hoax ‘investigation’ has failed miserably and totally exonerated the President, in the eyes of the public, all while totally destroying the TINY support base of the dEms

2021 is gonna be a good year

Dude your posts actually make me laugh at this point. Comedy gold. Carry on Carroll O'Connor.

a reply to: chr0naut
The images are inadmissible as evidence in court. Only the servers themselves are evidence. There's a reason the FBI wanted the actual servers instead of whatever junk CrowdStrike gave them. There's also a reason the servers have been destroyed.

a reply to: chr0naut

The other advantage in removing the drives is that you can read data from the side of the data tracks (in a magnetic rerecording HDD).

That only works on the original drive. A bitwise image will not contain any hysteresis information; it is written in a single pass from a digital reading of the original drive. Hysteresis reading is an analog function, not a digital one.

Also, unless specific routines are used (as in BleachBit), an OS does not actually 'erase' data; it simply forgets where it is (deletes the entry in the File Access Table) and reuses the space as needed. Data retained in this way is preserved on a bitwise image.

TheRedneck

a reply to: Grimpachi

Bill Barr and Trump are the only ones who can approve the request.

Actually, that's not true. A Federal judge can also issue an order for the DoJ to turn over any information in their possession, even if that information is classified, in the interest of justice concerning a specific case. If the material is classified, the court is closed while the evidence is considered and all records containing references to it are sealed upon completion of the trial.

That is why the threat to hold Barr in Contempt of Congress was so asinine. All Nadler needed to do was get a Federal judge to order the unredacted report given to Congress, and it could have been done.

TheRedneck

originally posted by: SouthernForkway26
a reply to: chr0naut
The images are inadmissible as evidence in court. Only the servers themselves are evidence. There's a reason the FBI wanted the actual servers instead of whatever junk CrowdStrike gave them. There's also a reason the servers have been destroyed.

Of course the images would be admissible as evidence. Is an e-mail admissible as evidence? A word processing document? A spreadsheet? An electronic ledger?

Do you think that looking at a server in court room can reveal what they contain? A fairly average server drive can easily store millions of files. If you could read the contents of every file in 30 seconds, just looking at a million files would take 30 million seconds, which equals roughly 1 year.

Of course, that is only looking at the files you can see, reading deleted files and hidden files requires more than your average court room clerk has experience in.

The fact that you think that having a server in the courtroom is some sort of evidence for the electronic transactions it has performed shows you don't have much understanding of the technology.

... and have the servers been destroyed? I doubt it.

I'm 100% sure that archival copies of all the drive images are kept on file at the FBI, at CroudStrike, at the NSA and at Homeland. It's also possible that the DOJ has copies, too. The server's relevant data is definitely NOT destroyed but the media it is recorded on (i.e: the physical server) is totally irrelevant (perhaps they are going to dust the e-mails for fingerprints?).

LOL

originally posted by: TheRedneck
a reply to: chr0naut

The other advantage in removing the drives is that you can read data from the side of the data tracks (in a magnetic rerecording HDD).

That only works on the original drive. A bitwise image will not contain any hysteresis information; it is written in a single pass from a digital reading of the original drive. Hysteresis reading is an analog function, not a digital one.

Also, unless specific routines are used (as in BleachBit), an OS does not actually 'erase' data; it simply forgets where it is (deletes the entry in the File Access Table) and reuses the space as needed. Data retained in this way is preserved on a bitwise image.

TheRedneck

Hysteresis reading requires that you remove the digital control board from the drive and replace it with a far more complicated and analogue set up where a bias voltage/timing can offset the magnetostrictive head position, allowing it to read each track off center. Once you have the data from several passes, it can be converted to a digital bitwise image and compared against the original image produced with the normal controller. At that stage, you can put the old controller back on the drive and the drive back into the server as it is no longer needed for data forensics

There is no way to read hysteresis data with a normal HDD control board. You have to remove the drive from the server, take the drive board off and connect up the forensic control circuitry, with an appropriate control template compatible with the drive physical format and track/sector scheme.

Bleach Bit cannot erase any hysteresis traces as it uses the original HDD control board. Bleach Bit is also unable to erase locked files such as the mail store's .edb files. Bleach Bit is only useful for overwriting the deleted .pst exports from the Outlook e-mail client.

Exporting mail messages from the mail store or 'trashing' them in the client, does not actually remove them from the mail store where they remain but are marked as deleted.

As any admin of Exchange will tell you, mail stores can only ever grow. Even when you defragment the mail store, it only reduces null space, it doesn't delete any content. It is the bane of our lives.

a reply to: neo96

Two different computers two different times in history two different stories.

OMG


Never give up dude.... never give up

Your pat answers have to fit in somewhere right?