Posted on 01/22/2018 4:43:36 PM PST by markomalley
Computer forensics experts are questioning the supposed loss of five months of text messages between two FBI officials who privately disparaged President Trump before helping investigate his campaign’s possible links to Russia.
Some experts say the messages, sent during a turbulent period between Dec. 14, 2016, to May 17, 2017, may not be gone forever.
The missing messages between Peter Strzok, a senior FBI official, and alleged mistress Lisa Page immediately precede special counsel Robert Mueller’s May 17 appointment to investigate Russia's role in the 2016 election. Strzok was taken off Mueller’s team in August after discovery of his messages with Page, who previously left Mueller’s team.
“The loss of these text messages is an unbelievable coincidence – literally,” a House Intelligence Committee source told the Washington Examiner.
A one-paragraph official explanation offers little clarity on what happened, and the FBI declined to comment on the physical whereabouts of the couple's government-issued Samsung Galaxy S5 devices or whether additional forensic recovery steps are being taken.
Some experts say, however, that it may be possible to recover the missing communications.
“A sharp digital forensic expert may still be able to recover them,” said Andrew Ziem, creator of BleachBit, the software that Hillary Clinton subordinates used to clear information from her private server. “In general whenever any software deletes any information, traces are left on the storage device, though they become disorganized like the proverbial needle in the haystack.”
Ziem said that “success requires physical access to at least one of the unlocked devices, and it depends whether the messages were accidentally or intentionally erased, as well as other factors. As the device is used over time, the chances of accidental overwriting become more likely, and because so much time has passed since the critical period in the Strzok-Page case, success is not likely. On the other hand, individual text messages are small, so maybe a few survived.”
Investigators “may be able to recover deleted text messages from the cellphones used by the parties,” agreed Dennis Williams, a partner at Pathway Forensics LLC who worked three decades with the FBI, including as director of the Greater Houston Regional Computer Forensics Laboratory.
Don Vilfer, a former supervisory special agent at the FBI who leads the computer forensics division at VAND Group LLC, said “we often find the messages in other locations such as on a local computer drive as a backup or on cloud storage.”
“If the users were using the Google cloud as a backup, messages could be found there. If the phone had been synced with the FBI desktop computer, or even a home computer, the messages could also be located on those devices. If the old phones are available, forensic exams of those phones could also recover the messages,” Vilfer said. “The particular FBI employees of interest in this case had texted that they would be using an alternative messaging system, iMessage. This is on the Apple platform and would come with similar sources of possible backups—iCloud, their personal iPhone or Macs etc. I suspect that is where some real meat might be as it relates to their discussions.”
Vilfer said “having worked in the FBI, I know it is like any other organization where things don’t always get done the way they are supposed to, but people are not above trying to hide information either. I would want to know how this upgrade took place and what processes were followed or in what instances not followed.”
Strzok and Page denounced Trump during 2016. Some messages have been released, including Strzok calling Trump an “utter idiot” and discussing an “insurance policy” related to the election. In addition to his role investigating Trump, Strzok reportedly took a lead role investigating Clinton’s use of a private email server, softening language in a statement that found Clinton mishandled classified information but should not be prosecuted.
Trump has cited the exchanges as evidence of bias against him, but some Democrats argue the couple has a right to private political viewpoints.
The missing text messages were revealed by Sen. Ron Johnson, R-Wis., who excerpted a Jan. 19 message from Stephen Boyd, assistant attorney general for legislative affairs, in which Boyd told Johnson about the issue.
“[M]any FBI-provided Samsung 5 mobile devices did not capture or store text messages due to misconfiguration issues related to rollouts, provisioning, and software upgrades the conflicted with the FBI’s collection capabilities,” Boyd wrote to Johnson, as quoted by the senator in a response letter. “The result was that data that should have been automatically collected and retained for long-term storage and retrieval was not collected.”
Experts cautioned that very little has been made public about the issues the FBI reportedly had recovering the messages, but point out that very short retention periods by cellphone carriers makes it unlikely that service providers would have the communications.
Among the top recommendations are finding the actual devices and ensuring that their full contents are analyzed, as well as searching for copies backed up elsewhere. Some experts say the missing messages may be lurking in plain sight.
Matthew Green, a computer science professor at Johns Hopkins University, said it’s possible the messages could be in an overlooked database file, even if there was a backup configuration issue.
“These messages are usually stored in a ‘lightweight’ database on the phone. That database sometimes keeps all of its data in a single file on the phone’s drive,” he said. “Sometimes bad database implementations can hold onto deleted records just because it’s hard to reorganize the whole file. But overall it’s pretty unlikely.”
Trent Leavitt, a Utah-based expert whose firm Decipher Forensics recently was absorbed into EideBailly, noted that the FBI uses forensic technology from the company Cellebrite, which he said offers the industry standard for governments and companies that preserve phone records.
Leavitt said FBI analysts may have selected the less-comprehensive Cellebrite “logical” download option, which includes viewable information on the phone, rather than a more advanced “file system capture” option that also includes deleted pieces of information.
“With most Samsung devices you can get back deleted text messages, but it’s always iffy because of something called trim command,” Leavitt added. Trim command, debuting on Androids around 2012, improves phone operations by rapidly writing over deleted data, shrinking deleted text recovery times from longer than 2 years to potentially very short windows if phones are in active use.
“Because of the model of the phone, getting back those messages is slim. Not impossible, but slim,” Leavitt said. “The best thing they would hope for is actually finding the device itself,” he said.
Jim Jones, a digital forensics expert at George Mason University, believes finding backed up messages may be the most likely route to recovery, perhaps on a personal computer, or by a more comprehensive review of the devices.
“As soon as they knew these two individuals were of interest, I would expect they would have ‘imaged’ the phones,” Jones said. But he added, “there may be some legal or procedural or policy reason why they wouldn’t.”
“If the individuals made backups of their phones locally, they could be sitting on one of their home computers,” he added. “Even if those backups got deleted, the data doesn’t go away immediately… it really depends on how carefully they deleted those files.”
Jones said that “the phones, if they were confiscated soon enough” also may have the texts. "If the phone is turned off, there’s not danger” of the data being automatically deleted, he said.
Johnson, the senator who revealed the missing texts, sent the Justice Department a list of questions himself, including a request for more comprehensive information on what Strzok-Page communications are available during the five-month gap, and an inquiry into whether the couple's non-official devices have been searched.
Many experts declined to comment for this story, citing the lack of transparency on what happened.
“There’s not enough information supplied to allow me to do more than speculate. There’s too much of that extant without my adding to the din," said Craig Ball, a computer forensics expert who teaches at the University of Texas at Austin School of Law.
Just load up a backup
Surely, they must have backups. Every organization does backups.
The time period involved is critical, it would cover when plans were being discussed.
Q said all are saved and will be released.
The NSA has every single text on file. Trump needs to order their leader to deliver every single one to Congress by tomorrow at 5pm, or he will send the Marines in to seize his HQ.
Things you have to believe because Propaganda Media tells you to: People about to testify against a Clinton become very careless, clumsy, and depressed. And the Strzok messages during the critical months just disappeared like cotton candy in the mouth.
I’m sure any of the potential backup sources have been bleach bit and done in with hammers. Where are the subpoenas and agents taking possession? I guess Sessions woke up long enough to sign off on the memo today. We can’t expect Sleeping Beauty to follow up on anything.
The FBI’s cellular provider can turn over the texts in a day’s time with a warrant, subpoena, etc. If they can’t, then the FBI colluded with Verizon, AT&T, or whatever, and things are even worse than we thought.
Texts are never GONE-gone for years.
“The NSA has every single text on file”
Whose to say the NSA isn’t as busy the FBI erasing files?
Chinagate, Northrup/Grumman, Ms Crabtree, Lois Lerner, Hillaryous, now the soetoro corrupted Federal Bureau of Incompetence...
Maybe they should hire some IT "experts" from some shiitehole country at 3x the going rate to manage their systems.
They were using “burner” throw away phones.
Bet if they offered a reward to a kid who could find them, they would have them all in 24 hours
Hell, I just laughed at my own post.
The United States of Judicial Watch will get them! Congress is useless.
This is how you know these are raging left wing FBI Investigators, you know they are because they think we are all morons and would believe anything
“We’ve decided not to give your those records.”
“You mean you lost them?”
“Uhhhhhhh. Yeah. Yeah, that’s it. We lost them.”
Trump should call in Wray, give him Twenty-Four hours to produce the e-mails or Fire him and investigate him.
I wouldn't be surprised at all. All other government agencies/departments have been working against Trump. The commie/Democrats have infiltrated and control most branches of the government.
I guess the cat is out of the bag, at any rate.
Can you just imagine if Republicans tried to get away with ANY OF THIS BS????
My son-in-law works for Verizon, he is somewhat of a big dog. He says they can retrieve the text messages if Verizon accounts are involved. I don’t know about AT&T but assume it would be a similar scenario.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.