Posted on 08/10/2021 6:56:24 AM PDT by FR_addict
The Cyber Symposium starts in 4 minutes.
Post updates for those who can't watch.
code monkey poking around on before and after forensic images of mesa county colorado.
prelim findings are stunning. logs deleted, databases deleted. they found a ms bat file coded to “de harden” the sql server. just the begining. 1 hr of work.
Sheesh.
Just mention ‘em and they send in the clowns.
Keep on updating on that, please.
Spent 40 years just down the road, still have family in the neighborhood so I'm "slightly" interested but I'm kinda multitasking right now and am running short on eyes/ears.
interesting:
code monkey was just called by his lawyer and told to stop looking at the images. something about hard drives being “stolen” from the office.
images aren’t hard drives though.
Forensic analysis is done on a mirror image of the original file. Hash tags are matched at the time to assure it is an exact duplicate.
This allows the forensic data to be presented in court as evidence in lieu of producing the original equipment and data.
It’s been a few years since I did forensic courtroom work on electronic data, but I doubt it has changed very much.
It is very evident that Dominion is very guilty of Spoliation of Evidence by deleting data.
Two Key Differences Between Digital Forensic Imaging And Digital Forensic Clone And How They Can Affect Your Legal Case
Over the years there have been many terms used to describe a Forensic Image versus a Clone and the process of making a forensic backup. Terms such as mirror image, exact copy, bit-stream image, disk duplicating, disk cloning, and mirroring have made it increasingly difficult to understand what exactly is being produced or being requested.
Broadly speaking, forensic backups are achieved by capturing all data from a source media (computers, cell phones, tablets, etc.) in a forensically sound manner so that all of the original data is an unaltered state. This means the entire contents of the source media are being collected, including unused space, all slack data, all unallocated space, and other medias.
A Forensic Image is a comprehensive duplicate of electronic media such as a hard-disk drive. Artifacts (Information or data created as a result of the use of an electronic devices that show past activity) such as deleted files, deleted file fragments, and hidden data may be found in slack (Unused space that is created between the end-of-file marker and the end of the hard drive cluster in which the file is stored and unallocated space (The unused portion of a hard drive). This exact duplicate of the data is referred to as a bit-by-bit copy of the source media and is called an Image. Images are petrified snapshots, that are used for analysis and evidence preservation. Images cannot be used as working copies.
A Forensic Clone is also a comprehensive duplicate of electronic media such as a hard-disk drive. Artifacts such as deleted files, deleted file fragments, and hidden data may be found in its slack and unallocated space.
This exact duplicate of the data is referred to as a bit-by-bit copy of the source media and is called a Clone. Clones are working snapshots, that are modifiable and not necessarily preserved. Clone are used as working copies to replace original evidence for analysis as well as data preservation purposes.
A hash (An error detection scheme which performs calculation on the binary value of the packet/frame and then which is appended to the packet/frame as a fixed-length field. Once the packet/frame is received a similar calculation is performed. If the result does not match the first calculation then a data change occurred during transmission.
The calculation can be a sum (Checksum), a remainder of a division or the resulting of a hashing function) of an original device can validate if media is an exact duplicate (forensically sound copy). Any variation in the hash value of an original to its Clone or Image will confirm that they are not exact copies. This is of importance to know when dealing with legal matters.
A few months ago I did a search to determine who the firm was that “certified” the Dominion voting machines prior to the election, as required by law.
I don’t have the details handy, but the firms primary business was certifying slot machines and gambling devices for the gaming industry. The largest firm was owned by a former director of the New Jersey Gaming Commission.
That “De harden” bat file appears to turn off every form of security on the machine. Multiple lines that are turning off different forms of security. Including encryption. I await an article from Alt media that describes what it is.
thx.
on the bat file:
they looked at the bat file line by line (dominion custom addon) that de-hardens sql server. assumes sql server shutdown. apparently two key lines: 1 copying security credentials in mass to folder. 2 disable encryption on in sql server. 3. restart sql server.
of course anyone with exec permission can run it, even remotely.
Two things.
Spoliation of evidence by Dominion..
Dominion should be forced to pay for audits in every state as they violated the public trust.
WOW.. JOE OLTMAN IS A HERO.
Here is a short clip about the batch file. It does not contain all the details of the file that were shown.
https://media.gab.com/system/media_attachments/files/081/720/756/original/e2d037bbbf7a4810.mp4
Everyone needs to hear his story.
Is he currently on the livestream?
Just finished.
If there is a clip of his story it needs to be shared everywhere.
Joe Oltman where reveals how he infiltrated Antifa and how during a conversation with Antifa members, he discovered “Eric from Dominion” was allegedly part of the chat during the week of September 27, 2020. Oltman alleged that “Eric” was telling the Antifa members they needed to “keep up the pressure.”
CodeMonkeyZ:
“Mesa County Colorado Recorder confirmed active erasure of evidence from Dominion systems, but by Dominion not her office. The County Recorder made a forensic copy because she believed that something nefarious was about to happen at the hands of the Colorado Secretary of State. That’s right, proof beyond PCAP, there was forensic evidence that was actively erased, which is a violation by Dominion and the Colorado Secretary of State.”
This from Ron. He is the guy who was looking through the files on screen.
Just notice the previous message was forwarded to Ron by Mark Finchem. So mark is the source.
Saw it. The county clerk was on last night at 8 pm Eastern time.
This afternoon was off the charts good, especially the Indian guy who exposed Twitter.
Dr. Shiva? Yes, he is brilliant.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.