re: So the DNC Server is Clearly Not Important to the Investigation

I do know one thing. My lawyers would NOT have been permitted to go through my emails and send the government what they felt was relevant and destroy what they felt was not.

quote:

---

been permitted to go through my emails and send the government what they felt was relevant and destroy what they felt was not.

---

THIS x 1,000

quote:

---

I called up Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies to help explain the technical details behind this type of forensic investigation. Rid, who wrote a detailed explanation about why Russia was likely behind the DNC hack for Motherboard in July 2016, told me that “from a forensic point of view, the question of a server at this stage doesn’t make any sense.”

“To really investigate a high profile intrusion like the DNC hack, you have to look beyond the victim network,” Rid said. “You have to look at the infrastructure—the command and control sites that were used to get in that are not going to be on any server ... looking at one server is just one isolated piece of infrastructure.”

Even so, what CrowdStrike gave the FBI is likely better than if it had seized and analyzed a physical box.

“To keep it simple, let’s say there’s only one server. CrowdStrike goes in, makes a complete image including a memory dump of everything that was in the memory of the server at the time, including traffic and connections at the time,” Rid said. “You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It’s unplugged, so there’s no memory content because it’s powered down. That physical piece of hardware is less valuable for an investigation than the onsite image and data extraction from a machine that is up and running. The idea a physical server would add any value doesn’t make any sense.”

What Rid means is that after a hack, some of the evidence of who did it and how they did it may be fleeting. It could be in the server’s memory, the RAM, and not stored on its hard drive. (Hackers use “fileless” malware precisely for this reason.) To preserve evidence in cases like these, incident responders need to make an image—essentially a copy of the server in that exact same state at that exact same time—so they can look at it afterwards. Think about this like when investigators take pictures of the crime scene or victim.

Lesley Carhart, principal threat hunter at the cybersecurity firm Dragos, told Motherboard that physical servers are rarely seized in forensics investigations.

"For decades, it has been industry-standard forensic and digital evidence handling practice to conduct analysis on forensic images instead of original evidence," she said. "This decreases the risk of corruption or accidental modification of that evidence."

I asked Rid if he thought it was suspicious that the DNC did not hand over the actual server to the FBI, and he said “no, not at all.”

“There’s nothing suspicious about the DNC’s behavior,” he said. “There were political reasons and skepticism on the part of the DNC to let the FBI have full visibility into what they do for various reasons during an ongoing election campaign.”

Rid likened any computer forensics investigation to that of a military planning campaign, sort of like a map. “You can connect the dots and the behavior,” he said. “You can show whoever hacked John Podesta also attacked the DNC, and also attacked Jake Sullivan, who worked for Hillary Clinton, and hundreds of other people on the campaign.”


Trump's Stupid ‘Where Is the DNC Server?’ Conspiracy Theory, Explained

---

quote:

---

The “server” Trump is obsessed with is actually 140 servers, most of them cloud-based, which the DNC was forced to decommission in June of 2016 while trying to rid its network of the Russian GRU officers working to help Trump win the election

---

And thats where I stopped reading. LOL


Did Hillary have 140 servers in her closet?

Let's say the DNC actually allowed the FBI to come in and examine/copy/whatever the servers. Full-fledged access. No rebuff. No crowdstrike involvement.

Then the argument would just be that the DNC conspired with the FBI to mask potentially incriminating info. It would be the same "deep state" argument, would it not?

If you don't trust the intel agencies and the DNC, then what do the servers and crowdstrike even matter? Crowdstrike just gets integrated into the same essential conspiracy theory

quote:

---

If you don't trust the intel agencies and the DNC, then what do the servers and crowdstrike even matter?

---

We've gotten to a place of hyper-partisanship. No evidence that confirms either side wrong is going to be accepted.

The only thing we can do is rely on evidence presented. If either side claims that the evidence was fake or planted, they MUST prove it with facts not circumstantial evidence and allegations.

If you actually spent equal time reading about a subject as you do bitching about it you might learn something.

quote:

---

“There’s nothing suspicious about the DNC’s behavior,” he said. “There were political reasons and skepticism on the part of the DNC to let the FBI have full visibility into what they do for various reasons during an ongoing election campaign.”

---

Yep, as I said yesterday, the DNC network was chock full of evidence that the DNC was doing some illegal shite and they didn't want the FBI rooting around in their system.

quote:

---

You don't take the servers when you're investigation someone else hacking into them. It was 5 months before the election. DNC kinda needs their servers and computers to ya know try to elect their candidate. fricking morons. "Where are the servers?!!"

---

They took them down to include all computers and laptops, you aren't really suggesting they kept using them are you?