This detailed report appears to disprove the theory that the DNC was hacked by Russia

Guccifer 2.0 NGP/VAN Metadata Analysis – The Forensicator

This study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona.    For an in depth analysis of various aspects of the controversy surrounding Guccifer 2.0, refer to Adam Carter’s blog, Guccifer 2.0: Game Over.

 

Based on the analysis that is detailed below, the following key findings are presented:

  • On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis).  This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.

  • Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.

  • The initial copying activity was likely done from a computer system that had direct access to the data.  By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).

  • They may have copied a much larger collection of data than the data present in the NGP VAN 7zip.  This larger collection of data may have been as large as 19 GB.  In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.

  • This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.

  • The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).

  • A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.

  • On September 1, 2016, two months after copying the initial large collection of (alleged) DNC related content (the so-called NGP/VAN data), a subset was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.

  • The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force.  Most likely, this system was located somewhere on the East Coast.

  • The .rar files and plain files that eventually end up in the “NGP VAN” 7zip file disclosed by Guccifer 2.0 on 9/13/2016 were likely first copied to a USB flash drive, which served as the source data for the final 7zip file. There is no information to determine when or where the final 7zip file was built.

Click here to read the complete Analysis

 

Advertisements

Leave a Thoughtful Respectful Reply, Spam and Trolling are Prohibited

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s