Forensic Audit in Maricopa County, AZ

Last edited:
Btw, there are disinformation articles out there like from CNN that the audit team admitted to being wrong. Didn't happen so don't fall for it.
 
Garmel said:
Btw, there are disinformation articles out there like from CNN that the audit team admitted to being wrong. Didn't happen so don't fall for it.
Click to expand...

What's the spin from the conservative blogosphere? Fann and CyFir merely said the files they publicly accused Maricopa County of deleting were "found". In the Fann meeting yesterday they didn't elaborate on the about face from what even people here agreed would have been a criminal act.

I'm biased but it doesn't take any liberal source to show that the initial accusation was reckless at a minimum and potential evidence of incompetence. Of course, even amateurs need their first audit experience, right?
 


Everything will come out. Right now we don’t have all the facts. Deleted files were recovered. Who deleted the files?
 
AC said:


Everything will come out. Right now we don’t have all the facts. Deleted files were recovered. Who deleted the files?
Click to expand...


Yes, Codemonkey is right. That's not even close to what was said there. The deleted files were not obsolete files either like what the Board said. Once again America is being gaslighted just like during the Russian Collusion saga.
 
So that's the angle for the right-wing blogs. CyFIR claiming they found the files is yet another indication of something nefarious even though that wasn't stated in the meeting?

Facts:
1. 5/14 Karen Fann's letter claimed the files were "deleted" and accused the Maricopa County Board of "spoliation of evidence".
2. 5/17 Maricopa County Board responded claiming the files are there and offered potential reasons for why CyFIR couldn't find the files on their copy of the servers and potential solutions to finding the files. Keep in mind, CyFIR completed the copy from the original servers, not Maricopa County.
3. 5/18 CyFIR says they've now found the missing files yet offered no explanation how they found them or why they were claimed to be missing.

Everything outside of that is subjective supposition.
 
OUBubba said:
I guess the question is "did they find the files in the location where they said they'd be"?
Click to expand...

It looks like to me with the evidence that I pointed to earlier the team found the deleted files and recovered them before they were pointed to by the Board.
 
AC said:
Yes. Now it will soon be time for Justice!
Click to expand...

Stephen Miller is slipping up. He missed the obvious irony in his message. "Lake said, 'I think he was an accident, and this is what happens when accidents happen in politics. They become one and done.'"
 
OUBubba said:
I guess the question is "did they find the files in the location where they said they'd be"?
Click to expand...

That's the point. At no point did the CyFIR gentleman lay out how they found the files.

Absent that detail both sides will fill in the gaps. I feel CyFIR is incompetent and is now trying to save face, their supporters will jump to "see, these files were deleted and CyFIR's expert skills allowed them to retrieve the deleted data".

I'll simply say that the gentleman presenting did not given me confidence he's part of an A-Team of technology experts. As an IT leader with 20+ years of experience I'd likely downgrade them in any RFP process based purely on that 1:45 minute clip.
 
Seattle Husker said:
That's the point. At no point did the CyFIR gentleman lay out how they found the files.

Absent that detail both sides will fill in the gaps. I feel CyFIR is incompetent and is now trying to save face, their supporters will jump to "see, these files were deleted and CyFIR's expert skills allowed them to retrieve the deleted data".

I'll simply say that the gentleman presenting did not given me confidence he's part of an A-Team of technology experts. As an IT leader with 20+ years of experience I'd likely downgrade them in any RFP process based purely on that 1:45 minute clip.
Click to expand...
Hey Husker, I have no idea your particular areas of expertise in IT but I am sure it is extensive in 20+ years. But forensic examination does not necessarily come up frequently even for the CIO. His comments are commonplace for forensics. When a forensic examiner says that he "recovered" deleted files he is referring to the process of looking into unallocated space on the drive, finding the files there, and restoring them. (There are specific tools for this such as Encase, FTK etc..) When the files are deleted they don't leave the drive until they are completely overwritten. They are just "reassigned" as data clusters in unallocated space as opposed to being files in the files system. If a forensic examiner can access the drive before the files are overwritten they can be restored to the file system. (They will be overwritten if the drive completely fills up and there is no room for unallocated space.) So he did explain clearly, in the lingo of his trade, what was done.
 
CTex said:
Hey Husker, I have no idea your particular areas of expertise in IT but I am sure it is extensive in 20+ years. But forensic examination does not necessarily come up frequently even for the CIO. His comments are commonplace for forensics. When a forensic examiner says that he "recovered" deleted files he is referring to the process of looking into unallocated space on the drive, finding the files there, and restoring them. (There are specific tools for this such as Encase, FTK etc..) When the files are deleted they don't leave the drive until they are completely overwritten. They are just "reassigned" as data clusters in unallocated space as opposed to being files in the files system. If a forensic examiner can access the drive before the files are overwritten they can be restored to the file system. (They will be overwritten if the drive completely fills up and there is no room for unallocated space.) So he did explain clearly, in the lingo of his trade, what was done.
Click to expand...

One of my stops along the way I've worked directly with and supporting the CISO (Corporate Info Security) and Legal teams (Big 3-4 Wireless Telecoms) ensuring they have the right tools and those tools are supported by Enterprise IT. I'm not saying what he said is incorrect but he didn't give any of that detail in his response which is what I would have expected. Maybe he gave it outside of the clip?
 
upload_2021-5-19_21-29-8.png
 
So theoretically, we are about to find out soon. What’s on those data bases! Maybe it takes 4 weeks. I hope not, but nothing surprises me anymore.
 
AC said:
So theoretically, we are about to find out soon. What’s on those data bases! Maybe it takes 4 weeks. I hope not, but nothing surprises me anymore.
Click to expand...

So lots of talk on this thread. Did the folks in charge of the election and the databases say they did not delete the files?
 
bystander said:
So lots of talk on this thread. Did the folks in charge of the election and the databases say they did not delete the files?
Click to expand...
Deleting files and moving files from one place to another (which I do frequently) are not the same thing. And, when I've moved files from Site A to Site B, a data security company could both find the "deleted data" at Site A and also find the actual stored data at Site B.

It's ludicrous to not trust the newly elected GOP people involved.
 
OUBubba said:
Deleting files and moving files from one place to another (which I do frequently) are not the same thing. And, when I've moved files from Site A to Site B, a data security company could both find the "deleted data" at Site A and also find the actual stored data at Site B.

It's ludicrous to not trust the newly elected GOP people involved.
Click to expand...

I understand moving from one place to another and deleting. Did they say they didn't delete anything and did the forensic team in fact recover deleted file?
 
The audit team went to the Arizona Senate hearing to testify under threat of perjury while the Board would not attend the mandatory hearing and do the same. That says a lot.
 
Seattle Husker said:
One of my stops along the way I've worked directly with and supporting the CISO (Corporate Info Security) and Legal teams (Big 3-4 Wireless Telecoms) ensuring they have the right tools and those tools are supported by Enterprise IT. I'm not saying what he said is incorrect but he didn't give any of that detail in his response which is what I would have expected. Maybe he gave it outside of the clip?
Click to expand...
I wish he would have added a level of detail as well. Perhaps that was given off camera or perhaps it is forthcoming. More than anything I want to know what is in the deleted/recovered files.
 
CTex said:
I wish he would have added a level of detail as well. Perhaps that was given off camera or perhaps it is forthcoming. More than anything I want to know what is in the deleted/recovered files.
Click to expand...

One of them is supposedly the Tallying and Reporting file. Not sure what all of that does or not.
 
You must log in or register to reply here.

Weekly Prediction Contest

* Predict HORNS-AGGIES *
Sat, Nov 30 • 6:30 PM on ABC

Recent Threads

Prediction Results Threads

2024 Schedules

Back
Top