For those interested:
https://theforensicator.wordpress.co...data-analysis/
http://edition.cnn.com/2016/06/21/po...ccifer-claims/
Would seem our "Russian Hacker" was in the DNC with a memory stick and had a basic understanding of how to drag and drop files.
Originally Posted by Forensicator
Overview
This study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona.
Findings
Based on the analysis that is detailed below, the following key findings are presented:
- On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.
- Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.
- The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).
- The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).
- A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.
This study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona.
Findings
Based on the analysis that is detailed below, the following key findings are presented:
- On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.
- Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.
- The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).
- The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).
- A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.
Originally Posted by CNN
Why do they believe it's the Russians?
High-level cyberespionage groups are skilled units of hackers, who work like digital thieves to break into chosen targets and take information.
Each of these groups has certain distinct signatures, from the way they get in, to the specially crafted malicious software they use, to the type of information that is taken and how it is transmitted out.
High-level cyberespionage groups are skilled units of hackers, who work like digital thieves to break into chosen targets and take information.
Each of these groups has certain distinct signatures, from the way they get in, to the specially crafted malicious software they use, to the type of information that is taken and how it is transmitted out.
Would seem our "Russian Hacker" was in the DNC with a memory stick and had a basic understanding of how to drag and drop files.
__________________
Movie Reviews | Anime Reviews
Top 100 Action Movie Countdown (2015): List | Thread
"Well, at least your intentions behind the UTTERLY DEVASTATING FAULTS IN YOUR LOGIC are good." - Captain Steel
Movie Reviews | Anime Reviews
Top 100 Action Movie Countdown (2015): List | Thread
"Well, at least your intentions behind the UTTERLY DEVASTATING FAULTS IN YOUR LOGIC are good." - Captain Steel
Last edited by Omnizoa; 11-14-17 at 05:56 PM.