Wow OP, you got your ass handed to you.

Anonymous wrote:
Have all those steps been done?

"I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?" I said IF a cloud or server farm was used, they should also be examined. All we hear about is a server. If you are a SME, then you know there should be a thorough investigation of audit logs, firewalls, intrusion detection and prevention systems, DNS and LDAP services, domain controllers, authentication servers, routers, switches and all the network infrastructure, correct? You keep telling me everything is OK. Well, is it? Please, go ask your spokesman and get back to me, because your "Comey said" isn't working.

Does Crowdstrike have access to the information the FBI does on previous hacks for indicators of compromise, classified intel, etc? How closely are the FBI and Crowdstrike working together?

You are contradicting yourself. You are correct that firewalls, IDSs, and other systems should be investigated. But, those things are separate from the server. The server is completely irrelevant to those things. Giving the server to the FBI would have no impact on those other devices. So, why did you start a thread that focuses only on the server?

I realize that you are making this up as you go along and actually have no idea what you are talking about, but maybe think things through a bit more?

I love your response about the cloud, "I said IF a cloud or server farm was used, they should also be examined." Well, duh. But, you don't need the server to do that. In fact, if all you have is the server, you couldn't do that. Hence, my "very telling" question.

The FBI has confirmed that they have been provided sufficient data. Can you again explain on what basis you question their findings? You appear to consider yourself quite the expert, but are unable to explain why you -- with no access to the data -- are better able to make determinations then those who actually have the data.

"So if the FBI didn’t ask for access the DNC’s servers out of laziness or negligence, it certainly should have. And if the DNC denied them that access for fear of being embarrassed by what they might find, or because they had more faith in CrowdStrike than the FBI, then it served only to undermine confidence in the ultimate results of the investigation and give the impression of having something shameful to hide. Neither the DNC nor the FBI should have been satisfied with an investigation that did not involve the FBI conducting a first-hand look at the compromised systems. And all of us should be concerned about the seeming acceptance of both parties to let a private company singlehandedly carry out an investigation with such significant political consequences."

http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html

jsteele wrote:

Anonymous wrote:Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.

People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.


"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.


http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html

You are acting like Crowdstrike doesn't know basic forensics. Any professional firm would image both active memory and and storage media. That is simply basic forensics. You keep on harping about the fact that Crowdstrike's statement was issued by a spokesperson. I hate to break it to you, but that's who normally issues statements. The same information has been confirmed by the FBI.

I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?

Given that by your own admission you -- unlike the FBI -- has not seen the technical details, on what basis do you question their findings? Do you rely on telekinetics to conduct your computer forensics?

Have all those steps been done?

"I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?" I said IF a cloud or server farm was used, they should also be examined. All we hear about is a server. If you are a SME, then you know there should be a thorough investigation of audit logs, firewalls, intrusion detection and prevention systems, DNS and LDAP services, domain controllers, authentication servers, routers, switches and all the network infrastructure, correct? You keep telling me everything is OK. Well, is it? Please, go ask your spokesman and get back to me, because your "Comey said" isn't working.

Does Crowdstrike have access to the information the FBI does on previous hacks for indicators of compromise, classified intel, etc? How closely are the FBI and Crowdstrike working together?

Anonymous wrote:Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.

People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.


"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.


http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html

You are acting like Crowdstrike doesn't know basic forensics. Any professional firm would image both active memory and and storage media. That is simply basic forensics. You keep on harping about the fact that Crowdstrike's statement was issued by a spokesperson. I hate to break it to you, but that's who normally issues statements. The same information has been confirmed by the FBI.

I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?

Given that by your own admission you -- unlike the FBI -- has not seen the technical details, on what basis do you question their findings? Do you rely on telekinetics to conduct your computer forensics?

jsteele wrote:

Anonymous wrote:

Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.

Jeff is not in the investigation. He is not qualified. He doesn't know what raid configurations the disks were in, what was captured in memory, what the images consisted of and if they were simply dirwalks. And he's taking the word of an unnamed spokesman who gives no technical details.

It's time to turn over the server for proper analysis and the keys to any information they may have stored in a server farm or cloud.

You wanted an investigation. Now pony up.

Stringing a bunch of important sounding words together doesn't make you an expert either. If the data is stored in the cloud, how would providing the server help? What difference does the RAID configuration make? It can be imaged regardless. As another poster pointed out, Comey testified that what Crowdstrike provided was sufficient.

Just as I am not conducting the investigation, you are not either. The folks who are conducting the investigation appear to be satisfied with the data provided and confident in their finding. Do you dispute the determination that Russia was behind the hack?

Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.

People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.


"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.


http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html

Anonymous wrote:

Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.

Jeff is not in the investigation. He is not qualified. He doesn't know what raid configurations the disks were in, what was captured in memory, what the images consisted of and if they were simply dirwalks. And he's taking the word of an unnamed spokesman who gives no technical details.

It's time to turn over the server for proper analysis and the keys to any information they may have stored in a server farm or cloud.

You wanted an investigation. Now pony up.

Stringing a bunch of important sounding words together doesn't make you an expert either. If the data is stored in the cloud, how would providing the server help? What difference does the RAID configuration make? It can be imaged regardless. As another poster pointed out, Comey testified that what Crowdstrike provided was sufficient.

Just as I am not conducting the investigation, you are not either. The folks who are conducting the investigation appear to be satisfied with the data provided and confident in their finding. Do you dispute the determination that Russia was behind the hack?

Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.

Jeff is not in the investigation. He is not qualified. He doesn't know what raid configurations the disks were in, what was captured in memory, what the images consisted of and if they were simply dirwalks. And he's taking the word of an unnamed spokesman who gives no technical details.

It's time to turn over the server for proper analysis and the keys to any information they may have stored in a server farm or cloud.

You wanted an investigation. Now pony up.

Anonymous wrote:"forensic images". No, they did not. They use that term loosely. You cannot provide forensic images of an email server. You turn it over. It's multiple disks with slack space and constant writes.

Who is "a spokesman wrote"?

Of course it is possible to make images. The server would have been taken off-line. If it has been running for a year, it is now worthless.

If the FBI got the server, they would simply make images. Nobody would work on the actual hardware. So, they would have duplicate images.

Anonymous wrote:"forensic images". No, they did not. They use that term loosely. You cannot provide forensic images of an email server. You turn it over. It's multiple disks with slack space and constant writes.

Who is "a spokesman wrote"?

Comey testified that DNC was response was routine and sufficient. Though I know you probably believe Comey is Hillary's bff.

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

I agree it is a red herring and another attempt at distraction. It won't work.

To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.

"forensic images". No, they did not. They use that term loosely. You cannot provide forensic images of an email server. You turn it over. It's multiple disks with slack space and constant writes.

Who is "a spokesman wrote"?

From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Hacked computer server that handled DNC email remains out of reach of Russia investigators



By Dan Boylan - The Washington Times - Wednesday, July 5, 2017

It is perhaps the key piece of forensic evidence in Russia’s suspected efforts to sway the November presidential election, but federal investigators have yet to get their hands on the hacked computer server that handled email from the Democratic National Committee.

Indeed, the only cybersecurity specialists who have taken a look at the server are from CrowdStrike, the Irvine, California-based private cybersecurity company that the DNC hired to investigate the hack — but which has come under fire itself for its work.

Some critics say CrowdStrike’s evidence for blaming Russia for the hack is thin. Members of Congress say they still believe Russia was responsible but wonder why the DNC has never allowed federal investigators to get a look at the key piece of evidence: the server. Either way, a key “witness” in the political scandal consuming the Trump administration remains beyond the reach of investigators.

“I want to find out from the company [that] did the forensics what their full findings were,” Sen. Lindsey Graham, a South Carolina Republican who is leading the Judiciary Committee’s inquiry, told The Washington Times.

Scrutinizing the DNC server hack and CrowdStrike’s analysis has not factored heavily in multiple probes exploring the Russia issue. But behind the scenes, discussions are growing louder, congressional sources say.

President Trump will hold an official bilateral meeting on Friday with Russian President Vladimir Putin on the sidelines of a Group of 20 summit in Germany, although it’s unclear how big the Russian election hacking scandal

More:

http://www.washingtontimes.com/news/2017/jul/5/dnc-email-server-most-wanted-evidence-for-russia-i/