Anonymous wrote:
Have all those steps been done?
"I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?" I said IF a cloud or server farm was used, they should also be examined. All we hear about is a server. If you are a SME, then you know there should be a thorough investigation of audit logs, firewalls, intrusion detection and prevention systems, DNS and LDAP services, domain controllers, authentication servers, routers, switches and all the network infrastructure, correct? You keep telling me everything is OK. Well, is it? Please, go ask your spokesman and get back to me, because your "Comey said" isn't working.
Does Crowdstrike have access to the information the FBI does on previous hacks for indicators of compromise, classified intel, etc? How closely are the FBI and Crowdstrike working together?
jsteele wrote:Anonymous wrote:Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.
People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.
"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.![]()
http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html
You are acting like Crowdstrike doesn't know basic forensics. Any professional firm would image both active memory and and storage media. That is simply basic forensics. You keep on harping about the fact that Crowdstrike's statement was issued by a spokesperson. I hate to break it to you, but that's who normally issues statements. The same information has been confirmed by the FBI.
I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?
Given that by your own admission you -- unlike the FBI -- has not seen the technical details, on what basis do you question their findings? Do you rely on telekinetics to conduct your computer forensics?
Anonymous wrote:Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.
People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.
"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.![]()
http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html
jsteele wrote:Anonymous wrote:Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.
Jeff is not in the investigation. He is not qualified. He doesn't know what raid configurations the disks were in, what was captured in memory, what the images consisted of and if they were simply dirwalks. And he's taking the word of an unnamed spokesman who gives no technical details.
It's time to turn over the server for proper analysis and the keys to any information they may have stored in a server farm or cloud.
You wanted an investigation. Now pony up.
Stringing a bunch of important sounding words together doesn't make you an expert either. If the data is stored in the cloud, how would providing the server help? What difference does the RAID configuration make? It can be imaged regardless. As another poster pointed out, Comey testified that what Crowdstrike provided was sufficient.
Just as I am not conducting the investigation, you are not either. The folks who are conducting the investigation appear to be satisfied with the data provided and confident in their finding. Do you dispute the determination that Russia was behind the hack?
Anonymous wrote:Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.
Jeff is not in the investigation. He is not qualified. He doesn't know what raid configurations the disks were in, what was captured in memory, what the images consisted of and if they were simply dirwalks. And he's taking the word of an unnamed spokesman who gives no technical details.
It's time to turn over the server for proper analysis and the keys to any information they may have stored in a server farm or cloud.
You wanted an investigation. Now pony up.
Anonymous wrote:To the OP/PP, Jeff is an IT person, I think he is enough of a subject matter expert to comment with authority on the issue.
Anonymous wrote:"forensic images". No, they did not. They use that term loosely. You cannot provide forensic images of an email server. You turn it over. It's multiple disks with slack space and constant writes.
Who is "a spokesman wrote"?
Anonymous wrote:"forensic images". No, they did not. They use that term loosely. You cannot provide forensic images of an email server. You turn it over. It's multiple disks with slack space and constant writes.
Who is "a spokesman wrote"?
jsteele wrote:From the article:
The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."
Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.
The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."