An unknown IT specialist who simply goes by the name of The Forensicator has published a report that appears to disprove the theory that the DNC had been hacked by Russians but instead were copied locally — meaning someone copy/pasted the documents from an/the actual computer system — someone who had access to it.
And these documents were copied just give days before Seth Rich was murdered by an alleged robber.
Based on the analysis that is detailed below, the following key findings are presented:
On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.
Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.
The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).
They may have copied a much larger collection of data than the data present in the NGP VAN 7zip. This larger collection of data may have been as large as 19 GB. In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.
This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.
The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).
A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.
On September 1, 2016, two months after copying the initial large collection of (alleged) DNC related content (the so-called NGP/VAN data), a subset was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.
The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force. Most likely, this system was located somewhere on the East Coast.
The .rar files and plain files that eventually end up in the “NGP VAN” 7zip file disclosed by Guccifer 2.0 on 9/13/2016 were likely first copied to a USB flash drive, which served as the source data for the final 7zip file. There is no information to determine when or where the final 7zip file was built.
It’s important to note that the report is the “estimated speed of transfer” which is shown to be 23 MB/s for the copying of the documents. In essence, it’s inconceivable that any hacker working from a remote location could have copied them over the internet.
This is extremely significant and completely discredits allegations of Russian hacking made by both Guccifer 2.0 and Crowdstrike.