You’re thoroughly confused.
The hard drive copies were taken from the DNC’s servers. The 33,000 deleted emails were on Hillary’s servers. The two had nothing to do with each other.
“And digital copies are useless.
In order to find evidence of any hacking or illegal correspondence, you need the originals. When things are deleted, they are not wiped off the drive. They are just marked as being able for future writes to be able to write over. They are still there. But when you make a copy, you don't copy the parts that are marked as deleted.”
Too ******* stupid. <smh>
They didn’t create the copies with Windows Explorer, dragging files from one location to another — they did a byte-for-byte copy which duplicates every byte from the source drive onto a destination drive.
that includes data from files marked for deletion as well as actually deleted files (except for such data that is overwritten).
The copy contains
everything that can be found on the source drive. Which is why the FBI said this was an “appropriate substitute.”
I am not confused at all.
It was someone else who claimed Hillary's email server was hacked and I was the one trying to point out that was the DNC that was hacked, not Hillary.
And no, unless you use the exact same brand, size, and condition of drive, you can't really do a byte by byte copy and have it make any sense. You will be copying the file table as well as just raw data, so then will have extreme difficulty trying to even find files, much less read them.
But the point is it would be easy for people to avoid anything they wanted to delete when doing the copying.
If anyone at the FBI knew what was appropriate, they would be working for a computer company and not the FBI.
I said,
”Digital copies of the hard drives were provided to the FBI,” clearly speaking of the DNC’s servers, which had nothing at all to do with Hillary’s servers; to which you replied...
”yes, but those copies were missing over 30,000 emails, and were what Trump was suggesting the Russians might be able to find.”
Yes, you are completely confused as “those copies”
were not “missing over 30,000 email.” Again, those were copies of the DNC servers; while the 33,000 missing email were deleted from Hillary’s servers, not the DNC’s.
As far as your knowledge on hard drives, it really wasn’t necessary for you to exhibit sheer ignorance on the technology. You did get the size correct though, I’ll give you that. The destination drive must have at least as much storage capacity as the source drive, and ideally in this case, would be the same size, but that’s all you got right. And I expect a professional company as CrowdStrike, who are in that industry, know enough to know that.
This is not a 2 person conversation. There are other people claiming it was Hillary's email server that was hacked. And it was Hillary that would not allow the FBI to check for the missing emails or evidence of hacking. Hillary did give the FBI a copy of the drives, but that did not at all help in supplying the missing 30,000 emails.
Of course I was unaware the DNC had also supplied copies of their drives because that makes no sense. If you actually want to find deleted files of evidence of hacking, you need the original drives in the machine they were in at the time. You don't want copies, and copies are not going to do any good.
You don't want RAW bytes because they you have to carefully find and interpret the file allocation tables, and then follow their entries to find the actual sectors. That is very difficult these days because all drives use a virtualization scheme for sectors, so that they can map out bad ones, and implement drive encryption. It is not as simple as just looking at RAW bytes. The interpretation is very difficult unless you perfectly shadow it onto the exact same media, in size, brand, embedded firmware, etc.
And yet, despite your ignorance on the subject, the FBI found the copies an “acceptable substitute.” You’ve not convinced me you know more than they do. And yes, access to raw data is also vital in performing forensics on a hard drive as that is how to view data that was deleted after being sent to the “recycle bin.” Also, if you do a copy like that to a similar sized drive with the same cluster size on both and you plug that into the same OS as the source, the undeleted files and files marked for deletion can be read.
That is the part that proves the FBI's ignorance or corruption. They should not have accepted copies, and instead insisted on the originals. That fact I know more about computers is obvious, since they are paid for law enforcement by a the federal government, and I am paid by Intel, HP, IBM, Sequent, Microsoft, Apple, etc., to work on computers.
Yes you might succeed if you use the same size drive, with same brand, version, embedded system, etc.
But likely hopeless if you use a different size drive, different brand, different version of firmware, etc.
The algorithm that locates actual physical sectors from the virtual requests is not going to be the same even if the different sectors have been mapped out as bad, the allocation table is set up differently, the drive uses a different RAID optimization mapping, etc.
But that does also depend on what is meant is meant by a RAW copy. If you use the firmware from the original drive, and follow the file allocation table routines for a virtual sector by sector copy, there is a chance that might work even though the destination drive was using different firmware, allocation table routines, etc. But the FBI should never have taken that risk. They should have used the original drives, taken them as evidence, and left the DNC to use the copies. They failed in their ability to ensure a credible line of evidence. They could have been given anything. They can't use anything they get from the copies because they could easily not be accurate or even deliberately manipulated.
