emptywheelJul 6, 2023

I've pulled together what we can learn from the October 22, 2020 CYA memo on the Hunter Biden laptop. Hoping some tech folks, esp @malwarejake and @matthew_d_green can review it to see if they can figure out why FBI had to install laptop hard drive in new laptop to get an image of it.

https://www.emptywheel.net/2023/07/06/the-technical-oddities-of-the-fbis-exploitation-of-hunter-bidens-laptop/

The Technical Oddities of the FBI's Exploitation of Hunter Biden's Laptop - emptywheel

For some reason, the FBI deemed it necessary to buy a new laptop and install the hard drive from the laptop once owned by Hunter Biden before it could image the laptop.

emptywheel
Show threadJake WilliamsJul 6, 2023
@emptywheel @matthew_d_green
Taking a look now.
Show threadJake WilliamsJul 6, 2023

@emptywheel @matthew_d_green After a cursory review of the whistleblower transcript (item 20), there is no reason I can see why you'd do this. It's honestly a bit perplexing to me. But this drive seems to have been mishandled at every turn - at least this is consistent...

Alternate theory: it's inarticulate wording?

Show threadRandom Nunes ParodyJul 6, 2023

@malwarejake @emptywheel @matthew_d_green It seems like the last thing you'd want to do is boot it. I'd use something like a gparted boot disk or Puppy Linux to boot from usb and image the whole drive that way.

i assume there are more professional equivalent tools.

Show threadJake WilliamsJul 6, 2023
@RandomNunesParody @emptywheel @matthew_d_green Definitely, though we may be seeing the telephone game effect at play here.
Show threademptywheelJul 6, 2023
@malwarejake I think I'm pretty close to convinced there are material inconsistencies between thta laptop and what has been released. @RandomNunesParody @matthew_d_green
Show threadJake WilliamsJul 6, 2023
@emptywheel
The copies I've looked were all live booted from the drive image at different times. This is consistent with the FBI doc, only that I didn't expect the FBI to be doing that too. @RandomNunesParody @matthew_d_green
Show threademptywheelJul 6, 2023
@malwarejake Sorry: Can you say what that means? @RandomNunesParody @matthew_d_green
Show threadRandom Nunes Parody

@emptywheel @malwarejake @matthew_d_green What they should have done is booted to a different hard drive either by physically removing the drive and plugging it into a different computer or booting to a usb drive, and then copy the whole physical drive in one big piece.

I can't believe the FBI doesn't know that.

Jul 6, 2023 at 9:21pmWeb
Show threadDoctorRobofingerJul 7, 2023
@RandomNunesParody @emptywheel @malwarejake @matthew_d_green
The charitable interpretation is that they're saying "boot" here instead of "mount," but this whole thing is such a mess that nothing would surprise me now