emptywheelI've pulled together what we can learn from the October 22, 2020 CYA memo on the Hunter Biden laptop. Hoping some tech folks, esp @malwarejake and @matthew_d_green can review it to see if they can figure out why FBI had to install laptop hard drive in new laptop to get an image of it.
Jake Williams@emptywheel @matthew_d_green After a cursory review of the whistleblower transcript (item 20), there is no reason I can see why you'd do this. It's honestly a bit perplexing to me. But this drive seems to have been mishandled at every turn - at least this is consistent...
Alternate theory: it's inarticulate wording?
Random Nunes Parody@malwarejake @emptywheel @matthew_d_green It seems like the last thing you'd want to do is boot it. I'd use something like a gparted boot disk or Puppy Linux to boot from usb and image the whole drive that way.
i assume there are more professional equivalent tools.
Compuguy 🐱@RandomNunesParody @malwarejake @emptywheel @matthew_d_green Agreed. The one class on computer forensics I took almost a decade ago taught me not do do those things and to maintain the integrity of a forensics image. As @wpoland says in a later post, they should of been using a write-blocker in order to make a clean forensics image.
The whole Hunter laptop thing is a great example of what not to do when forensically examining a computer!
@compuguy @malwarejake @emptywheel @matthew_d_green @wpoland I refuse to believe the IRL FBI just booted up a computer in evidence. It's either defense lawyer misinformation or just plain BS, probably the later.
@RandomNunesParody It doesn't come from defense attorneys. It comes from the IRS Agent himself, and was written 3 years ago. @compuguy @malwarejake @matthew_d_green @wpoland
@emptywheel @compuguy @malwarejake @matthew_d_green @wpoland Got it. Thanks for the reply. Good to see you here.