The problem with the deleted data in AZ is not that the files were deleted. That's trivial - just undelete the ones that are fully intact. As to the broken files, rebuild the ldf (transaction logs) files and fix the gaps caused by the broken deleted files. That's rather mundane.
The problem is the zero length files. The actual data that is needed is the adjudication data for 11/3. Notice - those files are both deleted and zero-length. this is bad. The criminal first dropped the database, then deleted the file. When the file is undeleted, it will still be zero length.
The good news is that the database structure appears to be known, so that can be restored. The recovery team would then need to rebuild the database files. This is a very complex operation.
If those machines were connected to the internet isn’t there a good chance these files might have been copied and stored somewhere ? There are a lot of hackers out there who are more than capable of pulling that off.
I doubt you are going to get down the sector-level file reconstruction remote. This is a pretty complex procedure. They would start by making a byte-for-byte replica of the hard drive using dd or clonezilla. Probably you create multiple. Then, you send to a very specialized data recovery team. There are data recovery specialists who specifically have expertise in SQL Server file recovery.
Another complication is that the data is likely encrypted, making reconstruction very complex. Hopefully they have the database access keys.
Thanks! Hope they can!
What does "zero length" mean?
It means that they wiped the data in the file, saved the version with no data to over-write the data with nothing, and then deleted the file.
Oh, it’s a technical term to describe soyboys’ genitalia.
Because science.
^^ Name checks out.
It means you have a tiny pp.
Yea, they would likely be able to rebuild both the ldf and mdf. I would be completely shocked if they didn't already rebuild this data a while ago. The timing of this release is likely not connected to when they discovered the deleted files. I think the timing corresponds to the pause in the audit. This controls the narrative during the pause.
If the were connect to internet, the govt has the ability to get that info whether deleted or not...I guess depends on if they’ll make that available...doubt it.
OP, the creation date and access date for the two zero-length files is 10/20. They are both the same, so my best guess is they were empty folders created in late october for testing purposes. Possibly testing remote connection with a 'can you see me?' type of test.
Oh, you are correct! Those are probably "Hello World" files.
I wonder where the 2020 data is. Maybe in the fixed size database. It could be that the configured the system to store the images external to the db on this election. I will be very interested to learn where the 2020 data is when this all finally comes out (if...)
Probably amidst the files from November 2020 up until January 2021. I wouldn't be surprised if adjudication was performed in intervals, which would in part explain why you'd be seeing ballots coming in even after counting has been officially stopped.
A lot of the votes that came in post-counting hours could very well be coming in from batches of ongoing adjudication, leading to the spikes you see on the graphs in places like MI and WI. The numbers are still really fucking fishy, but remember, some of these states had 60% or greater adjudication rate. That's a lot of ballots being reviewed and then added to the count all at once.
I've no doubt that fraud occurred in that process, and no doubt that phantom ballots will continue to be discovered, but I think the huge late night/early morning spikes in the graphs were because of the massive numbers of adjudicated ballots all being added to the count at once.
Come to think of it, those two files could even be example files used for instruction to train newer employees the process of the file naming and the likes.
Yea, 10 days is definitely a good amount of time for recovery operations. When I went through this, we recovered the db in 4 days.
What gets me is the “bad guys” are actually dumb enough to think that nobody on the “good guys” side can figure any of this out. I actually thing they told themselves we wouldn’t even try!
Yes - pride comes before the fall. If they were this arrogant with the handling of digital evidence, I bet they were equally stupid in the creation of fake ballots and counting of phantom votes.
Democrats aren't known for being smart.
Deleting records, files, databases, schemas, etc cannot be a new thing. I suspect there is a way to have permanent deletion which would raise huge red flags or they weren't permanently deleted and the ability to recover it all is basically a step by step process.