CodemonkeyZ hopium!
(media.greatawakening.win)
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (39)
sorted by:
Interesting that they decided to use recovery software in the first place. Was this planned (normal checks/balances), or did someone already flip and tell them to look for deleted files?
I'm assuming they've already recovered the SQL Server databases, and already extracted/processed the data. The screenshot was simply them advertising the fact that they had access to the data. If the data is incriminating, then those that were involved in the fraud would interpret the photo as a request come forward and confess their involvement.
At this stage, assume everything that is being requested is already in their hands. Like a good lawyer, they only ask questions they already know the answer to. They're really just encouraging further entrapment on the part of the conspirators.
Recovery software is super standard- they would have taken an image of the drive without booting to it before they did anything else.. it's also a lot faster to look at what has been deleted than it is to comb through a drive looking for who knows what.
That said, codemonkey may well know more about it than I do; but restoring deleted things (like a db) is not always super simple... there are forensic things you can do, and there might be tools that allow you to restore an incomplete db image with corrupted data, but when windows "deletes" something it doesn't actually get deleted- it gets flagged, and those bits aren't overwritten.. until they are overwritten. That was the point of software like 'bleachbit'- on old platter drives supposedly it was possible to restore even wiped files (had the drive written to 0) because of a residual latent charge on the disk... the solution was to write all 0s then 1s over and over again.
I wouldn't say recovering a db is as trivial as he suggests; however even historically when something couldn't be recovered, the fact that it was deleted intentionally was usually very valuable information. The fact that they can see what was deleted and not just the absence of the thing is a good sign that "these people are stupid". Why not just nuke the drive, or corrupt the image. There are also log files and possibly automated backups that would need to get deleted, and may be recoverable... there are a lot of bases to cover, and I suspect they didn't cover them very well.
It's a logistical nightmare to cheat on this scale (even if you were smart).
"there are a lot of bases to cover" - "Oh what a tangled web we weave"
Definitely "spoilation of evidence", so good that they even found the index entry.
With regards to file recoverability, I'm guessing their last action was to delete the "Databases" directory, I'd be surprised (but not shocked) if they used "BleachBit"
If they didn't use bleachbit (or similar software) and there was corruption - Fixing corrupted SQL Server databases is normally straight forward, but depending on the nature of the corruption can be time consuming, and sometimes does involve some data loss. The corruption usually limited to specific tables, or even specific indexes (not a big deal).
Just a note, the data file sizes (e.g. 1GB, 4GB ) is just reserved/empty space. Likely the actual data is < 50MB.
I also believe that they watched them delete the databases. Something tells me we had White Hats monitoring either in person or remotely. Space Force may have a copy as well.
I think it's safe to say that the people involved locally with the election fraud weren't the brightest bulbs in the pack, and probably knew even less about computers than most people (and thought "delete" meant gone forever :) )
making questions public is a great way to air the misdeeds....