I have not used R-Studio in this capacity before, but the letter appears to be intentionally conflating different portions of the "deleted files" screenshot and attaching meaning that doesn't make sense to it as a whole.
The top pane shows a list of files from a search on the drive. The bottom pane shows a log of what the system is doing in its search.
You can clearly see, from top to bottom, the "extends beyond disk bounds" message the letter references.
My first thought is "This is almost certainly from a corrupt partition" on the hard disk. In layman's terms, a hard drive keeps a manifest of the files it has, and where each file is stored. If that manifest points to things that aren't there, or if the manifest itself seems not quite all there, then this could mean...
The hard drive is part of a group of other hard drives and the manifest is pointing to things on other hard drives in the group that are missing (see: RAID)
The files were deleted or messed with in some way to obscure them
The hard drive is corrupted somehow (could be an innocent computer error or hard drive crash, or nefarious and intentional)
What the letter is insinuating is that the auditors copied the entire hard drive given to them, then RETURNED the original hard drive, but THEN, after returning the original drive, tried to do a scan on the original drive rather than the copy.
This is where someone with R-Studio experience can correct me, but this makes NO sense. I'm not even sure it would be possible to have R-Studio scan a drive based on a file system table that is no longer there, but if it were, I would imagine it would take significant effort to try to do this. In short, this would only happen if the auditors were REALLY corrupt and going to GREAT lengths to fake this data... which would be FAR easier by manipulating screenshots instead.
But what really, then, sinks this theory:
The log entries AFTER the "extends beyond disk bounds" part, which clearly shows an attempt to find damaged or missing partitions.
And THIS part of the letter, IMO, is the only part worth responding to. They did an OK attempt at trying to attack this, and it deserves us pedes' time.
But the rest? BS.
The router password exposing a blueprint of where stuff is stored? (a) That's not really how it works, (b) in theory, with full router access, MAYBE they can see some hostnames and other things on the network that might be descriptive enough to tell attackers where things are stored, BUT (c) if this is true, then the only way an attacker would see this is by ALSO having access to the internal network (at which point they no longer need a "blueprint") and (d) if hiding the "blueprint" is the extent of their security then they're negligent anyway.
I skimmed the rest, but it all looks like BS. They appear to be saying ballots are sealed with temper proof seals and then contradicting that and saying they don't have to be and would not be.
And the chain of custody stuff is as laughable as it gets, trying to pretend that the only chain of custody log anyone cares about is the one for the audit, when OBVIOUSLY the logs of interest would be BEFORE the audit, when the cheating happened.
It is from a hard drive image stored on a network share, the errors that you're misattributing are essentially block read errors because the "hard drive" is emulated.
hard drive image is likely not forensically sound
[USER WAS BANNED FOR HAVING AN EDUCATED OPINION BACKED BY EXPERTISE, WHILST DISSENTING FROM MSM NARRATIVE. THINK ABOUT THAT]
Glad to see other pedes deep diving into this!
A couple of my thoughts:
I have not used R-Studio in this capacity before, but the letter appears to be intentionally conflating different portions of the "deleted files" screenshot and attaching meaning that doesn't make sense to it as a whole.
The top pane shows a list of files from a search on the drive. The bottom pane shows a log of what the system is doing in its search.
You can clearly see, from top to bottom, the "extends beyond disk bounds" message the letter references.
My first thought is "This is almost certainly from a corrupt partition" on the hard disk. In layman's terms, a hard drive keeps a manifest of the files it has, and where each file is stored. If that manifest points to things that aren't there, or if the manifest itself seems not quite all there, then this could mean...
The hard drive is part of a group of other hard drives and the manifest is pointing to things on other hard drives in the group that are missing (see: RAID)
The files were deleted or messed with in some way to obscure them
The hard drive is corrupted somehow (could be an innocent computer error or hard drive crash, or nefarious and intentional)
What the letter is insinuating is that the auditors copied the entire hard drive given to them, then RETURNED the original hard drive, but THEN, after returning the original drive, tried to do a scan on the original drive rather than the copy.
This is where someone with R-Studio experience can correct me, but this makes NO sense. I'm not even sure it would be possible to have R-Studio scan a drive based on a file system table that is no longer there, but if it were, I would imagine it would take significant effort to try to do this. In short, this would only happen if the auditors were REALLY corrupt and going to GREAT lengths to fake this data... which would be FAR easier by manipulating screenshots instead.
But what really, then, sinks this theory:
The log entries AFTER the "extends beyond disk bounds" part, which clearly shows an attempt to find damaged or missing partitions.
And THIS part of the letter, IMO, is the only part worth responding to. They did an OK attempt at trying to attack this, and it deserves us pedes' time.
But the rest? BS.
The router password exposing a blueprint of where stuff is stored? (a) That's not really how it works, (b) in theory, with full router access, MAYBE they can see some hostnames and other things on the network that might be descriptive enough to tell attackers where things are stored, BUT (c) if this is true, then the only way an attacker would see this is by ALSO having access to the internal network (at which point they no longer need a "blueprint") and (d) if hiding the "blueprint" is the extent of their security then they're negligent anyway.
I skimmed the rest, but it all looks like BS. They appear to be saying ballots are sealed with temper proof seals and then contradicting that and saying they don't have to be and would not be.
And the chain of custody stuff is as laughable as it gets, trying to pretend that the only chain of custody log anyone cares about is the one for the audit, when OBVIOUSLY the logs of interest would be BEFORE the audit, when the cheating happened.
It is from a hard drive image stored on a network share, the errors that you're misattributing are essentially block read errors because the "hard drive" is emulated.
hard drive image is likely not forensically sound
[USER WAS BANNED FOR HAVING AN EDUCATED OPINION BACKED BY EXPERTISE, WHILST DISSENTING FROM MSM NARRATIVE. THINK ABOUT THAT]