Bottom line here, if these machines were configured to PXE Boot before the disk. Then on election day they could be running a completely different OS then the one on the Disk. During the Elections the Machines would run dirty, but during the audits later the machines would run clean.
If they did this, then more likely then not the Splunk Logs, and the router logs would contain this information. This would be why they'd fight to the death to prevent anyone from seeing these logs. The logs could prove that these machines were configured and ran a dirty OS they designed, instead of the one presented during certification.
Bottom line here, if these machines were configured to PXE Boot before the disk. Then on election day they could be running a completely different OS then the one on the Disk. During the Elections the Machines would run dirty, but during the audits later the machines would run clean.
If they did this, then more likely then not the Splunk Logs, and the router logs would contain this information. This would be why they'd fight to the death to prevent anyone from seeing these logs. The logs could prove that these machines were configured and ran a dirty OS they designed, instead of the one presented during certification.
The router logs are key. The next shoe to drop.