As they have multiple copy in times (from what Frank said), as i said up, i really doubt she made them, i said was a setup as, they had already prepared everything (WH), they mentioned also the management cards of the server, i'm not gonna go into the details, basically it can give you a KVM, you could be in the other part of the world but still have an access as if you had the physical system in front (at a low level, think like BIOS, lifecycle, paramenters, etc), thing is, if there was a specific vulnerability not patched (i frankly think so), they may have used that one to remote in and dump everything in real time (what was being done to the system) and WH could have been there physically to do the forensic copies of the drives
If things went as i described, Tina was the trap for the deep state, as in this case they had already the drives since a lot of time (anyway a forensic copy should be a 1:1 copy done in a certain way, quickest thing is to do it on another drive, not via network, that's why i mentioned an hardware cloner) and not a last minute news as they said), spreading the news while she was going there, made the deep state panic and rush into the office to take the stuffs and frame her (take away what you can say it to the world before she gets there and bang), but bad surprise for them would have been that, she never even needed to touch the drives herself, i think there should be a chain of custody or register that can prove she didn't go there lately, or anyway the SOS would have known in a normal scenario
eg i know you (Tina) have evidence on X (drives) that has been exfiltrated somehow, on a rush (matter of hours) i launch a manhunt and do my best to frame you and put you + drives + conference in a bad light, just to know after that you didn't touch those drives and i fucked up myself because i acted impulsively without reflecting on the whole picture
I think it was well played, i may be wrong, but i'm in the field and know how those stuffs work, again, that wasn't a 'real' forensic demonstration, that was just dicking around (think again, setup), everything has been dynamic (look the way in which this 'breaking news' arrived on the first day, to be moved then to Thursday, but in fact revealed and shown Wednesday morning), the DS made so many stupid mistakes, rushing those offices, homes, the hacks, corrupting data on site, the shitty media coverage, etc etc
If the event was a nothingburger (not for us, for them), why wasting so much time and resources to disrupt it? They didn't even know what would have been revealed, this should tell a lot...
As they have multiple copy in times (from what Frank said), as i said up, i really doubt she made them, i said was a setup as, they had already prepared everything (WH), they mentioned also the management cards of the server, i'm not gonna go into the details, basically it can give you a KVM, you could be in the other part of the world but still have an access as if you had the physical system in front (at a low level, think like BIOS, lifecycle, paramenters, etc), thing is, if there was a specific vulnerability not patched (i frankly think so), they may have used that one to remote in and dump everything in real time (what was being done to the system) and WH could have been there physically to do the forensic copies of the drives
If things went as i described, Tina was the trap for the deep state, as in this case they had already the drives since a lot of time (anyway a forensic copy should be a 1:1 copy done in a certain way, quickest thing is to do it on another drive, not via network, that's why i mentioned an hardware cloner) and not a last minute news as they said), spreading the news while she was going there, made the deep state panic and rush into the office to take the stuffs and frame her (take away what you can say it to the world before she gets there and bang), but bad surprise for them would have been that, she never even needed to touch the drives herself, i think there should be a chain of custody or register that can prove she didn't go there lately, or anyway the SOS would have known in a normal scenario
eg i know you (Tina) have evidence on X (drives) that has been exfiltrated somehow, on a rush (matter of hours) i launch a manhunt and do my best to frame you and put you + drives + conference in a bad light, just to know after that you didn't touch those drives and i fucked up myself because i acted impulsively without reflecting on the whole picture
I think it was well played, i may be wrong, but i'm in the field and know how those stuffs work, again, that wasn't a 'real' forensic demonstration, that was just dicking around (think again, setup), everything has been dynamic (look the way in which this 'breaking news' arrived on the first day, to be moved then to Thursday, but in fact revealed and shown Wednesday morning), the DS made so many stupid mistakes, rushing those offices, homes, the hacks, corrupting data on site, the shitty media coverage, etc etc
If the event was a nothingburger (not for us, for them), why wasting so much time and resources to disrupt it? They didn't even know what would have been revealed, this should tell a lot...