dChan
Anonymous ID: 815a60 July 18, 2018, 7:57 a.m. No.2199148   🗄️.is 🔗kun   >>9152

>>2196604 (pb)

Ok, ITfag here…I'm very comfortable lurking on these boards, but when someone spews garbage about tech, I can't keep my mouth shut. I'm going to hit your points one at a time to clear up some the disinformation vomiting from your mouth.

 

"Transfer speed"…NOT a red herring. If you've ever done a copy of a folder from a computer to another location using Windows Explorer (for you non-techfags, open the Computer icon, find a folder, right click, copy, then go to a different folder and right click, then paste), then you've seen a progress bar while it's copying. There's an associated transfer rate which is also calculated (click the "more details dropdown" to see it). You think Windows just calculates this value simply to display it on the screen for you to see? Don't be so naive. This rate (which fluctuates depending on MANY factors) is included in ~metadata~ that's attached to the files. To understand how they knew the copy was local versus remote is to understand the "tested and documented" maximum transfer rates of different technologies and compare them to the transfer rates embedded in the metadata of the copied files. The transfer rates embedded in the files WERE CONSISTENT with well-known, publicly documented maximum transfer rates of USB2.0 technology (of which many "thumbdrives" are using). USB2's max rate is 480mbps…now take this rate and compare it to standard Internet rates (your Internet speed through your cable provider, for instance…2 years ago, the standard max being offered for residential was roughly 50mbps, BUT that's the download speed…we actually need to compare the UPLOAD speed because the files would have been going from the DNC UP to the remote location). Go to www.speedtest.net and check yours at home. You may be getting (in 2018) maybe 100mbps down, but your UP will be 5, maybe 10…not even close to the 480mbps of USB2. "Oh, but they were at the DNC, so they had MUCH better internet than you can get at home!" Well, not necessarily. But sure…I'll humor you and say the DNC was paying for an OC-3 fiber line…I mean if they're paying 4 Awan siblings $160,000/yr, sure why wouldn't they spring for a $4000/mo data line? Still…an OC-3 line max is 155mbs. The whole point of this is that the metadata of the files indicated transfer speeds far greater than speeds that could've been achieved using "over the internet" transmission (which is what a hacker would've been using), and leaves no doubt that the transfer was done locally, from within the same network, using a device that had speeds consistent with a USB2 device…HARDLY a red herring.

Anonymous ID: 815a60 July 18, 2018, 7:58 a.m. No.2199152   🗄️.is 🔗kun   >>9166

>>2199148

>>>2196604 (pb)

Yes, I HAVE moved, copied, and exported from and Exchange database…one of my hats is an Exchange administrator. To not be as long and drawn out as the last point…let me put this simply. If I were a layman, in 5 minutes I could do a web search for a powershell command that I could run against an Exchange database to export anywhere from 1 to all of the mailboxes in the database…or any number in between, and even specific mailboxes, and have them exported to PST files on my local computer, then plug a thumb drive in and copy the PST files to it. NOT a difficult operation.

 

And just to quickly point out your ignorance of transaction logs (which is probably why you didn't want to open that "whole other can of worms"), transaction logs are like bank receipts. Let's say you bank backs up it's computer system every night. Every "transaction" that is made to your account throughout the next day (debits and credits…think sent and received emails) gets changed in the database as it happens, and the bank tellers make a paper copy of each transaction (and give you a copy…"here's your reciept, ma'am…have a nice day!"), but those transactions haven't been backed up yet because the backup happens at night. Now let's say the bank's computer system crashes at noon. They can restore it from the previous night's backup, then they use the paper copy of the transactions made since that backup was taken to get the database back up to date. THAT's what transaction logs of an Exchange server are used for, you dumb fuck…I WISH you would've gotten into that. I would've created a whole new board for my response.

 

Specialized security software to create logs? Windows does that on it's own, and if you know how to view the logs, it's not difficult. Also, at one of our companies I use a $200 piece of software (PA FileSight…awesome product, check it out) that logs every file interaction by a user and logs it, and the logs are just text files that take up next to no room at all.

 

I'm COMPLETELY sane…and I have audit logging set up.

 

Copying and Exchange database IS actually copying a single file…it's an .edb file, and for purposes of extracting data, that is the only file you would really need (out of the mail system).

 

VSS…look it up. No downtime. But if you ran a few powershell commands, you could export each person's mailbox to a PST all while it's live and no one would be aware of it…unless they reviewed the logs. ;-)

 

Ok, I hope this goes to show that you can't trust everything you read on the Internet. If you can't dazzle them with brilliance…baffle them with bullshit, eh?