- Nov 5, 2011
- 5,855
BleachBit creator, ex-FBI experts question 'loss' of Peter Strzok texts
washingtonexaminer.com: BleachBit creator, ex-FBI experts question 'loss' of Peter Strzok texts
by Steven Nelson | Jan 22, 2018, 6:59 PM
Computer forensics experts are questioning the supposed loss of five months of text messages between two FBI officials who privately disparaged President Trump before helping investigate his campaign’s possible links to Russia.
Some experts say the messages, sent during a turbulent period between Dec. 14, 2016, to May 17, 2017, may not be gone forever.
The missing messages between Peter Strzok, a senior FBI official, and alleged mistress Lisa Page immediately precede special counsel Robert Mueller’s May 17 appointment to investigate Russia's role in the 2016 election. Strzok was taken off Mueller’s team in August after discovery of his messages with Page, who previously left Mueller’s team.
“The loss of these text messages is an unbelievable coincidence – literally,” a House Intelligence Committee source told the Washington Examiner.
A one-paragraph official explanation offers little clarity on what happened, and the FBI declined to comment on the physical whereabouts of the couple's government-issued Samsung Galaxy S5 devices or whether additional forensic recovery steps are being taken.
Some experts say, however, that it may be possible to recover the missing communications.
“A sharp digital forensic expert may still be able to recover them,” said Andrew Ziem, creator of BleachBit, the software that Hillary Clinton subordinates used to clear information from her private server. “In general whenever any software deletes any information, traces are left on the storage device, though they become disorganized like the proverbial needle in the haystack.”
Ziem said that “success requires physical access to at least one of the unlocked devices, and it depends whether the messages were accidentally or intentionally erased, as well as other factors. As the device is used over time, the chances of accidental overwriting become more likely, and because so much time has passed since the critical period in the Strzok-Page case, success is not likely. On the other hand, individual text messages are small, so maybe a few survived.”
Investigators “may be able to recover deleted text messages from the cellphones used by the parties,” agreed Dennis Williams, a partner at Pathway Forensics LLC who worked three decades with the FBI, including as director of the Greater Houston Regional Computer Forensics Laboratory.
Don Vilfer, a former supervisory special agent at the FBI who leads the computer forensics division at VAND Group LLC, said “we often find the messages in other locations such as on a local computer drive as a backup or on cloud storage.”
“If the users were using the Google cloud as a backup, messages could be found there. If the phone had been synced with the FBI desktop computer, or even a home computer, the messages could also be located on those devices. If the old phones are available, forensic exams of those phones could also recover the messages,” Vilfer said. “The particular FBI employees of interest in this case had texted that they would be using an alternative messaging system, iMessage. This is on the Apple platform and would come with similar sources of possible backups—iCloud, their personal iPhone or Macs etc. I suspect that is where some real meat might be as it relates to their discussions.”
Vilfer said “having worked in the FBI, I know it is like any other organization where things don’t always get done the way they are supposed to, but people are not above trying to hide information either. I would want to know how this upgrade took place and what processes were followed or in what instances not followed.”
Strzok and Page denounced Trump during 2016. Some messages have been released, including Strzok calling Trump an “utter idiot” and discussing an “insurance policy” related to the election. In addition to his role investigating Trump, Strzok reportedly took a lead role investigating Clinton’s use of a private email server, softening language in a statement that found Clinton mishandled classified information but should not be prosecuted.
Trump has cited the exchanges as evidence of bias against him, but some Democrats argue the couple has a right to private political viewpoints.
The missing text messages were revealed by Sen. Ron Johnson, R-Wis., who excerpted a Jan. 19 message from Stephen Boyd, assistant attorney general for legislative affairs, in which Boyd told Johnson about the issue.
“[M]any FBI-provided Samsung 5 mobile devices did not capture or store text messages due to misconfiguration issues related to rollouts, provisioning, and software upgrades the conflicted with the FBI’s collection capabilities,” Boyd wrote to Johnson, as quoted by the senator in a response letter. “The result was that data that should have been automatically collected and retained for long-term storage and retrieval was not collected.”
Experts cautioned that very little has been made public about the issues the FBI reportedly had recovering the messages, but point out that very short retention periods by cellphone carriers makes it unlikely that service providers would have the communications.
Among the top recommendations are finding the actual devices and ensuring that their full contents are analyzed, as well as searching for copies backed up elsewhere. Some experts say the missing messages may be lurking in plain sight.
Matthew Green, a computer science professor at Johns Hopkins University, said it’s possible the messages could be in an overlooked database file, even if there was a backup configuration issue.
“These messages are usually stored in a ‘lightweight’ database on the phone. That database sometimes keeps all of its data in a single file on the phone’s drive,” he said. “Sometimes bad database implementations can hold onto deleted records just because it’s hard to reorganize the whole file. But overall it’s pretty unlikely.”
Trent Leavitt, a Utah-based expert ...
...read MORE on the website...
washingtonexaminer.com: BleachBit creator, ex-FBI experts question 'loss' of Peter Strzok texts
by Steven Nelson | Jan 22, 2018, 6:59 PM
Computer forensics experts are questioning the supposed loss of five months of text messages between two FBI officials who privately disparaged President Trump before helping investigate his campaign’s possible links to Russia.
Some experts say the messages, sent during a turbulent period between Dec. 14, 2016, to May 17, 2017, may not be gone forever.
The missing messages between Peter Strzok, a senior FBI official, and alleged mistress Lisa Page immediately precede special counsel Robert Mueller’s May 17 appointment to investigate Russia's role in the 2016 election. Strzok was taken off Mueller’s team in August after discovery of his messages with Page, who previously left Mueller’s team.
“The loss of these text messages is an unbelievable coincidence – literally,” a House Intelligence Committee source told the Washington Examiner.
A one-paragraph official explanation offers little clarity on what happened, and the FBI declined to comment on the physical whereabouts of the couple's government-issued Samsung Galaxy S5 devices or whether additional forensic recovery steps are being taken.
Some experts say, however, that it may be possible to recover the missing communications.
“A sharp digital forensic expert may still be able to recover them,” said Andrew Ziem, creator of BleachBit, the software that Hillary Clinton subordinates used to clear information from her private server. “In general whenever any software deletes any information, traces are left on the storage device, though they become disorganized like the proverbial needle in the haystack.”
Ziem said that “success requires physical access to at least one of the unlocked devices, and it depends whether the messages were accidentally or intentionally erased, as well as other factors. As the device is used over time, the chances of accidental overwriting become more likely, and because so much time has passed since the critical period in the Strzok-Page case, success is not likely. On the other hand, individual text messages are small, so maybe a few survived.”
Investigators “may be able to recover deleted text messages from the cellphones used by the parties,” agreed Dennis Williams, a partner at Pathway Forensics LLC who worked three decades with the FBI, including as director of the Greater Houston Regional Computer Forensics Laboratory.
Don Vilfer, a former supervisory special agent at the FBI who leads the computer forensics division at VAND Group LLC, said “we often find the messages in other locations such as on a local computer drive as a backup or on cloud storage.”
“If the users were using the Google cloud as a backup, messages could be found there. If the phone had been synced with the FBI desktop computer, or even a home computer, the messages could also be located on those devices. If the old phones are available, forensic exams of those phones could also recover the messages,” Vilfer said. “The particular FBI employees of interest in this case had texted that they would be using an alternative messaging system, iMessage. This is on the Apple platform and would come with similar sources of possible backups—iCloud, their personal iPhone or Macs etc. I suspect that is where some real meat might be as it relates to their discussions.”
Vilfer said “having worked in the FBI, I know it is like any other organization where things don’t always get done the way they are supposed to, but people are not above trying to hide information either. I would want to know how this upgrade took place and what processes were followed or in what instances not followed.”
Strzok and Page denounced Trump during 2016. Some messages have been released, including Strzok calling Trump an “utter idiot” and discussing an “insurance policy” related to the election. In addition to his role investigating Trump, Strzok reportedly took a lead role investigating Clinton’s use of a private email server, softening language in a statement that found Clinton mishandled classified information but should not be prosecuted.
Trump has cited the exchanges as evidence of bias against him, but some Democrats argue the couple has a right to private political viewpoints.
The missing text messages were revealed by Sen. Ron Johnson, R-Wis., who excerpted a Jan. 19 message from Stephen Boyd, assistant attorney general for legislative affairs, in which Boyd told Johnson about the issue.
“[M]any FBI-provided Samsung 5 mobile devices did not capture or store text messages due to misconfiguration issues related to rollouts, provisioning, and software upgrades the conflicted with the FBI’s collection capabilities,” Boyd wrote to Johnson, as quoted by the senator in a response letter. “The result was that data that should have been automatically collected and retained for long-term storage and retrieval was not collected.”
Experts cautioned that very little has been made public about the issues the FBI reportedly had recovering the messages, but point out that very short retention periods by cellphone carriers makes it unlikely that service providers would have the communications.
Among the top recommendations are finding the actual devices and ensuring that their full contents are analyzed, as well as searching for copies backed up elsewhere. Some experts say the missing messages may be lurking in plain sight.
Matthew Green, a computer science professor at Johns Hopkins University, said it’s possible the messages could be in an overlooked database file, even if there was a backup configuration issue.
“These messages are usually stored in a ‘lightweight’ database on the phone. That database sometimes keeps all of its data in a single file on the phone’s drive,” he said. “Sometimes bad database implementations can hold onto deleted records just because it’s hard to reorganize the whole file. But overall it’s pretty unlikely.”
Trent Leavitt, a Utah-based expert ...
...read MORE on the website...
