Ben Cotton, a forensic auditor helping conduct an audit of 2020 election machines in Arizona’s largest county, Maricopa, said on Thursday that reports claiming he backtracked on allegations that files were deleted from one of the machines are FALSE.
He DID NOT backtrack.
“My testimony on May 19th before the AZ Senate is being taken out of context by some media outlets. To confirm: the ‘Databases’ directory on the EMS Primary Server WAS deleted containing the voting databases. I was able to recover the deleted databases through forensic data recovery processes,” Ben Cotton, founder of CyFIR, said in a statement emailed to The Epoch Times by the audit’s liaison.
Some reports, including articles from the Associated Press (AP) and CNN, alleged auditors had “backtracked” from or “reversed” allegations that files were deleted from a machine.
AP, for instance, claimed that Cotton said, “data was not destroyed, reversing earlier allegations that election officials in the state’s most populated county eliminated evidence.”
CNN claimed that auditors “backtracked” from claims that a key database had been deleted.
They left out Cotton’s testimony because this is what our fake news does.
Cotton said in examining the machine that he discovered a master file table “that clearly indicated that the database directory was deleted from that server.”
-
The Importance of Prayer: How a Christian Gold Company Stands Out by Defending Americans’ Retirement
“Subsequently, I’ve been able to recover all of those deleted files, and I have access to that data,” he said. “I have the information I need from the recovery efforts of the data.”
2/2) I was able to recover the deleted databases through forensic data recovery processes. We are performing data continuity checks to ensure that the recovered databases are usable.
— Maricopa Arizona Audit (@ArizonaAudit) May 19, 2021
Maricopa County states that they did not delete the files and presented some indicators but Cotton says they did delete them. Maricopa is desperate to stop the audit and Cotton hasn’t been caught lying at this point.
If it was a Windows server, those files are not deleted. The header is “removed” so as it appears to be gone. The data will still be there until 1) new data is written over it (but traces may still remain) 2) disk is destroyed or formatted with 1s and 0s several times. You can also recover from a linux disk. Appears they did not know what they were doing. Also, they claimed not to have admin passwords but were able to delete database folders?
Trust me, it takes more than just formatting a mechanical hard disk a few times to completely destroy data. Mechanical disk do not write data in exactly the same place every time so the ghost of old data will remain even after potentially dozens of writes to the disk. Many disk cleaning programs don’t compensate for the heating of the disk in long-term write and rewrite cycles and so leave a lot of ghost information behind. About the only way to completely remove data from magnetic media is to completely remove the oxide layer. Most so called IT people know nothing about the science and mechanics of storing information. In modern server RAID arrays destroying data completely is incredibly hard, even by the best data destruction software. If the Disk is still usable, recoverable data is probably still there! There are ways to hide your data, but those techniques are my secret and generally can’t be used effectively in production environments. In Cloud environments nothing is safe, your data is sprinkled all over the place, multiple times.
That’s what happens when “Political Operatives”, who are normally dumb as Dirt, try to destroy evidence. If you want to destroy computer data, hire a professional, a very, very good professional and not a Script Kiddie working at the local chain store calling himself a “geek”.
“In a time of universal deceit, telling the truth is a revolutionary act.” – George Orwell