The media and the Maricopa County officials are deliberately misleading the public about deleted databases of voter results, according to auditor Ben Cotton. Both the media and County officials continue to claim the voter result databases were not deleted, and the auditors just don’t know what they are doing. They also falsely claim the expert backtracked on saying the files were deleted and he has not.
However, tech forensic expert Ben Cotton reported that the ‘D’ drive of the EMS Primary Server was deleted. His extensive experience in data forensics made it possible for him to recover the deleted files, and that’s the only reason the files were recovered. This is exactly what he said at the Arizona State Senate hearing last week.
We addressed this on the 20th but it needs to be mentioned again as the media and the hysterical county officials blast out lies.
Every day, the loons on the left are either pleading or demanding the audit stop. They are joined with the crazed rantings of hate-monger Liz Cheney.
When asked at the hearing on the 20th if he determined the ‘D’ database was deleted, he responded:
“I did…We follow a very strict forensics acquisition process in which we don’t turn on a system if it’s delivered to us in a powered-off state. We remove the hard drives. We perform forensics imaging with write locks on to prevent any changes to those hard drives. And we produce a bit for bit forensics copy of that drive. In the case of the EMS servers, there were 6 drives. 2 of those drives were for the operating system and they were in what we call a [mirror?] configuration. So if something was changed anywhere on the operating system drive that would automatically be reflected on both drives.”
“The other four drives were data drives and it turns out they were in a raid configuration known as 1 plus zero. So you have a volume that is mirrored but also data redundancy and striped across both drives. Obviously, if I don’t turn on a system I don’t have access to the raid parameters and the county did not provide those to us.”
“So I had to do a discovery process to determine what that raid configuration was. Part of that process is a scan across those drives to detect partitions of data and to also detect a master file table which is a record of all of the directories of the files that are contained in that partition, and a pointer to where that data resides on the hard drive. In the course of performing that discovery, I found that an MFT that clearly indicated that the database directory was deleted from that server.”…
-
The Importance of Prayer: How a Christian Gold Company Stands Out by Defending Americans’ Retirement
“All of this may be moot because subsequently I have been able to recover all the deleted files and I have access to that data.”
https://www.youtube.com/watch?v=jrz5lht2Ofc
The hearing:
wpDiscuz
