I’d prefer to discuss technical capability, not culpability, in this thread.
The infamous stolen VA laptop has been recovered.
The Feds were quick to announce
Now, although not a technical person myself, I can believe that computer experts could tell if the database had been accessed, probably because it logs views.
But the Feds went further in claims that no damage had been done:
If the whole hard drive was just “imaged”, like the IT staff do to my work computer whenever they need to make changes and want a backup copy, would forensic analysis be able to tell? would “imaging” require opening the database files (and presumably logging a view) at all? What about plain old copying?
Is the implication that analysts can tell if the data is totally secure, after beintg outside the “chain of custody” for as long as this laptop has been missing, a valid assertion? Technically feasible?