Hunter Biden Laptop Question

[wguy123]

I’ve been involved in two criminal investigations involving computers and we had to document exactly what was done with the computers and storage and one of the first steps was to clone the storage drive using a special piece of equipment (I cannot remember what it was called) in a data forensics lab and all analysis was done on that clone, not on the original. And this was a fairly small city police agency.

Hunter’s laptop story is a steaming pile of shit that Rudy and company have stepped in and tracked all over the carpet.

[Skywatcher]

wguy123:

Hunter’s laptop story is a steaming pile of shit that Rudy and company have stepped in and tracked all over the carpet.

Somehow managed to get it on the walls & ceiling as well.

[simster]

Skywatcher:

Somehow managed to get it on the walls & ceiling as well.

That’s what happens when the shit hits the fan…

[SunUp]

DrDeth:

CurtC:

I have my own theory that it really is Hunter’s laptop data, but it didn’t come by way of Hunter leaving it with that shady repair shop. Rudy Giuliani was given the data by the Russians in Ukraine, and they had stolen the data while Hunter was in Ukraine. Rudy’s team arranged the bogus Connecticut repair shop as a way of laundering the source.

I want to subscribe to your newsletter.

Hmmm. An evil maid attack could have gotten the data, and it wouldn’t even have to be his laptop - you could get everything from a Time Machine backup, if you could access it. If the FBI has the laptop, as has been reported, they might be able to access the serial number and verify with Apple the first person it was sold to, and perhaps trace that to or through Hunter Biden.

Judging by the WaPo article, it’s a good bet that most of the data on there is from Hunter Biden - it’s pretty much impossible to create gigabytes of data, including photos and thousands of emails, and make it all internally self-consistent and consistent with data kept places other than the laptop.

However, chain of custody is the real issue. As wguy123 says:

wguy123:

one of the first steps was to clone the storage drive using a special piece of equipment (I cannot remember what it was called) in a data forensics lab and all analysis was done on that clone, not on the original.

Since it appears the disk image has been mucked around with - the WaPo story talks about several directories created with date stamps since the supposed drop-off - any chain of custody has enough broken links to have no forensic value whatsoever. You literally have no assurance that any particular data on that drive was generated by Hunter Biden, because there is no solid chain of custody back to when it was known (or even suspected) to be in Hunter Biden’s possession. The story’s a success for generating breathless stories on Fox News, OANN and Townhall, and they’ll no doubt froth at the mouth some more when the FBI says the data is useless or a judge throws it out in the pretrial phase, but there’s no way it’s admissible.

Oooh, I just thought - for an evil maid variant, you could get the same model laptop and pull a switch on ol’ Hunter - the only way you could tell, assuming a perfectly cloned drive, is from the model’s serial number. Then the laptop that goes to the repair shop can be traced to Hunter Biden, but it wasn’t him that turned it in…

OK, sounds like a movie plot crossed with a conspiracy theory. But it could be done!

Oh, and the repair shop guy said he kept trying to get the data off the drive using the laptop itself, and it kept rebooting. I think that, given the evidence of liquid damage inside the laptop case, it would have been better to try to get the data off the disk by pulling it out of the laptop and trying to mount it from another computer using an external USB adapter. All of which is to say, I think that repair shop guy is either incompetent or hiding something.

[Robot_Arm]

SunUp:

Oh, and the repair shop guy said he kept trying to get the data off the drive using the laptop itself, and it kept rebooting. I think that, given the evidence of liquid damage inside the laptop case, it would have been better to try to get the data off the disk by pulling it out of the laptop and trying to mount it from another computer using an external USB adapter. All of which is to say, I think that repair shop guy is either incompetent or hiding something.

If I took my broken laptop to a repair guy, I’d want him trying to repair the laptop, not to looking for the best way to copy the data and give it to someone else.

[k9bfriender]

Often the best “repair” is to get the data off the laptop so that it can be used in a new device.

The giving it to someone else part is of course, the problem here.

[smithsb]

In a recap; the laptop was supposedly abandoned in a repair shop. Owned by a nearly blind Trump supporter. Who disappeared for a while after the “discovery”. No reputable news source [gasp, not even Faux News] would touch the “story”. Finally the NY Post rag [another Rupert Murdoch anal fissure] published a story by two writers; one of whom didn’t know she had been named and the other claimed not to have done it. NOW Faux News was on it; no, not the actual story, but that the Post had reported a story. Slime all the way down.

[DavidNRockies]

smithsb:

Owned by a nearly blind Trump supporter.

Is there another kind ?

[Robot_Arm]

Sure, if my laptop couldn’t be repaired I’d get a new one and salvage what data I could from the old one. I’m just saying that powering up the old laptop doesn’t indicate incompetence, unless you assume his first priority was to steal the data.

[SunUp]

My point is that the claimed job was data recovery, and the data was on the drive, which could be taken out of the laptop. If the laptop is showing itself to be unreliable (liquid damage inside the case is not a good sign of reliability), you really don’t want to recover the data using it - just get the drive out of it and put it into another machine or a USB enclosure that you could then use to recover what data you could, using a different computer.

[simster]

And data recovery does not require the recover-er to review the data - they simply say - yeah, looks like we were able to recover X amount of data.

[74westy]

filmore:

With regards to the dates of the files and directories on the disk, that can be totally faked. The fact that the dates are after the story was released is just because whoever made the directories was a novice.

Aha! If the dates of the directories could be faked, then Biden could have created them before taking the laptop to the shop specifically to make it look like it had been tampered with afterward, right? Just like Obama’s mother had the foresight to put a birth announcement in a Hawai’ian paper to make it look like he was born in the US.

[k9bfriender]

I’ve heard stories of people being busted for having illegal content on their computers and it being found when they brought them in to be repaired.

A quick google finds quite a number of those stories, in fact.

[simster]

Right - but its not required by the person doing the recovery to review the data itself (unless specifically called out for by either party.).

[k9bfriender]

So these people are just snooping on other people’s computers on their own time?

I mean, on the one hand, it catches child pornographers, which is good. OTOH, it seems it gives license for them to snoop about in people’s computers looking for anything salacious.

[E-DUB]

That’s essentially it. If you’ve got anything on your computer, the techies (may) see it. If it’s illegal stuff, they’ll say that seeing it was inadvertent. If it’s legal, drag and drop time.

[simster]

k9bfriender:

So these people are just snooping on other people’s computers on their own time?

That is my estimation yes - I can run tools to ‘recover’ or ‘copy’ a drive and I never have to review the actual data (other than common directory/disk tools) to be able to say that ‘x number of files were recovered’.

k9bfriender:

I mean, on the one hand, it catches child pornographers, which is good. OTOH, it seems it gives license for them to snoop about in people’s computers looking for anything salacious.

I’m fine with it catching criminals, especially the type being discussed - but since the people doing the job are not cops and have no ‘reasonable suspicion’ to go snooping, I feel most of these cases are violating people’s privacy for shits/giggles. Its a fine line to be sure if the material is ‘in your face’ (in a ‘salacious items’ folder!) another if you have to go digging for it.

And as stated - there is a real issue for ‘chain of custody’ in these cases.

[wguy123]

SunUp:

My point is that the claimed job was data recovery, and the data was on the drive, which could be taken out of the laptop.

I have no idea what the laptop was, but some come with data storage that you cannot remove (modern Apple laptops, MS Surface, etc). For those, you’d have to boot the system to get at the data, either directly or through something like Target Mode on an Apple.

[Senegoid]

wguy123:

I have no idea what the laptop was, but some come with data storage that you cannot remove (modern Apple laptops, MS Surface, etc).

Just one more reason why I would NEVER want to buy another Apple laptop (of which, to date, I have already bought exactly zero). But I have two hand-me-down Apple laptops, and there is just too much not to like about them and the company that made them.

[Senegoid]

Note something about reviewing the data, though: If data is corrupted, it may be necessary to do a detailed deep dive into the bits and bytes to patch something here or there, to fix it.

I’ve done a fair share of this. I’ve used low-level disk utilities to fix corrupted directories and files. I’ve examined dBase files with hex-editors to find and patch corrupted data in several different ways. Sometimes you just need to get down in the weeds.