A study has been added which analyzes the file metadata in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2 persona. The analysis is here: Guccifer 2.0 NGP/VAN Metadata Analysis.
Hat Tip
Thanks go out to Elizabeth Vos at Disobedient Media who was the first to report on this analysis; her article can be read here. Thanks also to Adam Carter who maintains the g-2.space web site — the one stop shop for information that relates to Guccifer 2.0. You can reach Elizabeth and Adam on Twitter.
RAR Times: Local or UTC?
Some reviewers have questioned the claim stated in the Guccifer 2.0 NGP/VAN Metadata Analysis report that the .rar files analyzed in that study recorded file times in local (relative) time. In short, newer implementations of WinRAR use the “version 5” format and in that format times are recorded as UTC times. However, the .rar files analyzed in this study use the older version 4 format which records times in “local” (relative) format.
MB: Mega Bytes or Mega Bits?
Some reviewers have asked about the use of “MB/s” as a measure of transfer speed. In the Guccifer 2.0 NGP/VAN Metadata Analysis report. “MB/s” refers to Mega Bytes per second where “Mega” is one million (1,000,000). Some reviewers have confused this notation with “Mb/s”, or mega bits per second often quoted by ISP’s. Those two measures of transfer can be confused with each other, and there are articles on the Internet that discuss this topic, for example here and here.
