Stephen McIntyre recently noted some interesting characteristics of a 7zip archive that Guccifer 2 published back in October, 2016. McIntyre refers to the publication of a large collection of documents and data by a persona known as Guccifer 2.0, which was announced on their blog on October 4, 2016.
Building on McIntyre’s work, The Forensicator analyzes metadata for the files in Guccifer 2.0’s “Clinton Foundation” file dump (cf.7z), dated July 5, 2016 – which shared the same date as those in the NGP/VAN files previously analyzed by the Forensicator in Guccifer 2.0 NGP/VAN Metadata Analysis.
The CF file metadata analysis can be found here: Guccifer 2.0 CF Files Metadata Analysis.
Comments on that analysis can be left here; comments will close on October 3.
The Forensicator 
You might want to double-check your reference to West Coast readers needing to add +4 hours. Did you mean that they should subtract two hours?
LikeLike
You might want to double-check your reference to West Coast readers needing to add +4 hours. Did you mean that they should subtract two hours?
If you’re on the West Coast and open up the cf.7z 7zip file, then find the files dated 2016-07-05 you will see times like 14:39:20. We need to add 4 hours to that value to adjust it to fall into the same Eastern time range as the NGP/VAN files. The NGP/VAN files are in the approximate 6:30 PM, July 5, 2016 EDT time period.
The idea here is to adjust the times so that they appear as they would in Eastern time. That way when file lists are built and the last mod times are queried the West Coast researchers don’t have to keep making the adjustment as they proceed through their analysis.
LikeLike
hi, after the map there is a timestamp ending with “123”; does that mean 123/1000 ?
thank you.
LikeLike
after the map there is a timestamp ending with “123”; does that mean 123/1000?
Yes, it is just trying to show that there are fractions of a second. Will add a clarification. Thanks.
Technically, it should probably read .1234567, because NTFS time stamps have 0.1 microsecond resolution, but that clutters up the diagram.
LikeLike