This blog entry is a place holder for reader comments. Please access the main article via this link . Comments will be open for the next couple of weeks. Off topic and off color comments will be silently ignored.
In this report, we analyze the time zone offset that was likely in force when Guccifer 2’s first five (5) Word documents were written. We also look at the time of day pattern of the “last modified” times for the 25/so documents that Guccifer 2 modified and then uploaded to his blog site.
Finally, we look at one particular Word document that Guccifer 2 uploaded, which had “track changes” enabled. From the tracking metadata we deduce the time zone offset in effect when Guccifer 2 made that change — we reach a surprising conclusion: The document was likely saved by Guccifer 2 on the West Coast, US.
The Forensicator 
If I understand your various reports correctly there is evidence that Guccifer 2 operated in the Eastern, Central, and Pacific time zones of the U.S. Realizing that you are reluctant to speculate, does anyone have a plausible scenario that would account for this? What can be inferred from this individual (or group?) doing these file acquisitions and modifications all over the country?
LikeLike
does anyone have a plausible scenario that would account for this? What can be inferred from this individual (or group?) doing these file acquisitions and modifications all over the country?
Not that I’m aware of. As a caveat, my research has mainly focused on deriving clues from available metadata. Like any clues/evidence, some will pan out, some will be false leads. Also, as many have pointed out, any analysis involving time stamps is largely circumstantial. Basically, we probably don’t have enough evidence or resources to build a full picture.
Changing topics, the first report in this recent series, Did Guccifer 2 Plant his Russian Fingerprints? is key in that it is fact-based and doesn’t rely on timestamp analysis in a significant way. It strongly suggests that G2 is highly skilled and knowledgeable in forensics. A lot of thought, skill, and planning went into engineering Guccifer 2’s version of the Trump opposition report – to both ensure that it had “Russian fingerprints” (Cyrillic error messages) embedded within it and that the document would then display those “Russian fingerprints” when viewed by journalists. That observation adds a degree of legitimacy to the idea that the other more circumstantial clues can be pieced together meaningfully to build a better picture of G2 as an organized influence operation.
LikeLike
“my research has mainly focused on deriving clues from available metadata.”
Yeah, I understand, my question was more wondering aloud. Assuming G2 was indeed physically present in three different U.S. time zones I’m curious as to the inferences that people would draw from that.
“the first report in this recent series … strongly suggests that G2 is highly skilled and knowledgeable in forensics.”
If I could repeat a comment I made there, seems as though if the fingerprints were an accident then someone ought to be able to reproduce that accident.
LikeLike
Yeah, I understand, my question was more wondering aloud. Assuming G2 was indeed physically present in three different U.S. time zones I’m curious as to the inferences that people would draw from that.
Given the above, it seems reasonable that G2 might be a team of various individuals or sub-teams. One sub-team might have a tech focus. Another might handle social media and operations, etc. That’s all speculation, however.
If I could repeat a comment I made there, seems as though if the fingerprints were an accident then someone ought to be able to reproduce that accident.
Considering the complexity of construction, that would be quite a trick. I agree with your basic thesis, though. Apart from construction, we have the matter of finding the Trump opposition report in the first place, as the only relevant document in over 2000 Word (.docx) documents to choose from in the Podesta emails – that triggered the bug in Word 2007 which led to the embedded Cyrillic error messages (“Russian fingerprints”). That’s a tall order, when we consider that G2 did everything within 24 hours after the DNC’s announcement that Russian hackers had ex-filtrated the DNC’s Trump opposition research.
LikeLike