Peak (38 MB/s) Transfer Speed

Peak (38 MB/s) Transfer Speed

In response to discussions regarding the max transfer speed of 22.6 MB/s cited in  Guccifer 2.0 NGP/VAN Metadata Analysis, the Forensicator went back and took another look at the metadata and found strong evidence of peak transfer rates of approximately 38 MB/s.   Although this higher peak transfer speed might not completely refute the counter-claims made by various critics (regarding transfer speeds that can be achieved over the Internet), it certainly raises the bar. Continue reading “Peak (38 MB/s) Transfer Speed”

If you find yourself in a hole, stop digging

If you find yourself in a hole, stop digging

The Guccifer 2.0 NGP/VAN Metadata Analysis report was released over one month ago.  During that time period, there has been extensive reader feedback via posted comments and media coverage from various venues.  Responding to the reader feedback was time intensive and a more thorough response was needed.  To address those issues, The Forensicator has published three blog posts:

Continue reading “If you find yourself in a hole, stop digging”

The Need for Speed

The Need for Speed

Some reviewers have questioned the following conclusion in the Guccifer 2.0 NGP/VAN Metadata Analysis study.

Conclusion 7. A transfer rate of 23 MB/s is estimated for this initial file collection operation.  This transfer rate can be achieved when files are copied over a LAN, but this rate is too fast to support the hypothesis that the DNC data was initially copied over the Internet (esp. to Romania).

Below, performance data is tabulated that demonstrate that transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance.  Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when writing a USB-2 flash device (thumb drive).

Continue reading “The Need for Speed”

RAR Times: Local or UTC?

Some reviewers have questioned the claim stated in the Guccifer 2.0 NGP/VAN Metadata Analysis report that the .rar files analyzed in that study recorded file times in local (relative) time.  In short, newer implementations of WinRAR use the “version 5” format and in that format times are recorded as UTC times.  However, the .rar files analyzed in this study use the older version 4 format which records times in “local” (relative) format.

Continue reading “RAR Times: Local or UTC?”

MB: Mega Bytes or Mega Bits?

UPDATE (2017-08-02): This blog entry has been updated with additional information which documents actual transfer rates seen when targeting both a close US host and another domestic US host located on the opposite coast.  The effect of using a VPN is also shown.

The bottom line is that the rate drops dramatically when packets have to transit large distances (even without factoring in the use of a VPN, or going trans Atlantic) – the transfer speeds dropped from 14 MB/s to 2MB/s.

Detailed test results are documented in the blog entry,  The Need for Speed.

Some reviewers have asked about the use of “MB/s” as a measure of transfer speed.  In the Guccifer 2.0 NGP/VAN Metadata Analysis report.  “MB/s” refers to Mega Bytes per second where “Mega” is one million (1,000,000).  Some reviewers have confused this notation with “Mb/s”, or mega bits per second often quoted by ISP’s.   Those two measures of transfer can be confused with each other, and there are articles on the Internet that discuss this topic, for example here and here.

Continue reading “MB: Mega Bytes or Mega Bits?”