The Guccifer 2.0 NGP/VAN Metadata Analysis report was released over one month ago. During that time period, there has been extensive reader feedback via posted comments and media coverage from various venues. Responding to the reader feedback was time intensive and a more thorough response was needed. To address those issues, The Forensicator has published three blog posts:
Some reviewers have questioned the following conclusion in the Guccifer 2.0 NGP/VAN Metadata Analysis study.
Conclusion 7. A transfer rate of 23 MB/s is estimated for this initial file collection operation. This transfer rate can be achieved when files are copied over a LAN, but this rate is too fast to support the hypothesis that the DNC data was initially copied over the Internet (esp. to Romania).
Below, performance data is tabulated that demonstrate that transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance. Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when writing a USB-2 flash device (thumb drive).
Thanks go out to Elizabeth Vos at Disobedient Media who was the first to report on this analysis; her article can be read here. Thanks also to Adam Carter who maintains the g-2.space web site — the one stop shop for information that relates to Guccifer 2.0. You can reach Elizabeth and Adam on Twitter.
Some reviewers have questioned the claim stated in the Guccifer 2.0 NGP/VAN Metadata Analysis report that the .rar files analyzed in that study recorded file times in local (relative) time. In short, newer implementations of WinRAR use the “version 5” format and in that format times are recorded as UTC times. However, the .rar files analyzed in this study use the older version 4 format which records times in “local” (relative) format.
UPDATE (2017-08-02): This blog entry has been updated with additional information which documents actual transfer rates seen when targeting both a close US host and another domestic US host located on the opposite coast. The effect of using a VPN is also shown.
The bottom line is that the rate drops dramatically when packets have to transit large distances (even without factoring in the use of a VPN, or going trans Atlantic) – the transfer speeds dropped from 14 MB/s to 2MB/s.
Detailed test results are documented in the blog entry, The Need for Speed.
Some reviewers have asked about the use of “MB/s” as a measure of transfer speed. In the Guccifer 2.0 NGP/VAN Metadata Analysis report. “MB/s” refers to Mega Bytes per second where “Mega” is one million (1,000,000). Some reviewers have confused this notation with “Mb/s”, or mega bits per second often quoted by ISP’s. Those two measures of transfer can be confused with each other, and there are articles on the Internet that discuss this topic, for example here and here.
A study has been added which analyzes the file metadata in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2 persona. The analysis is here: Guccifer 2.0 NGP/VAN Metadata Analysis.