Thursday, July 02, 2009

For the techies

I made contact with Christopher Reade to get some technical information on what was actually done to retrieve Nagin's emails....my email and his reponse:

In regards to the backup tapes that were supposed to be created for all of city Hall emails:

1. Were the tapes actually created.

2. If so, I am assuming that Nagin's email account was deleted before the backups were generated....is this correct? Or were the tapes themselves tampered with?

Also

Who is the ISP responsible for the city's email transmissions? Is it CIBER and were the servers set up to archive all email transmissions or not?

Also...did you attempt to actually recover data off of erased drives on both Nagin's computer and the email servers or just one or the other?

Lastly, were the drives O'd in order to overwrite the blocks?


They used to have two-week rolling tapes. In February they switched to an off-site and more robust on-site procedure. The tapes I was given access to were from February of this year. I had no access to tapes before then.


2. Tapes weren’t tampered with – just no data from the past.

ISP – not sure. I suspect they have more than one. The servers only started archiving off-site in February as I understand it.


I was only given access to the two mail servers for the mayorofno.com domain so I have no idea what is on his or any other employee’s PCs. He said today that “all” of his e-mail was recovered from his “personal computer” so perhaps they found an old OST file on it.


Not sure if the server drive was “shredded” but we should know soon…

Thanks

Chris

8 comments:

matter said...

Several possibilities here. The most obvious one is that Nagin's email account was set to download the email from the server, then delete it from the server. This is a common setting for email clients, which you use to avoid going over quota. (If you go over quota, your incoming emails start bouncing back to the sender.)

Now one fly in this scenario is that Nagin uses a Blackberry, which has limited (if any?) local storage. So if I was Nagin, and I wanted to maintain maximum email privacy, I would do something like this: set my incoming mayorofno.com emails to forward to an outside computer, say, at my house, then have the Blackberry notified. So he would keep everything off site, and since incoming emails would be deleted from the server almost immediately, they probably would (almost) never be caught by the backup script.

Other possibilities are that there were more than two servers; that the drives were changed out; and any number of other scenarios. Since it appears Reade and that LTC clown Mark Lewis only got partial access, it would have been easy enough to game them.

Anonymous said...

LTC says he had a 22gb mailbox so there was no quotas. He's not using pop3 mail in the office, he would not be able to share calender and contacs etc, he was using the Exchange (mapi).

Someone deleted his mailbox.

Anonymous said...

>>In regards to the backup tapes that were supposed to be created for all of City Hall emails: 1. Were the tapes actually created. >They used to have two-week rolling tapes. In February they switched to an off-site and more robust on-site procedure. The tapes I was given access to were from February of this year. I had no access to tapes before then.<

>2. Tapes weren’t tampered with – just no data from the past.<

--- Ok, question: what if the email server was directed to another server (or replicated/mirrored/copied, whatever) to another server at the IT annex offices across the street? Consider who created the mayorofno.com add in 2002, because that person may have worked for Meffert, and if so maybe they set it up across the street not at City Hall, or maybe parallel to it. They had some cross-pollination of work duties there for a bit, didn't they? In other words if the mayorofno domain and server was set up by someone maybe that someone (or whoever he/she was working for) never lost access.

--- Also on the backup tapes,
you have to think about what was happening in February - 2/2/09 was Washington's followup records request email to the CNO & PMF, 2/5/09 was the transparency ordinance, 2/6/09 was Tionne Simon's records request, 2/16/09 was Nagin's veto, 2/18 was a public hearing, 2/19 PMF forwards Washington's records request to the City Council, and etc., etc., etc. with the wrangling on the transparency ordinance and Arnie finally shuts it down after Mardi Gras about 2/26/09. - Really incredible timing on the backup tape procedure changeover there.

--- Another thing to think about in changing backup tape procedure is that the old tapes can be copied over (no?) and whereas before there was a date-back of maybe 6 months from whenever the last set of tapes existed (a year? how long?) it starts all over again and a new time period can be established (so what is it? 3 months to December 2008? How far back do the tapes go? Did "two weeks rolling" mean they backed up for two weeks at a time and that's *it? If so, if that's what you mean, that's a procedure for someone trying to hide data in the first place.). In any event, that's maybe another convenient reason for changing tapes procedure (or maybe this relates to having the old two week spread procedure in the first place), they copy over the old tapes. Anyhow, choosing the "right" procedure means gaining the desired effect without having to "tamper" in the first place.

--- Finally, the CNO was supposed to be replicating to some other server somewhere else (usually some other city in a safe dry place inland far far away) right? That would have been necessary or advisable after Katrina. So did anyone check on *that?

>Also...did you attempt to actually recover data off of erased drives on both Nagin's computer and the email servers or just one or the other?< >I was only given access to the two mail servers for the mayorofno.com domain so I have no idea what is on his or any other employee’s PCs. He said today that “all” of his e-mail was recovered from his “personal computer” so perhaps they found an old OST file on it.<

--- Just guessing but those were likely either saved msg files, maybe a pst archive, or just whatever interim emails had been sent between the time of the deletion and the time they rechecked, or some combination. - Oh but hey, don't forget about those pesky laptops, thumb drives, discs, home computer....

--- Also, did the mayorofno exchange really require two servers? Wouldn't one do?

Clifford Bryan said...

Recall of Mayor Ray Nagin started by Stacy Head
http://www.examiner.com/x-13590-New-Orleans-Conservative-Examiner~y2009m7d4-Recall-petition-of-New-Orleans-Mayor-Ray-Nagin-started

Anonymous said...

What's going on at city hall!! Highly credible rumors are all over the place that James Carter is resigning from his council seat for some mysterious reason this week or next for what some are classifying as 'personal reasons'. Didn't Ollie resign for 'personal reasons' too?

Jason Brad Berry said...

That rumor appears to be false about Carter

Anonymous said...

Looks like the Carter rumor has been confirmed. They discussed it this morning on the african american radio station in New Orleans and confirmed he was resigning in 2 weeks.

Anonymous said...

Weird.

Weirder.

Really, really, really weird:
http://www.nola.com/news/index.ssf/2009/07/city_tech_vendor_suspects_vand.html

How much weirder does it get around here?